Creating a Strong Password
Before we begin, you must be clear on one big truth: there is no such thing as a perfect password. A committed hacker can crack any password, given enough time and the right “dictionary” or “brute force” tools. But just like breaking into a car, if the protection is strong enough, the hacker will become discouraged and give up before the protection fails.
How Hackers Crack Passwords
Hackers use one of two major techniques: password recovery (an administrator’s technique), and “brute force” repetition. The password recovery tries to fool your computer system into trusting the hacker as a legitimate administrator. Brute force is simply repetitve attempts at your password, up to hundreds of attempts per minute, to crack it.
“Brute Force” Repetition
Hackers often use software tools called “brute force dictionaries”…software that quickly recombines English dictionary words with thousands of varying combinations of spellings. (Yes, much like a Hollywood safecracker movie scene, but slower and less glamorous.) You can see samples of brute force software here.
Brute force dictionaries always start with simple
The Password Challenge: “How Can I Make It Tough to Crack, But Easy to Remember?”
Indeed, how does one balance these two contrary objectives? A long password of cryptic characters will be strong, but so frustrating to remember. Yet a short-and-easy password will get cracked within minutes by a good hacker.
Gratefully, there are some helpful tips to create a strong-yet-memorizable password. The idea behind these next five password suggestions is to turn an easy-to-remember phrase into a cryptic word that will discourage hackers.
5 Tips to a Strong Password
1) Make your password long – 6 characters is OK, 10 characters is good, and 15 characters is excellent. 15 is really desirable for high-level security, because 15 is a special number in Microsoft Windows. At 14 characters and less, Windows passwords are scrambled as “hashes” (encrypted into unseen scrambled characters), and stored in hidden Windows system files. It is possible for a gifted hacker to access those stored hashes and unscramble your passwords. However, MS Windows no longer stores hashed passwords at 15 characters and longer. Yes, it is annoying to type 15 characters just to log into your account, but some situations may merit the effort. For example: you are the chief financial officer of a company, or you are the master sergeant for a military unit
2) Start designing the password with a memorable meaningful phrase..then make it complex by adding numbers and special characters. Here is how you do it:
(Yes, a strong password looks somewhat like a censored swear word!)
3) Change your password every 4 weeks. Many employers serious about protecting their data will require their employees to change their password on a regular basis, once a month at minimum. It is a good practice to do the same on your home computer where you keep private financial information.
4) Do not store your password on paper or with storage software Please avoid password-keeper programs that claim to make your life easier. It is the opinion of this writer that password products do not offer enough protection for your login information should your computer get hacked. It is better to memorize a password whenever possible. Never keep your passwords on a piece of paper under the keyboard or in your wallet. Do not keep them in your PDA either; if you must store your passwords at all, keep the passwords’ hints instead. For example, as an alternative to storing “Dexter2Gouda” use “puppy’s name, age and favorite snack”.
5) Use different passwords for your different computer accounts. As annoying as it is to remember them all, please do create a different password for your email, for your online banking, for your eBay and your PayPal. Should one of your passwords ever be compromised, at least the hacker will not be taking over all of your accounts.
2 comments:
Sunday, September 27, 2009 8:13:00 AM
Great site, very informative, thanks! I'm adding a link to your site on my blog.
Sunday, September 27, 2009 11:07:00 AM
Thanks for commenting and 4 link too and for the Record u r not bad at all
Post a Comment