Passwords are a basic yet important part of our defence against cyber criminals. Having strong passwords can be the difference between criminals being able to break into our accounts or not. The most common techniques used by cyber criminals is to ‘reverse engineer’ our password hash values. Picture this…
At a very basic level, as an example, when we sign up to a website and provide a login and a password, the password is stored on a server. When we subsequently log in, the password we enter is checked against the password stored on the server and if it matches, we can log in.
As used to be the case, if this password is stored in plain text i.e. readable as the password you have entered, then that causes us security concerns, particularly if this company suffered a data breach. Instead, the password you create is ran through a mathematical algorithm which produces a string of numbers and letters that equals the character make-up of your password – this is called the hash value.
The hash value is stored rather than your plain text password which does give us some security. If criminals manage to download the customer database of the website you have signed up to, they might have your username and the hash value of your password rather than your plain text password.
However, criminals take advantage of us using weak passwords. If for example, our password is Password1, the hash value of this is 2ac9cb7dc02b3c0083eb70898e549b63. A common technique used by criminals is ‘reverse engineering’. This involves criminals using known hash values of words and word combinations to ultimately work out or ‘crack’ what our passwords are. They do this through the use of automated tools which can make thousands of attempts every second to crack a hash value, meaning if your password is weak, it can be cracked in seconds.
The key to this is length and complexity. If we have strong passwords, it will take hundreds, thousands or millions of years for your password to be cracked which provides us with the security required.