Thanks to Vladimir Levenshtein and the ZXCVBN algorithm, I only score a 72.
I try, I really do. When I sign into a new website or get prompted by an old one that my password is out of date, I try really hard to come up with something new and unique. Since I use a password manager to remember all my entries, my criteria has less to do about remembering those strings in my head, and more about manual entry. After all, while the software stores them and spits them back automatically when needed, I often have to input them myself on the go. And so my guiding principle isn't trying to remember some unwieldy sequence, but how easy it is to type. I have to hunt and peck "H%8;aw#_h!", but can bang out lOvE2eAtPeanuts! like a champion touch typist.
However, hard as it is to believe, hackers and their tools are smarter than me. According to a recent appraisal of my passwords, my score is firmly in "C" territory. True, it is better than some, while worse than others. But that is scarce comfort, considering that while I thought I was outsmarting would-be thieves with cute ditties I was doing no better than little Billy in the third row.
To be fair, some of that was not my doing. Your password health is made up of three factors with the first being compromised web sites. Since the first computer virus known as Creeper was discovered in the early 1970s, the speed of hacks has increased at warp speed. Now, 30,000 new websites on average are hacked every day, with over 53% of US citizens affected by cyber-attacks in 2022. According to IT Governance, a data protection company, there have been 953 incidents this year so far. In those incidents over 5.3 billion records have been exposed, with a single one related to the cyber security firm Darkbeam suffering a breach of over 3.8 billion records alone. So yes, there's a reasonable chance that someone has your info besides your spouse.
But in the areas I do control, according to the aforementioned metrics, it seems I'm not doing so good either. While I think I'm being clever, creating various passwords which to me are unique, Vladimir says otherwise. Named for a Soviet mathematician, the Levenshtein Distance between two words is the number of single-character edits required to change one word into the other. For instance to make "kitten" into "sitting" substitute "s" for "k", "i" for "e" and add a "g". That's' a score of 3, and to data scientists (and hackers) it means those two words are practically the same. And an analysis of my passwords finds lots of those close cousins.
Then there's the unpronounceable ZXCVBN score. It assigns a number to passwords based on how guessable they are. And since humans generally pick patterns they can remember, and therefore easy to predict, it's easy for a computer to do the same and figure them out. Think about how your phone prefills your Google search, or the next word when you are writing an email. Same idea here: a score of two or less means it's easy to suss out, as it would take less than a million guesses to nail it. That's a walk in the park for a computer. And yup, I'm guilty of that as well.
Put it all together and you get my middling score of 72. As I said, worse than some but certainly better than others, like those whose passwords routinely make the list of the most common ones. In 2023, number one was 123456, with 123456789 close behind. Rounding out the top five were querty, password and 12345. Is it any wonder that estimates of a cyberattack every 44 seconds leads to more than 800,000 people being hacked a year?
But as the old saying goes, you don't have to be faster than the bear chasing you, just faster than the person you're running next to. And so if you make it harder or more time-consuming to be broken, the thieves will give up and move on to easier prey. So I guess I will go back to the vault and see if I can add a few special characters here, pick a strange combination there. It might be the only time in my life where my intentional misspellings rate an "A."
-END-
Marc Wollin of Bedford thought he was more secure. Guess not. His column appears regularly in The Record-Review, The Scarsdale Inquirer and online at http://www.glancingaskance.blogspot.com/, as well as via Facebook, LinkedIn and Twitter.
No comments:
Post a Comment