Passwords are everywhere. Nearly everyone today makes use of them to access their most precious information, make confidential changes to their lives regarding banking, emails, etc. The problem that this type of living brings forth is that it is becoming increasingly difficult to keep track of which passwords you use for which of your accounts. Just sitting here, I can say that I have at least 25 accounts (at least!) that all have passwords, and I am sure that can be considered as minimal compared to others. With this being the case, the temptation arises to use the same password for everything, and that makes sense. After all, one good key phrase could work right? Technically, yes. But that is definitely not advised, and in this article we will explore the ways people go about hacking accounts, and why passwords of a certain format can be the difference between online bliss, and a world of chaos.
Servers and Accounts
To understand what is going on, we first need to understand the environment in which this is happening. So, on the first layer, we have Accounts. The second, the websites. And the third layer is the Server.
Because they are pages, the Accounts form part of the websites themselves. What makes them special is that they can block access to specific pages, if a user does not have the security clearance to access them. This means that, depending on how the website is set up, almost anyone can view most of the pages – but it is the decision of the webmaster to decide which pages are only accessible to those with an account, and which are open to the public. These are very effective, so much so that even if a user who doesn’t have an account (or is not logged in) tries to access directly a page that is for Registers Users only, they will be redirected to a Login/Register page.
The server, much like a waiter, serves you what you ask for. In this case, the website. It allows users to access the files on the server, letting them view and interact with them. But how does the server keep someone from simply editing or deleting and replacing the files stored on it? Well servers, much like Accounts pages, only allow editing (or any other task that requires Administrative rights) to those with the required credentials. Although the files are available for viewing, the server does not allow them to be altered in any way. The only way that can happen is if one logs into the server’s itself (like an account) and makes changes in the backend.
So there is a good amount of security existing on websites, whether you are a Member, Public User, or Webmaster, there are safeguards in place to keep the access available to only the correct people. But how do hackers fit into this picture?
Hackers are people who use computers and code to gain something, or to cause damage online. They tend to be very tech-savvy and use their skills for some kind of personal gain. Some hackers hack for a just cause (Hacktivists), some hack to cause damage, by crippling systems and bringing them to a halt, some do it for Black Hat SEO purposes, and some do it for money (like the WannaCry virus of 2017). Depending on what a hacker wants to achieve, for whatever reason, they will choose to attack a system in a specific way. Some hackers try to gain access to people’s accounts for their emails, social media, bank accounts etc. So that they can ransom your information back to you for money, or sell it to people wanting to use that information, or simply to empty your bank account. Whatever it may be that they want to do, rest assured that they will need to get through your password. One way they do this is by using a program to try every possible password combination in an attempt to land on the correct one by luck. With computers being able to process millions of actions per second, this sounds like it would take no time at all, is that really true?
To crack your password is actually not as easy as it seems. Trying every possible combination, for a password that could be any number of characters long, in any arrangement of sentence-case and capital letters, with any number of punctuation marks and numbers in between – that is no small feat, even for a computer. But what if they happen to get lucky? It could happen, and then what? Your information is no longer private, or your bank account is empty. If you use a different password for all your accounts, you’ll be (sort of) fine. Depending on the length and complexity of your password, it has a massive effect on how long a computer will take to crack it.
BFS || 0.0000004 Seconds
BFSNetwork || 30 Days
BFSNetwork-1S || 3 Million Years
BFSNetwork-1S-TH3 || 93 Trillion Years
BFSNetwork-1S-TH3-B3ST || 252 Sextillion Years (252, 000, 000, 000, 000, 000, 000, 000 Years)
Luckily, today there is a lot of effort going into ensuring that hackers have the hardest time possible getting into systems. With security measures such as two-step verification and others that require confirmation on multiple devices before access is granted. Other companies have simply added a 2 second delay to every password login request. As users, we barely notice. But if every single attempt that a computer makes (millions) will take 2 seconds longer, then it makes the number above look minuscule.
Passwords are the keys to our online lives. Without them we could lose everything, all your money, all your family photos backed up to the cloud etc. With all this precious information being safeguarded form all sides with heavy duty programs designed to keep people out, wouldn’t you want your password(S) to be as strong?