November 14th, 2003, 12:56 PM
Choosing A Password
Selecting A Strong Password
A Password for a computer can be compared to a key to your house and should be treated with the same caution.
You don’t want people coming into your house uninvited and going through your bank statements, personal letters, spouses underwear drawer, under mattress magazine collection (see Zonewalker) and other personal effects.
You would not dream of securing the front door of your home with a paperclip and some string and yet many people opt to use weak passwords on there computers.
Using a weak password can be compared to opening the front door for an intruder and letting them in with minimum fuss.
One of the main key areas to computer security is selecting a good strong password which will be difficult to guess or obtain.
A important note here is the “obtain” part. It is surprising how many people will give others there password. Never do this.
When selecting a password it is easy to pick something familiar to you and use it. This is bad practice. A Golfer for example may use golf as his password or a football fan use his teams name.
The object when choosing a password is to choose one which would be difficult to guess or brute force open.
In order to select a good password it is important to understand the methods Crackers use when trying to guess or obtain this password.
Methods used by crackers
1. Commonly Used Passwords
Any Cracker will have a list of commonly used passwords. This is a list of dictionary words which are used as peoples passwords.
The 4 most common passwords (prior to the release of a film detailing this were)
Note : Never Use a common dictionary word as a password.
2. Brute Force
Another method commonly employed by hackers is brute force. This is trying every possible combination of words and numbers. An average 2.4ghz processor can try 300,000 passwords a second under normal circumstance.
Note : It is important to select a long password and include uppercase, lowercase, numbers and symbols where available
3. The Lucky Man
Some Crackers employ what I will call the lucky man method. As an internet patron you will probably have several accounts with banks, ISPs, e-mail and other online services. If you use the same password for each of these its like having the same key for every door in a hotel. If the person can open one they can open them all.
Crackers have been known to set up spoof websites or websites requiring logins to access content.
These will sit harvesting the information you provide them with in the hope of access to some free mp3s or pron.
With this list of usernames and passwords the Cracker can then begin checking these against commonly used services.
Note : Try to vary passwords between different services.
4. The Stalker
If a Cracker is determined to find the password of one person the Stalker method can be employed. This is where they will follow you around and gather whatever information they can. e.g License Numbers, DOB, Social Security, Address, Childrens Names, Pets Names etc
They will then try these and combinations of these as passwords for you.
Note : Never use anything personal to you as a password
5. The Watcher
Another method that a Cracker after a particular persons password can employ is to watch them typing it in.
Note : Make sure your password is something you can remember and type quickly to avoid it being seen by someone looking over your shoulder in an internet café or at work.
6. The Stale Password
This is a lead off from point 2 which I just remembered to add. If you don’t change your password regularly a brute force attack will eventually get it. (it may be days,weeks or months)
Note : Change your password religiously to avoid it being brute force cracked
I hope these notes are helpful in helping you determine a good and secure password for yourself and hope that to many of you aren’t logging out at the moment to change it.