Passwords, pin codes, and security

I recently went to visit a friend in a secure building. He didn’t answer his phone when I called from the front door to let me in, but the building had a keypad entrance system.  After a few repeated attempts, I was able to find the correct key code and let myself into the building. When I got to his front door, he was a bit upset that I was able to “hack” into his building. I said it’s pretty easy to figure out PIN codes and passwords because people pick easy to remember numbers, words and patterns. Most of the time you just try the most obvious options first, and you can guess the security code.

In research done by DataGenetics.com in 2012, of the 3.4 million accounts they looked at 11% of people had the PIN code 1234. Over 6% had 1111 and almost 2% had 0000.  Given that knowledge trying only 3 PIN codes gives me about a 20% chance of guessing someone’s personal PIN code.

Passwords for computers, emails, and online accounts are not much different.  Every year hackers post online usernames and passwords they have harvested. SplashData, a password management company, compiles a list of the most common passwords of the year. In 2013 the top three passwords were 123456, password and 12345678. Other common passwords included phrases like amazon, adobe, password1 and one of my favorites: trustno1.

Since most sites require usernames and passwords for access, and our brains are not designed to hold 50 different complex unreadable passwords, many of us opted to make them easy to remember.  Unfortunately, an easy password to remember is an easy password to hack. Below are a couple of things to consider when you create pin codes and passwords to help make them more secure.

PIN codes

1. Select PIN codes that are random and have no association to you. For example a PIN code of 3976 is much better than a birth year of say 1960. If I know the year you were born, I would make that a PIN code to try.
2. Select a PIN code that is not an easy visual pattern on a keypad. DataGenetics found 2580 was the 22^nd most popular PIN code because it is the numbers down the center of the keypad on your phone.  The code 1397 is an easy guess as well because it is the corners for the phone keypad going clockwise.

 Passwords

1. Avoid using any part of your login or the site name in your password. If your login to amazon.com is joe.example@fakeemail.com don’t make your password joe123 or Amazon1.
2. Have a different password for every site. I know this can be a big pain, but if a hacker steals your password at one site, they won’t be able to use it at a different site. Imagine if your password was compromised at some site you used three years ago once, and you only use one password. How many sites do you have to update? How much of your data would be at risk (banking, shopping, investment, email)? With a unique password at each site you can reduce your risk.
3. Try to use a random password. A password like Fj%9cX44 is much better than F00tballs. While F00tballs has the normal 8 character limit with numbers and upper/lower case letters, hackers are getting smarter and computers are getting faster so simple character substitutions are still risky.
4. Use an uncommon phrase. For a while, people suggested using a simple phrase such as “ILikeSchool.” However, as the hacking has improved, many security experts now recommend that you use non-sensical sentences as passwords. A phrase such as “eat_baseball_Yards” or “doughnuts around circles” is more difficult to breach.
5. Try using unique logins for various accounts. If possible, I like to have a login that is unique at each site. Also, if it requires an email address, I like to have a few email accounts I can use for different sites. You can easily sign up for multiple Gmail, Hotmail or Yahoo email accounts.
6. Use a password management program. If it is really hard to remember all those passwords, there are several programs out there that will securely store your passwords. These programs will store you username and passwords and log you into the website automatically. A quick search for Password Manager in Google or Bing will get you on your way.

As I said above, I don’t think we were meant to remember so many sites, logins and passwords stored in our brains. Writing it down on a piece of paper is just asking for trouble. And storing them in an Excel spreadsheet isn’t any better. There is hope on the horizon. As we work with biometric systems for voice and visual recognition we soon might be able to have our image and voice as our PIN code. We might be able to use a fingerprint and say our name to get in our email. No longer will we need to store all these random phrases, we will only need to remember our name. Oh, and the code to my friend’s building was 2468.