Hacker-proof Passwords

Hacker-Proof Password Development

For years, 1.2 billion plus websites have been targeted by Russian and Chinese hackers using massive “bot” attacks. These bots aggressively attempt to access websites with username and password capabilities. You read about these attacks every week – celebrities like Emma Watson, Pippa Middleton, Jennifer Lawrence and more have been victimized.

When you create an account on a website, you are very much at the mercy of their suspect technology stack and security policies. But because you’re a 100 Deadly Skills reader, you’re always looking for a way to avoid becoming a victim in any circumstance.

So, here’s a quick lesson in hacker-proof password development.

Strong Usernames Increase the Strength of Passwords!

These days we feel our username has to be our email address, part or portion of first and last names or something easy to remember, like admin, user or student. The fact of the matter is that our usernames are part of our security access system. The problem, USERNAME isn’t thought of as a critical security access code.

So, start thinking of USERNAME as a CODE NAME.

Your email address is NOT a very good CODE NAME!

I recommend that your username never be associated to your personal information, like first or last name, email address and phone number.

Create usernames that feel more like a CODE NAME. Here are some examples: BlackJack, SilentHammer, LandShark, NinjaSmoke27. Remember, your username is part of your security access system – your username and password work hand in hand to keep the bad guys out!

Impenetrable Passwords With 40+ Years of Resistance!

There are lots of tips on password development, but here’s worst case scenario to plan for: A rogue Russian network of hackers decides to penetrate all your access points on the World Wide Web. They are armed with a supercomputer that can “brute force” access all your personal and financial information.

A brute force attack can not be stopped, BUT it can be delayed for 40+ years with proper passwords. Most supercomputers can run every character on a keyboard thousands of times a second, allowing it to run many thousands of combinations of characters per minute. Its not the complexity of a password that makes it hard to crack; its the length of the password.

The more characters in a password, the longer it will take for a supercomputer to run through all the possible combinations of characters. I recommend a 24-character password – the longer the better. Sounds crazy but here are some examples:

  • HarleydaVidsOnStarbucks!!!
  • FireEarthwIndWater4Life!#!

Long passwords with a combination of uppercase and special characters will take 40+ years to crack.

Bottom line, strong usernames combined with long passwords will increase the security of your online life exponentially.

Interested in more? The team at WordFence has a great in-depth article on password cracking – highly recommended!

8 Comments
  • Natasha F
    Posted at 20:14h, 29 April Reply

    Hahaha … I use pass phrases for everything and I m paranoid enough to go change my email pass phrase again (thanks) …. and now I m laughing because you’ve asked for my full name below the comment ….

  • N0tMyFu77Nam3
    Posted at 00:48h, 30 April Reply

    There might be a way around that Natasha F 😉

    Getting back on task, thank you for posting this, Clint. I’ve been using longer and longer passwords but I didn’t think about my username being a vulnerability.

    Dammit. Now I have to change it. EVERYWHERE …. grah.

    Better now than later, when it’s too late, right?

  • Tom Notmyfullname
    Posted at 08:18h, 30 April Reply

    I’ve been using Lastpass https://www.lastpass.com/ for years. I’ve had notifications from Have I been pwned? https://haveibeenpwned.com/ a few times but am safe in the knowledge that each password is unique. Having said that using a random username rather than my email address makes sense. Another layer of security. It’s easy to change passwords but how many sites allow username changes…? Will find out as I go.

  • Patrick
    Posted at 11:28h, 30 April Reply

    That’s certainly something to consider for websites that have a username as part of the login credentials. Many sites today, though, don’t give the option of creating a username and simply rely on your email address for the “username” portion of the login process.

    Using a fake email generator could be an option; however, those sites will occasionally send you emails that might be important and might require action so that’s something to consider, as well.

  • Harry Davey
    Posted at 11:33h, 30 April Reply

    How about an email address which is not linked to personal information, which could be used solely for websites that use an email address as a username. Still not as secure as a proper username though. Great article! :))

  • Tom not my full name
    Posted at 12:27h, 30 April Reply

    I see that my comment has been removed. It should have been the third comment. Was that because I mentioned a password manager or because I did not give my full name?

  • Tom not my full name
    Posted at 12:28h, 30 April Reply

    & now it’s back. Strange.

  • Kendra
    Posted at 14:12h, 17 July Reply

    I never realized that I had so many accounts until I started going through them all to change my username. It’s a giant drag but I’m really grateful for your post.

Post A Comment