Is Your Password SUPERMAN7RED?
August 07, 2017
Is Your Password SUPERMAN7RED?

At Uncharted Supply Company, we frequently write about personal preparedness in the context of physical safety. And we’ve designed the  Seventy2, along with future products to keep you and your family safe during hundreds of emergency situations. 

But we also want to help educate people on personal preparedness in other aspects of life. Today we want to take a moment to talk about personal preparedness and online security. (Come on, we can't talk about the  Seventy2 everyday!)

ONLY 10 MINUTES TO CRACK YOUR PASSWORD!  

LET'S START WITH SOME SCARY STATISTICS

  1. According to  stopthehacker.com, it takes only 10 minutes to crack a lowercase password that is 6 characters long.
  2. Over 27 million Americans have been victim of identity theft over the past 5 years.  
  3. At least 1 in 10 Americans have already been targeted, and it is estimated that 9 million happened in the last year.

Nearly everything we do online these days requires some sort of registration and password - whether it be adding a new app to your smart phone or using a website.  Think about that... you are giving countless bits of personal information to these companies!

Of course we expect that the website or app has ample security, but what if your password is easy to crack?  Is your password Superman7red?

HACKING TOOLS RUN ON SMART PHONES

This topic is high on my mind since I recently started investing in some cryptocurrencies (bitcoin, etc.) As I did some research on trading platform security, I was surprised to learn how easy it can be to crack passwords.  It is estimated that hackers with the most basic tools can crack up to 90% of all passwords.   These hacking tools are easy to access, and can run on iOS and Android smart phones!

"BRUTE-FORCE" ATTACK TRIES MILLIONS OF COMBINATIONS

One of the most common password cracking techniques is known as a “brute-force” attack, where the hacker sequentially tests a dictionary of words and phrases, with a combination of numbers and characters.  Not surprisingly, many people use common words and phrases along with a personal number to create an “easy to remember” password.  Unfortunately, “easy to remember” also means “easy to crack” when hackers are using these tools.

Hackers have other tools that focus on swapping letters with numbers in common short words (e.g. each “e” with a “3”) or adding a digit between each letter of a common short word.  See a pattern here?  Hackers like passwords with common short words, mostly because too many people use them!  Hackers tear throw these simple passwords in minutes. 

DON'T USE SUPERMAN7RED!

Password safety is a function of length and complexity. The shorter the password, the easier to crack.  Studies show that passwords 6 characters in length can be cracked in matter of minutes nearly 100% of the time.  That is not a very encouraging statistic.  

Another surprise is that even when we think we are creating a complex password, hackers have figured out some common themes - in general, we put capital letters at the beginning, lower-case letters in the middle, and symbols and numbers at the end. Hackers build these themes into their cracking algorithm.

Superman7red - an example of a terrible password. Way too simple, even though it is 12 characters.  

First off, superhero names are too common - every hacker's dictionary will try them. Secondly, adding a single digit won't add any complexity since its solely one number. Finally, grouping a color is another common guess on any hacking algorithm.

FOLLOW THESE RULES TO MAKE A COMPLEX PASSWORD:

  1. Do use a minimum of 12 characters
  2. Do use upper and lower case letters and different characters (~<][{
  3. Do combine misspelled words or foreign words
  4. Do use a memorable phrase with some numbers replacing letters - e.g., E = 3, S = 5, B = 8
  5. Do add a symbol emoticon somewhere in the phrase ;)
  6. Don't use  common words and phrases less than 8 characters
  7. Don't use patterns (e.g., qwerty, xyz, 1357)
  8. Don't use dates
  9. Don't use an obvious association with yourself - birthday, last name, address

WHAT DOES A GOOD PASSWORD LOOK LIKE?  

H8D0r1t0sLuvCh33t0s:p   (HateDoritosLoveCheetos:p)

Cheesy?  Yes.  But safer than Superman7red.

Take a moment to think about your passwords and whether they meet these criteria.  You’ll be taking one step closer to personal preparedness.

Bonus

Here are some password examples that have been successfully cracked by hackers in a recent study - these were deemed to be very easy to crack in a matter of seconds to minutes, using a variety of cracking tools.

123456

1234567

password

letmein

Destiny21 

pizzapizza

p@$$word

123456789j

letmein1!

LETMEin3

:LOL1313le

Coneyisland9/

momof3g8kids

1368555av

n3xtb1gth1ng

qeadzcwrsfxv1331

m27bufford

J21.redskin

Garrett1993*

Oscar+emmy2

k1araj0hns0n

Sh1a-labe0uf

Apr!l221973

Qbesancon321

DG091101>#/p###

@Yourmom69

ilovetofunot

windermere2313

tmdmmj17

BandGeek2014

all of the lights

i hate hackers

allineedislove

iloveyousomuch

Philippians4:13

Philippians4:6-7

gonefishing1125

Double Bonus

Here is a list of the most common passwords from 2016, according to a password management company, Keeper Security.

THE TOP 25 MOST COMMON PASSWORDS OF 2016:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e