If your phone were to be stolen how worried would you be? How long would it take to hack your account without a hacker having access to your phone? with roughly 191,870 phones going missing every day, these questions are somewhat thought-provoking. Today we're going to tilt more towards cybersecurity and why we should be grateful for some of the annoying security procedures on our devices and accounts. Have you ever heard of brute force hacking?
A RELATABLE EXPLANATION
Brute force hacking is built on a fundamental concept that drives human innovation and is a trait that is typically found in successful people. The concept is to keep trying different ways to break through till you hit a breakthrough. There are 10 thousand possible 4-digit combinations between 0-9. There are 10 million 7-digit combinations between 0-9. The machines used for brute force hacking are said to be able to try between 10,000 to 1 billion passwords... per second ๐ฑ.
STRENGTH CAN BE FOUND IN NUMBERS
Let's crank it up a notch now, with the 8-character password with uppercase, lowercase, special characters and number, it would take 2.6 days to try all combinations, with a 12-character extending the above style, it would take 7.5 million years to try all combinations. By now you can see that the more complex your password is, the better. Software engineers, however, understand that we as humans within our current generation do not have the time to go create and remember complex passwords so we did a couple of things to help.
PASSWORD MANAGERS HELP
We now have password managers that do the hard job of suggesting complex passwords and remembering them for us. we're typically advised to use different passwords for each of our online accounts (and we don't listen), password managers can help with this. We have two-factor authentication and login alerts sent to us when we try to log into our accounts just to confirm that we're the ones trying to log in. We also have secret password questions as an added failsafe in case we lose our email and phone number.
PASSWORD TRIES RESTRICTION IS OUR ACE IN THE HOLE
Platforms like Google will require an extra form of authentication if you try to log into your account from a new device. We added biometrics and a facial scanner to make things much harder for hackers (albeit with more strain on the end-users too). Most importantly we limited the number of wrong passwords you can input to 3 (maximum 5) after which the account is locked (it isn't promised for solutions and documents that aren't connected to the internet). This particular feature stops brute force hacking in its tracks. A lot of our security features are sadly tied to our phone or email accounts.
FINALLY...
Our devices that have automatic login to our email are the weak link, we protect this weak link by ensuring we keep our devices close, use tokens/biometric as passwords to our devices, and partner accounts on our emails (to be used as backdoor) should our email be compromised. Added security comes at the price of convenience. Tomorrow I should review an even more likely cause of being hacked... Dictionary password attack.