Why Your Passwords Are At Risk If They Are Predictable

Computer hackers know two things to be true:

1)     Humans are predictable.

2)     Many traders like us don’t take computer security seriously.

Even though we know we shouldn’t, how many of us have used an anniversary date, or even a birth date as part of our password? To make matters worse, we use that same password for all our online credit card accounts. Hackers know this. They’re betting they can guess your password.

Do Your Trading Computer Passwords Pass the “Guess Test”?

If you are still using passwords that are easy to guess you’re putting yourself in the unenviable position of being the weak link in the security chain.

It only takes one poorly chosen password to clean out your trading account or compromise an entire network – and hackers know how to find them.

Without realizing it, our data has become interconnected.

Our trading computer, online accounts, and trading platforms can all be vulnerable to each other. How could hacking your Facebook account lead to a drained bank account? One reason is we don’t use passwords that are secure enough. We also use the same password across too many accounts.

Hackers Can Use Basic Logic and Math to Guess Your Password

Sometimes hackers use every letter-number-character combination in what is known as a brute force attack. The premise is very simple – start with one character and run through all available combinations until you get a match for the entire password. Hackers know that you use certain combinations more than others.

A blog post on Infostream.cc points this out a few more common approaches hackers use in this post.

As an example, if your password is 4 lower case letters long it would take about 2 seconds to run through all 456,976 possible combinations using freely available password cracking software.

Social Engineering Is the Offline Tactic to Access Your Online Passwords

Another commonly used techniques for finding passwords is called social engineering. That’s a fancy term for a simple technique hackers use.

Social engineering can be something as simple as a phone call or an email from a nice woman who sounds like your bank saying your account has been locked and they need to verify your information before they will release your funds.

All they need are a few bits of data like your user name and password and they will get the problem fixed before you know it – and they will also drain your account while they’re at it.

If hackers can find one of your passwords, they may also be able to start guessing your other accounts too.

Social Engineering Even Affects the Big Boys Like NASDAQ

Social Engineering is precisely what happened several times last year when hackers got control of the NASDAQ message boards.

They wiggled their way through the system and additionally managed to gained access to the Twitter feed of the Associated Press sending the DJIA into a 140-point drop from a fake news release.

In instances like these, it did not matter how well they chose their password or even how long it was – basic human nature was their undoing.

Tips for Preventing Hackers from Guessing Your Password

Here are a few things we recommend doing to make your password more secure:

  • Use passwords that are at least 8 characters long – An 8 letter password with both upper and lower case letters, numbers and special characters leads to something close to 7 Quadrillion possible combinations which by today’s standards would take only about a week to crack on a home computer.  (As GPU speeds increase, the average password may soon have to be at least 10 mixed characters long just to cause enough of an annoyance for all but the most determined to try and crack them.)
  • Design passwords that are both easy to remember and secure – Find a long phrase or even a movie title that easy to remember – in this example we will use the phrase, “Today it takes money to make money.” Now, let us add in some special characters and change that to “Today it takes $ to make $” and then shorten it to “2Day it takes $ 2 make $”. We now have a mix of uppercase, lowercase, numbers, and special characters. If we finalizing it using the first letter of each word it becomes “2Dit$2m$” and we have a password that is easy to remember and strong enough to dissuade guessing.
  • Use a different password for each of your accounts – Now that you have figured out how to create a strong password be sure to use a completely different one on every site that you visit. That way if one account were to be compromised your other accounts will still be secure. After all, it just takes one weak link to give up your password.

Some additional tips you might consider

  • Create longer password by mixing upper, lower, numbers, symbols (A-Z, a-z, 0-9,[email protected]#$%, etc)
  • Use a password software like Roboform
  • Keep a master password your password software, and encrypt your local files.
  • Keep offline backups.Consider keeping a secure computer for trading that used strictly for trading.