In the 1970’s the classic Tootsie Roll commercials asked, “How many licks does it take to get to the Tootsie Roll center of a Tootsie Pop?” After a series of animals admit they always bite, a young lad asks the “wise owl,” who then demonstrates the impossibility of licking without biting (wise indeed, since he gets to eat the Tootsie Pop). The narrator asks the question again and states, “The world may never know.”
When it comes to hacking to the center of your email files (and your social media accounts, banking center and more), the answer is much more quantifiable.
Hack in Just Seconds
Simple hacking is just a probability problem. An all numeric password has only 10 options per digit. With 26 letters in the alphabet, passwords with words are stronger. When you factor in symbols, the possibility of upper and lower case letters, and alpha-numeric combinations, you’re looking at about 100 combinations per character. Then that means that a 5-character password could have at least 10 billion combinations.
Sounds pretty uncrackable, until you look at computerized hacking programs which operate at a speed of approximately 1 billion guesses per second. That 5-character password would take only 10 seconds to hack.
Of course, your email shuts down after about 3-5 wrong guesses, so how do hackers work around such safety features? Well, accounts can be taken offline to guess (instead of online). Additionally, hacking programs have gotten smarter. Instead of just guessing every possible combination of characters, which gets exponentially longer with each digit in a password, hackers have written “dictionary” programs. With just a few key words about you, or even with just checking every word in the dictionary, including common alternations, a hacker’s job goes much more quickly.
Common dictionary alterations/mutations include:
• Adding a numeral or symbol to the end of a word, like “Georgia!”
• Substituting numerals or symbols for letters, like “p@55w0rd”
• Mirror patterning, such as putting the same symbol at the beginning and ending of a word, like “!Jacob!”
• Combining upper and lower case letters, like “tUscAnY”
Only a limited number of common mutations exist, so dictionary-based hacking moves pretty quickly, cutting days of work down to perhaps only a few hours or minutes.
Considering how simple most passwords are to hack, is there anything you can do to make your password stronger? Absolutely! You can play around with password strength websites such as on https://howsecureismypassword.net, but we strongly recommend not using real passwords, nor relying on such tools to determine password strength for you. Follow these guidelines:
• Never, seriously NEVER use the same password on multiple sites. Doing so jeopardizes all of your passwords, from credit cards and banking to email and Amazon.
• Change your password minimally every six months. Quarterly or even monthly is better for important security interests.
• Do not “change” or update passwords by just adding a numeral or symbol. Too simple.
• Use long passwords, at least 8 characters. That at least would buy you one day before a hacker could crack a random assortment of letters, symbols and numerals.
• Be random, combine words, and add more than one numeral to an ending.
• Whenever possible, increase security. Opt for 2-step verification. Sign up for text alerts for unusual activity, such as logging in to your account from a new computer. Go ahead and be a little paranoid.
True, such tips might make it more challenging to remember your passwords, but it also makes you a greater challenge to hack.
Other Common “Hacks”
For many cybercriminals, hacking a complex password isn’t worth their time, there are plenty of other “tricks of the trade” for acquiring passwords. Some common methods:
• Phishing emails which trick, you into entering your login information.
• Fake, duplicated (ghosted) websites (which appear to be real) but steal your login info.
• Tracing programs which shadow keystrokes to steal your password, called “keyloggers” which can monitor your movements and lift your keystrokes.
• Malware which pretends to verify password strength, but instead steals passwords.
• Malware that targets your password storage.
• Gathering other data about you and then tricking a customer service center into re-setting your password.
Given all of the options available, password cracking might become a thing of the past.
Don’t be a Sucker
So, how many hacks does it take to get to the center of your email files? Don’t lose your treat, like the querying little boy: beat the game like the wise owl that got to eat the sucker.