Deloitte’s prediction: In 2013 more than 90 percent of user-generated passwords will become easy for hackers to hack within a few seconds, including those which are considered strong by IT departments.
By now, you all must be aware of Deloitte’s this latest prediction, which states that how our all password protected data has become vulnerable to hacking. The prediction can be supported by the fact that about 250,000 user passwords of Twitter have been hacked just recently. However, the question that comes to mind is that how is this possible?
Earlier a password with at least eight characters, including mixed-case letters, at least one number, and one non-alphanumeric symbol was considered by strong by IT departments. However, with fast changing technology and related human behavior, this “strong” password has now become quite vulnerable to hacking.
It is not that hackers go to a login page and start guessing the password. They have actually started knowing the general human behavior. Firstly, it is difficult for most humans to remember an eight-letter password. Moreover, adding letters and other odd symbols makes the task of remembering even more difficult. So, users often create passwords that relate to their language and experience. Also, it has been observed that out of 32 different symbols that a keyboard has, users mainly use 6 in their password as they feel trouble distinguishing between many of them.
Now, coming to the technology part, it is important to know that there have been many advances in hardware to hack passwords in the recent years. Also, ‘crowd-hacking’ has now made it easy for hackers to hack the passwords much speedily and easily.
How Can The Risk Of Password Hacking Be Avoided?
- Adopting Stronger Passwords: By strong password, it is meant that a user should create a long password with a minimum of 10 characters using both upper and lower case. However, many users avoid doing it as it takes longer to enter passwords on mobile devices. While an average user takes around 4 to 5 seconds to enter a 10 character password on a computer, he/she takes to 7 to 10 seconds to enter password on a smartphone that has a keyboard and 7 to 30 seconds on a touchscreen phone.
- Storing Usernames and Passwords in Encoded Form: In order to be safe from the web of hacking, you should always store your usernames and passwords in coded form. If not this, passwords should be at least cryptographically hashed so that hackers are restricted to only dictionary attacks.
- Making User Authentication Stronger: It is an idea, which is more reliable and is looked upon by many. Instead of needing only an account name and password to gain access, multiple identification factors should be introduced, such as, sending a password to the user’s mobile or introducing a biometric feature like fingerprints. This process can certainly bring a halt to all the hacking activities.