1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

The Big Password Secret

Discussion in 'Windows Tools & Tips' started by Jeanh, Aug 20, 2015.

  1. Please or Register to view links
    So you think your know what makes a strong password; a mix of letters, characters and symbols. It’s true, up to a point. But thanks to predictable human behaviour you need to think again.

    You probably think you’ve seen and heard everything you need to know about setting strong passwords. After all, every so often a security-related company will do some research on the types of passwords we use and share their results with the press. Inevitably a fair proportion of users will use lazy passwords like ‘12345’ or ‘qwerty’ or the name of a pet, spouse or child – in short something that is easily predictable.

    The press of course jumps all over the story. It’s an Please or Register to view links, it affects much of the population and it has a shock, horror element given that easily ©râcked passwords can lead to Please or Register to view links, financial fraud, invasion of privacy, data theft and so on.

    Some might even tie in rising identity theft figures, growth in online fraud and Please or Register to view links that can be done from data theft to deepen the story.

    Some people take notice and change their passwords to make them tougher to ©râck; probably just as many shrug their shoulders and think ‘it will never happen to me.’

    Of course, it’s worth reiterating some of the points that you need to cover to ensure a strong password and we’ll do that in a moment. But are you aware that there are also common patterns of password composition that people use to create passwords, and hackers are aware of them? But before we get to that, let’s just revisit the basic principles for password security:

    • Easy to find - Don’t leave your passwords lying around written on Post-it notes and so on, especially if you work in an office
    • Too common – Hackers use something called attack dictionaries in English and foreign languages which search for words pieced together such as fathorse, paperball and toughmother.
    • Personal data – Don’t use the name of your spouse, pet, kids, birth dates, phone numbers, address and so on. If a server has been hâckêd somewhere with your personal data on it, like bank account numbers – it doesn’t take much for a hacker to find out this information and use it to access your account.
    • Simple to guess – Many passwords are easy for automated programs or even other people to decipher. Some passwords are based on common items or a dream car or favourite holiday destination. These are predictable.
    • Letters only – A big no no. Create passwords that are a combination of numbers, letters (uppercase and lowercase) and symbols.
    • Short in length – The shorter a password the more opportunities for ©râcking it. A strong password is at least 8 characters long.
    • Long time – Have you used the same password for years? If you change your password every 90 days then the chances of your password being ©râcked are diminished.
    • Always the same – Do you have one password you use everywhere? If you use several different passwords all of your accounts, logins, and computers are not at risk if a password is discovered or ©râcked.
    Make it tough
    We can sum up the above advice by saying you need to create a different password for each account and each password should have about nine characters, a mix of letters, numbers and symbols.

    Of course this begs the question how on earth do you remember each password given that many of us have so many different online accounts? And this is even more so if each password is complex.

    Perhaps it’s simpler to ignore all the advice and revert to using one password for every account and make it easy enough to remember? Well, of course it is easier but it leaves you much more vulnerable.

    Digital strong boxes
    The thing to do is use a Please or Register to view links. Luckily there are Please or Register to view links, some of which are free and some of which require payment. But they certainly do offer a solution to the problem of creating tough and unique passwords and being able to remember them, because you don’t have to as they are stored on software on your computer.

    Something you’ve never heard before?
    Have you ever heard of DARPA? It’s not a character from Star Wars or the name of a shadowy organisation with malign and nefarious intent though its name does crop up in news stories about artificial intelligence for robots in conflict zones, blue sky projects on robotic space planes, futuristic Please or Register to view links style Please or Register to view links or bringing military style thinking to cyberattacks.

    DARPA, the Please or Register to view links, is an agency of the U.S. Department of Defense and is responsible for the Please or Register to view links for Please or Register to view links; so perhaps it does have malign and nefarious intent? And clearly in this online age it has a large investment in cyber warfare; attack and defence.

    A few years ago, KoreLogix sponsored by DARPA, Please or Register to view links. The DARPA sponsored project found that, among the thousands of users within an unnamed Fortune 100 company, roughly half had relied on just five patterns to compose their passwords and 85 percent had relied on just 100 patterns.

    These ‘composition patterns’ revealed just how predictable we can be, a fact that hackers are aware of. For instance, the three most common password composition patterns were:

    • One upper case, 5 lower case, 2 digits

    • One upper case, 6 lower case, 2 digits

    • One upper case, 3 lower case, 4 digits

    Following this pattern, passwords such as Blioeu23, Jbinma46 and Omji9078 are relatively common. They may be more robust than your average password but to hackers the patterns are predictable.

    The research also revealed that the composition patterns also throw up common vulnerabilities when creating so-called unique passwords:

    • If you hadn’t detected it already from the examples above starting a password with an upper case letter followed by lower case letters
    • When a password isn’t long enough a letter or two is added at the end
    • Putting digits, especially two or four of them, before or after the letters (as above)
    • When a special character is required, using ‘!’ and putting it at the end
    • Rather than using two symbols in a password people tend to use just one
    The research also revealed similar predictable patterns within other companies so it wasn’t just employees within the Fortune 100 outfit. This dovetails with what psychologists suggest; despite perceptions to the contrary Please or Register to view links.

    With these common patterns in mind you can create the mother of all passwords that are extremely tough to ©râck. To do this, simply follow these tips:

    • Don’t begin the password with an upper case letter or even better any letter
    • Resist the urge to use familiar words and phrases
    • Use different symbols/characters in the same password
    • Don’t always place numbers next to each other
    Create an acronym using the first letter of each word in a memorable sentence, such as: ‘Ok nasty hackers a message for you – look at you now.’

    This translates into: 0nham4u-l@uN’. Note the apostrophe on the end.

    You can create your own memorable phrases for each account and safely tuck them away in your password manager.

    You may not think you have much that hackers would be interested in, or envisage hackers going to the trouble of determining composition patterns. But for hackers that hack Please or Register to view links rather than those who simply use Please or Register to view links, ©râcking passwords by using this technique is like child’s play.

    In fact, there are hackers who work at this level who develop and sell exploit kits. If they see value in passing on these techniques to hackers who will use them, they will not hesitate. For instance the DARPA sponsored research developed a theoretical machine based on three powerful AMD processors, costing about $2,000 to build. It estimated that an 11 character topology has 265 trillion potential passwords. By using the AMD powered machine and awareness of compositional patterns the password could be revealed in 3.6 hours.

    For a hacker in possession of tens of thousands of stolen passwords, perhaps scooped in a large hack on a company’s server, this is a minimal investment. And there is the danger
    sinnerXsaint likes this.
  2. Thanks for sharing :)
  3. Thanks sa informations:oops:
  4. welcome bossing(y)
  5. Taong-BATO

    Taong-BATO Addict Established

    Thanks for sharing.. :)
  6. Thanks you so Much Bro. Sharing More Useful Topic
    Thank you agaim bro.
  7. rappogi456

    rappogi456 Addict Established

    Thanks for sharing ts more power :)
Tags / Keywords:

Share This Page