Andy Smith: Make life as difficult as possible for the hackers

Hacker: Making your passwords more complex will lessen the risks of a cyber attack. Picture: Reuters
Hacker: Making your passwords more complex will lessen the risks of a cyber attack. Picture: Reuters
Share this article
0
Have your say

ON Tuesday, a Twitter account was hacked and an estimated $136.5 billion was wiped from Standard & Poor’s stock market value – all this from 71 characters in a single tweet.

News agency the Associated Press’s Twitter account (@AP) had been hacked and a Tweet was sent out saying: “Breaking: Two Explosions in the White House and Barack Obama is 
injured”

The market immediately went into free-fall.

But before we all start worrying about the next recession, once the hoax was found out the market quickly stabilised and returned to its previous stock values.

The Associated Press has now joined a long list of Twitter hacking victims including the BBC, Fifa, Jeep and even the infamous hacking group Anonymous. They have all been victims in 2013.

But how can you protect yourself from being a victim of hacking? From your bank accounts to Facebook – are you as secure as you could be?

One of the ways that hackers use to get into accounts is to try to guess or “crack” your password.

One of the methods often used to crack passwords is what’s called a “brute force attack.”

This means using another computer to try to guess your password.

Computers can make these guesses at a rate of 1,000s per second using dictionaries, lists of names and places, as well as running through all the 
different letter combinations.

Suddenly guessing a password is now a matter of time and an experienced computer hacker can write a script that will crack the most cryptic six-character passwords in a matter of days.

The simplest way around this is to no longer use words of any kind, but to remember a set of information and then acronym that information into something that you will always remember.

In the example below I have used a song verse, but you can use anything that you have memorised and is at least 15 words long.

As this is The Scotsman, I’ll use the classic Caledonia by Dougie MacLean as an example song verse:

“Let me tell you that I love you,

“That I think about you all the time,

“Caledonia you’re calling me,

“And now I’m going home!”

This acronyms nicely into “lmtytilytitayattcycmanigh!”

We’re all now used to sites enforcing a level of complexity in our passwords by adding capital letters, punctuation and numbers.

So to keep the password complexity rules happy, we can add the punctuation back in, include the capital letter on Caledonia, swap a couple of 
letters for numbers (the i’s for 1’s for example) and we arrive at “lmtyt1ly,t1tayatt,Cycm,an1gh!” Be as creative as you like, as long as you can memorise it.

We’ve now created 29 characters of gibberish that we can easily remember, and a 
password that even at 1,000 guesses a second would take a life time to crack.

The next step is to make your password different for each site. Just ensure that you pre or post cede your password with something that makes it unique – the first three letters of the site and a hyphen, for example.

So for Twitter we’d get: “lmtyt1ly,t1tayatt,Cycm,an1gh!-twi” or Facebook: “lmtyt1ly,t1t-ayatt,Cycm,an1gh!-fac”. Use whatever naming convention you want to use and then stick to it.

This may seem like a big step, but after a couple of weeks you’ll be used to the change and you will be better protected than before.

This isn’t designed to scare you. Twitter and all large companies are active in protecting their networks, but now it’s easier for you to do your part.

• Andy Smith is the Digital Director of Verb Digital