How to foolproof your password and avoid being a victim of cybercrime

rpm

Admin
Staff member
Joined
Jul 22, 2003
Messages
66,758
How to foolproof your password and avoid being a victim of cybercrime

A study by researchers from Stellenbosch University found that South African password users often lack security-related knowledge, which results in users who tend to “make up their own rules” regarding passwords.

Some users overestimate their password abilities while others underestimate their vulnerability. Kaspersky Lab reported that at least 20% of South Africans mistakenly believe that their passwords would have no value to cybercriminals and as a result do not take the necessary protective measures.
 
Best use a password generator. Like 1Password, Dashlane, or LastPass.
 
Best use a password generator. Like 1Password, Dashlane, or LastPass.

Yep. I use LastPass. Generates passwords like 0Hr^F!1t9Ze7qJ#2 for each of my sites.

Apparently that would take 12 trillion years to hack, and according to passwordmeter.com it has no flaws.

This site says my password would take 35 sextillion years to hack....
https://howsecureismypassword.net/

And this one says... 100% Very Strong.
http://www.passwordmeter.com/

Doesn't that require a super long password though? Do you remember it manually, or just generate unique 20+ digit passwords with a password manager?
 
It would take a desktop PC about
277 septillion years
to crack your password

with spaces:
378 duodecillion years
 
Last edited:
Do not use letters sequential in the alphabet, sequential numbers or letters, or numbers consecutive on keyboards (such as “12345” or “QWERTY”). Longer passwords are more difficult to guess. When creating passwords, keep the risk associated with the use of that password in mind. Choose even stronger, more complex passwords for high risk purposes, such as for internet banking.
Incorrect. A random string of 20 characters will have sequential characters 50% of the time, whatever your measure of sequential is. So excluding those actually results in a non-random password. Doesn't matter much as it would take 100 billion years to crack anyway. But with that in mind even if it would make it weaker you could safely ignore it.
 
Now that you guys are finished comparing passwords and sizes I would like to ask a question.

Security firm Wolfpack Information Risk estimates that cybercrime costs South Africans between R2.5 billion and R5.8 billion annually.

How do they come to these figures?. I would like to know. Serious question.
 
Incorrect. A random string of 20 characters will have sequential characters 50% of the time, whatever your measure of sequential is.
Perhaps you'd like to substantiate that claim, given the normal password boundaries of letters (upper and lower), numbers, punctuation and "special characters"?

Perhaps with the maths that led you to believe that in a random string of chars, 1 out of every two will have at least one "consecutive" char?
 
It seems one of the most important considerations has not been mentioned, which is to use 2 factor authentication whenever it is available.
 
It seems one of the most important considerations has not been mentioned, which is to use 2 factor authentication whenever it is available.

I only use two multifactor authentication for accounts of particular significance. 99% of the time I'm perfectly happy to just have a unique 15 digit password supplied by LastPass. If it gets hacked I can just change it when notified to, and it won't affect my other accounts.
 
Perhaps you'd like to substantiate that claim, given the normal password boundaries of letters (upper and lower), numbers, punctuation and "special characters"?

Perhaps with the maths that led you to believe that in a random string of chars, 1 out of every two will have at least one "consecutive" char?
26 letters x 2 + 10 = 62
So in a 20 character password a 1 out of 62 chance each character will be consecutive. So closer to 1 out of 3 for a 20 character password. Still pretty close though.
 
I only use two multifactor authentication for accounts of particular significance. 99% of the time I'm perfectly happy to just have a unique 15 digit password supplied by LastPass. If it gets hacked I can just change it when notified to, and it won't affect my other accounts.

Agreed - mostly it is only available to accounts of significance anyway (like Google, your bank, Dropbox).
 
Back
Top