Cybersecurity is a wonderfully chaotic mess right now.
Previously, on the internet…
A normal [email protected] word with some mixed case letters and a few swapped characters was considered secure. That isn’t the case anymore.
Hopefully, this isn’t too hard to grasp since we’re on a cryptocurrency blog,. As mining algorithms have gotten harder, the hardware is now able to do so in a way that would have been impossible a few years ago. This same (and exponentially cheaper) consumer grade hardware can now be used to run BILLIONS of brute force password attempts in a few hours – rather than in a few years/months. What would have taken a server with 12 dedicated graphics cards to accomplish in 2012, can now be done with one high-end gaming graphics card. That’s 350 billion password guesses a SECOND. How secure does that make you feel?
Ultimately, this means it’s time to completely change the way we create and use passwords. The old method – 8 characters with some capitals, a number, and some punctuation – just doesn’t cut it anymore. While we’ve been hearing this for years, but many of us never a) thought it was a serious enough threat to bother with or b) didn’t think it was all that important because we didn’t have anything important to secure online.
However, your digital security is arguably more important than your home security. If someone breaks into your home, they can take what belongings you possess. Unfortunate as this would be, your losses are limited to what’s in your home. If someone breaks into your email account, they can secure an easy password reset access to all your accounts: your bank as well as your Amazon/ eBay/ Microsoft/ apple/etc. accounts.
Users can generally recover their account passwords from large online merchandisers. While it is not generally easy to do so (especially if the hacker changes all your personal information and security check information), these companies have a vested interest in restoring your account and trust. That doesn’t mean that you won’t have trouble rescinding purchases made with your credit cards/bank. All the more so if they believe someone authorized on the account made the transactions.
With cryptocurrencies…nothing like this yet exists. If your DAT wallet file (hopefully encrypted with a strong password) is accessed and you have an easy to brute force password – then its Game Over. Your wallet will be emptied and there will be no way to recover your funds. This vulnerability makes creating a strong password even more critical.
In addition, a 2 step authentication should be a must for securing access to your account. For best results, users should use a 2FA (2-factor authenticator) app rather than an SMS (text) message for these. Remember, your wallet DAT password is the only barrier separating a thief from spending your coins.
So, if the traditional way to create passwords is obsolete., what should we do about it? We will need to create new habits. Several good password ideas exist in out there. Select 4 or more easy to remember words: duck bunny lobster skillet – and simply combine them. Thus, duckbunnylobsterskillet (since those were the first 4 words that popped into my mind, they don’t qualify as perfectly random). For greater security, use a random word generator to create your password.
While creating such random combinations doesn’t appear terribly difficult, a truly random password is a much harder password for a computer to crack than [email protected] (even one primed to run brute force attacks). Here’s an explanation of why.
Passwords can be made even more secure by adding a number in the middle, though the number should also be random. Guess what? There are plenty of random number generators out there too. Or simply go to Google and type in Random Number. Google will even allow you to set a minimum and maximum number range.
If you have the patience (or existing linguistic knowledge to do it), you can run your original password(s) through Google Translate to produce them in a different language. While this is a bit advanced, this IS your money we’re talking about. Keeping it safe should be worth a little more effort than creating a spam email account for forum signups. After all, common English words are already mainstays of password crack lists. By diversifying the language of your password, you’re preventing dictionary attacks from succeeding. Even if the attacker imports 3-4 language dictionaries, that increases the number of words available by 3-4x. That makes the password exponentially more difficult to crack (not 3-4 times more difficult as one might assume).
Investors may also want to consider a password manager, like LastPass, Dashlane, and others. While these are helpful when web browsing (have them create literally random passwords that even YOU don’t know), you still need a strong master password to protect them. These tools can create a random wallet password that is fairly long and therefore strong as well.
Ultimately, account security is your responsibility. It’s up to you to decide what that is worth. Spending 5 minutes on password creation could save all the coins in your wallet. Aside from security concerns, those 5 minutes can also provide some peace of mind.