The Cocoon Blog
The Internet as it should be: private, secure and virus free

In the wake of high-profile password security breaches, like the latest news from LinkedIn, we have released a Password Storage service designed to make managing unique and complex passwords secure and convenient. We are offering the Password Storage service as part of our premium online security and privacy service: Cocoon+  available for Firefox.

“Internet users are rightfully anxious about these high-profile password security breaches,” said Vernon Irvin, President/CEO of Virtual World Computing. “The vast majority of people use simple passwords or re-use the same password for multiple websites. When someone steals our online passwords it impacts every aspect of our lives. We responded by creating a solution for consumers that is easy to manage and protects all those passwords.”

Cocoon’s Password Storage features include:

- Freedom to create unique and complex passwords for each site

- Password-protected online storage area for passwords

- Convenient, yet secure, access to passwords for each site

Cocoon will continue to develop new features to Cocoon’s Password Storage Service. We will be releasing a version that automatically saves passwords entered on a given site later this summer.

About Cocoon:

We also offer a free, all-in-one plugin developed by Virtual World Computing of Santa Barbara, California. In addition to our  iOS app called GetCocoon, we offer versions for Firefox and Internet Explorer. Our core business model is built on trust, and our mission is to put the user in control of their Internet experience by ensuring that their computer and personal information are secure and protected from malicious attacks, unwanted spam, and invasions of privacy.

Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

The weakest link on social media sites is the use of weak (123456)  or common passwords (password). If you use passwords  that can be traced directly back to you (Example: getcocoon) or use the name of your family pet (Example: cocoonpuppy) – these type of passwords can easily be figured out with a bit of social engineering and access to your Facebook page. Never use passwords that are associated with something that can be traced directly back to you.

How long would an online attacker using a password cracker at 1,000 guesses per second take to figure your password out? Let’s take a look at how effective your password is at GRC:

If your password is 5 characters long and uses . . .

• Just numbers, the time to “crack” = 1.85 minutes (Example: 12345).
• The full alphabet but doesn’t mix upper and lowercase, the time to “crack” = 3.43 hours (Example: alpha).
• The full alphabet and numbers 0 through 9 but doesn’t mix upper and lowercase, the time to “crack” = 17.28 hours (Example: alp12).
• The full alphabet and numbers with mixed case, time to “crack” = 1.54 weeks (Example: Alp12).

• If we combine the alphabet, numbers, mixed case and use 6 characters instead of 5, the time to “crack”  jumps to 1.84 years (Example: Alph12).
• If we go to 8 characters and throw in symbols like # % & *, the time to “crack” jumps to 2.13 thousand centuries (Example: Alph12*!).

2-Do not share the same password across multiple sites

If you use the same password across multiple websites and one site is less secure – a hacker could test other well known websites with your leaked password to gain entry to all of your accounts.

3-Only create accounts on sites that use HTTPS encryption

All the information that you type in at an encrypted site will be protected between the web server and your computer or mobile device.

The Cocoon Team!

A friend and colleague recently wrote a great piece on Internet security and privacy best practices, which will eventually be posted on the Cocoon website. Reading it, got me thinking about just how strong are various passwords?

Hopefully most people know not to use passwords that are associated with something that can be traced directly back to them with just a bit of research. Birthdates, names of pets, spouse’s name, etc. can all be figured out with a bit of social engineering or access to your Facebook page.

But how effective are words themselves? What about mixed upper and lower case? What if you toss in some numbers? How long would a password-cracking program take to figure them out?

Let’s take a look from info gathered here:

Obviously, the quality of the password cracking code and the amount of computing power will affect the speed of cracking the password. This website breaks it down into six different classes, “A” through “F” with “F” being the best. For my purpose I’m going to use “C”. Good, but not the best.

If your password is 5 characters long and uses . . .

• The full alphabet but doesn’t mix upper and lowercase, the time to “crack” = 12 seconds.
• The full alphabet and numbers 0 through 9 but doesn’t mix upper and lowercase, the time to “crack” = 1 minute.
• The full alphabet and numbers with mixed case, time to “crack” = 15 minutes.
• If we combine the alphabet, numbers, mixed case and use 6 characters instead of 5, time to “crack” goes jumps to 16 hours.
• If we go to 8 characters and throw in symbols like # % & *, the time to “crack” jumps to 94 years!

Bottom line, you need at least 6 characters, a mix of numbers and cases, and toss in a special character for good measure. And one more thing, don’t use the same password for every website.

Wow. It’s not easy out there! Stay tuned for more info on best internet security practices.