P@$$w0rd!

With all the talk about VIRUSES, TROJANS, and WORMS that can INFECT your computer now days it made me think about whats in our passwords!!   When I think about passwords, I do what I’m told… make a password memorable but complicated, use letters, numbers, and special characters…. BUT WHY!  Well I asked my husband to give some info to me as to why we need to be creative when it comes to creating a password, he would have typed it up, but instead found the info at this link  (oh and this link too) and read over it to make sure it was correct.  So please read on (combined and reworded from the links) to help protect your self from an attack on your privacy via. the internet!   And remember try not to use the same password for everything, mix it up to help protect your self even more!
 
 
 
Here is a definiton of the differnt typs of programs/techniques people use to HACK our passwords:
 
 
 
Brute Force Attack: 
 
This type of attack is the most widely known password cracking method. This attack simply tries to use every possible character combination as a password. To recover a one-character password it is enough to try 26 combinations ‘a’ to ‘z’. It is guaranteed that you will find the password.
The two-character password will require 26*26=676 combinations. The number of possible combinations and therefore required time grows rapidly as the length of the password increases and this method quickly becomes useless. My idea of an example of this is ~ 1234asdf, a sequence of numbers or letters, all lower case or upper case, etc.

Dictionary Attack:
 
A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of  words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit. My idea of an example of this type of password is ~ password, admin, God, love, money, etc.

Hybrid Attack:
 
The last attack of this type, called a “hybrid attack”, specifically targets passwords made of a traditional word followed by a letter or a number. It combines brute force cracking with the dictionary attack. My idea of an example of this password is ~ Marshal6,
P@$$w0rd, your last name and last four of your social, etc.
 

And here are some suggestions on how you can create a password that is hard to break using the above programs/techniques:
 
 
A Strong Password- Common guidelines for choosing good passwords are designed to make passwords less easily discovered by intelligent guessing.
*Include numbers, symbols, upper and lowercase letters in passwords
*Password length should be around 12 to 14 characters
*AVOID any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information (eg, dates, ID numbers, ancestors names or date.)

     
    4pRte!ai@3 — mixes uppercase, lowercase, numbers, and punctuation (evidence there is a large character set), increasing an attacker’s work factor

   
     Tp4tci2s4U2g! — built from a phrase that a user can memorize: “The password for (4) this computer is too (2) strong for you to (4U2) guess!” — mixes types of character. If the phrase is not ‘well-known’ (eg, published in a quotation compendium), this password should have high entropy for an attacker, and be easier to remember than many passwords.

    
     BBslwys90! — loosely based on a phrase that a user might memorize: “Big Brother is always right (right angle = 90 deg)!” — mixes character classes

    
     tDI”60Hs7Q — characters selected from two poetry stanzas by different methods from a page selected using an honest die . But likely to be hard to memorize.
 
 
    152@36291QBS– the serial number of a US currency bill with added elements (which should be random, eg chos
en via the honest die mentioned above). The bill and its serial number are likely to be hard to connect to the user and so will have high entropy to an attacker. Note that some currency may not use unpredictable serial numbers (eg, adding check digits , padding, type codes and the like, often covertly) and, if so, will have less entropy than visibly suggested.
 
 
 
I hope this helps you to better understand the reasons we need to make sure our passwords are unique and complicated.  It definantly helps me out!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: