I Team

Many passwords not strong enough, allowing hackers to access your accounts

ByJason Knowles and Ann Pistone WLS logo

Wednesday, October 23, 2019

Hackers can crack passwords thought to be strong, access accounts

You might think your password is strong, but think again. Your passwords are at risk, even if they have special characters and numbers.

CHICAGO (WLS) -- You might think your password is strong, but think again. Your passwords are at risk, even if they have special characters and numbers.

Passwords are used for everything; social media, banking, email and your work sign-in. Most organizations only require 8 characters, but Consumer Investigator Jason Knowles and the I-Team found that that's not safe enough.

"We cracked them and recovered 99,000 of them," said cybersecurity expert Jose Plascencia. He said he used the same technology as hackers.

Security experts at Chicago's Trustwave first showed the I-Team how the password crack works by obtaining "hashed" or encrypted passcodes from a real company's data breach. Then they took those hashed or scrambled codes and ran them through a program, which can also be obtained by experienced hackers.

One study estimates that 83% of Americans use a weak password, like a name or a season.

"We see a common trend where people keep using the same weak passwords such as pass123 or spring2019 simply because it's easier to remember a password like that," said Plascencia.

So the I-Team tested "Fall2019." They started by entering it into Trustwave's program to scramble the password, just like companies scramble your passwords. However, if hackers obtain that company's list, they can enter it into another program to de-scramble it. In a matter of minutes, the password was cracked.

The next password was a little more complicated: "Bears34!" But less than a minute later, it was de-scrambled. They tried it again with "StarWars0000," then "GoHawks88" which was cracked within two minutes.

So how do you beef up your passwords and still remember them?

"We recommend using pass-phrases, so a password comprised of several words that are easy to remember and easy to store," Plascenia said.

For example, think of three words and combine them. Try to get them to about 11 to 15 characters, not the eight characters which is typically recommended. You can also use a full sentence. Then, add a special character like hashtag or a star.

"Every character added to that password link, in order to exhaust that, becomes exponential," said Plascenia.

Knowles put his own password to the test; a longer phrase, with numbers and a special character. But they couldn't crack it.

"It was complex," said Plascencia. "It used different special characters and the length, that's really important to highlight, the length of your password was 15 characters."

Besides strengthening passwords, you should not use the same one for every account. You can get password apps which help you to securely manage them all.

One of the most interesting things the I-Team learned was that experts say you can use a space as one of your characters.

Report a correction or typo