Passwords, or sometimes pass phrases (a longer password made up of words), are the primary authentication system for pretty much everything and have been around for decades. From Twitter, Facebook, trading platforms and email mailboxes to sites where security is even more important, such as online banking. Due to poor password hygiene, laziness and general increases in computer power, passwords can be cracked, in some cases in mere minutes. Dictionary password cracking uses a list of millions of passwords and can go through millions of passwords in under a minute.
Most people or businesses recommend a password of over 8 characters (in reality 12 or 14+ characters is best) made up of lower case letters, upper case letters, numbers and special characters (e.g. £*$ etc). Ideally, a password would look like “xNKc0<\e3U@WES”, but this begs the question: can someone remember this, let alone a unique one for each website? A “kick-ass” password may be used but it can lead to people using it for every website login, or writing it on a Post-it note to help them remember it. Then all it takes is to steal one password and get access to someone’s life.
PINs for credit and debit cards are a good example of how security measures can be effectively implemented, simply and cheaply. 0-9 are the options and four is the length. That may seem very short compared to a password of 8+ characters made up of varied letters, but the key difference is that the card locks after three attempts.
Most website login mechanisms will let you try hundreds of passwords. A clever one would slow the attempts down to make you wait ten seconds between each incorrect entry, lock you out for five minutes or make you call the company to verify your identity, thus making hundreds of false attempts take hours or days.
By following such simple and cheap options, password cracking can be drastically slowed down or stopped altogether.