|
|
Back in the days when most systems required us to have a password that
was no longer than 7 or 8 characters it was very important that you
used upper and lower case letters, numbers, and special symbols, such as
@ or $ or !. Today, any place that has a remedial understanding of
security allows you to have very long passwords and the good news is
that you do not need something like "Wh@t!s1?" to create a good strong
password. The fact is that even without uppercase letters, numbers, or
symbols "the answer is three hundred and two" is a much stronger and
better password than "Wh@t!s1?". The reason is length. Password experts
all know that size does matter!
There are four primary ways that passwords are cracked. Fundamentally
they all involve guessing, but they differ in execution. One way is to
guess the password. This technique is highly effective because many
people use downright dumb passwords, like password, 1234, 1234567, and a
few obscenities. The reason they use these is because they are easy to
remember. OK, I admit, sometimes an obscenity is just fun when one has
to enter a password for a site that doesn't need one! If you know
something about the victim then you might try things like birthdays,
pet's names, children's names, personalized license plates, etc. These
are also common type of passwords that are easy to guess.
The second approach is called a dictionary attack. Many people use words
and frankly there are not all that many words in any language when you
think about how long it will take a computer to guess them all. Now
granted, if you use upper and lower case letters the computer has to
guess a whole lot more, which is a good thing, but for single words it
isn't enough to matter.
The third approach something called rainbow tables. This type of attack
is used when a known type of encryption is used to store passwords and
works for any password - as long as the password isn't too long! If your
password is more than 15 characters it is probably safe from a rainbow
attack unless you are protecting nuclear launch codes or beer.
The forth attack is called brute force. This type of attack just tries
every combination of letters, or letters and numbers, or letters,
numbers, and symbols. Realistically a brute force attack will not crack
a really long password in your lifetime - at least given today's
computers and projected improvements to computers.
The trick then is to have a long password that you can easily remember.
No matter how many different types of characters you use an 8 character
password is much weaker than a 15 character password.
One of my favorite techniques for creating strong passwords is math. I
sure hated math in school, but it is really good for passwords.
"Ten+292=3Hundred&2" is a long password, easy to remember, and very hard
to crack.
"250 plus 52 is 302" is also suitably long, easy to remember, and very
hard to crack. Note: on intelligently designed systems a space is a
valid character in a password.
Here are a few more... "500minus198=302" is a much better password than
most out there.
Good passwords do not have to be hard to remember.
Please use something other than what I have demonstrated. I suggest a
different problem with a different answer. My password actually has the
wrong answer to the equation!
Randy Abrams
Director of Technical Education
ESET LLC
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 4.8
Votes: 15
|
|
|
