Have you seen this man?

If you’ve spent any time online reading about cyber security, then chances are you have come across him. Ironically for someone that doesn’t seem to have one, he (or she!) has become the face of cyber crime and his image appears alongside many articles on the subject of hacking, malware, ransomware and more.

But with Action Fraud reporting that only 35% of people follow the government’s advice for creating strong passwords, we wonder if it is wise to perpetuate the idea that behind any given cyber attack is a lone man in a hoodie? When deciding on a password, should users be thinking beyond this?

Of course, right at the root of the process of hacking there is a person – or more likely a group of people – looking to obtain information held on your computer or network and use it for nefarious purposes. But it gets more sophisticated after that.

How do they do it?

We don’t want to underestimate anyone; we know that most people don’t see hacking quite so simplistically as being down to one man in a hoodie trying passwords at random until he cracks it. Still, we do find that people’s jaws drop in disbelief when we make them aware of the number of attempted attacks that happen each day.

With the right password cracking software installed, an ordinary desktop computer is capable of testing over a hundred million passwords per second. Just doing this in a “trial and error” fashion, with various combinations of letters, numbers & special characters, is known as a brute force attack. In the case of what’s known as a “dictionary attack”, the range of guesses can be limited to ordinary words found in the dictionary or permutations of them. This decreases the length of time needed to crack the password from scratch. Since many people use variations of the same password across numerous websites & apps, this can also be used to guess passwords for multiple accounts once one password has been compromised.

How strong is my password? Not strong enough if it can be “guessed” within seconds by these kinds of software.

We find that once people are aware of the extent to which the odds are stacked in the favour of hackers, they’re suddenly keen to improve their password security!

So how strong is my password?

Outlined above are just a couple of methods used by hackers. If you want to know how strong your password is, have a think about these questions: Firstly, are we talking about just one password for a range of accounts? Then we can tell you that it’s not very secure! Does the password consist of just one word that can be found in the dictionary? Even if that word is followed or preceded by some numbers, we’d recommend that you change it. We advocate secure password practices that take into account the advice of the government’s Cyber Aware campaign, and strongly advise that employees (and employers) use different passwords for personal accounts to those used at work.

Perhaps it’s time to give our man in the hoodie a bit of a break. Unfortunately, the reality of password hacking is probably a lot scarier than he is.

Updated in 2023: Read our top 5 tips for increasing your business’ password security