-
November 14th, 2003, 12:56 PM
#1
Choosing A Password
Selecting A Strong Password
A Password for a computer can be compared to a key to your house and should be treated with the same caution.
You don’t want people coming into your house uninvited and going through your bank statements, personal letters, spouses underwear drawer, under mattress magazine collection (see Zonewalker) and other personal effects.
You would not dream of securing the front door of your home with a paperclip and some string and yet many people opt to use weak passwords on there computers.
Using a weak password can be compared to opening the front door for an intruder and letting them in with minimum fuss.
One of the main key areas to computer security is selecting a good strong password which will be difficult to guess or obtain.
A important note here is the “obtain” part. It is surprising how many people will give others there password. Never do this.
When selecting a password it is easy to pick something familiar to you and use it. This is bad practice. A Golfer for example may use golf as his password or a football fan use his teams name.
The object when choosing a password is to choose one which would be difficult to guess or brute force open.
In order to select a good password it is important to understand the methods Crackers use when trying to guess or obtain this password.
Methods used by crackers
1. Commonly Used Passwords
Any Cracker will have a list of commonly used passwords. This is a list of dictionary words which are used as peoples passwords.
The 4 most common passwords (prior to the release of a film detailing this were)
Love
Secret
Sex
God
Note : Never Use a common dictionary word as a password.
2. Brute Force
Another method commonly employed by hackers is brute force. This is trying every possible combination of words and numbers. An average 2.4ghz processor can try 300,000 passwords a second under normal circumstance.
Note : It is important to select a long password and include uppercase, lowercase, numbers and symbols where available
3. The Lucky Man
Some Crackers employ what I will call the lucky man method. As an internet patron you will probably have several accounts with banks, ISPs, e-mail and other online services. If you use the same password for each of these its like having the same key for every door in a hotel. If the person can open one they can open them all.
Crackers have been known to set up spoof websites or websites requiring logins to access content.
These will sit harvesting the information you provide them with in the hope of access to some free mp3s or pron.
With this list of usernames and passwords the Cracker can then begin checking these against commonly used services.
Note : Try to vary passwords between different services.
4. The Stalker
If a Cracker is determined to find the password of one person the Stalker method can be employed. This is where they will follow you around and gather whatever information they can. e.g License Numbers, DOB, Social Security, Address, Childrens Names, Pets Names etc
They will then try these and combinations of these as passwords for you.
Note : Never use anything personal to you as a password
5. The Watcher
Another method that a Cracker after a particular persons password can employ is to watch them typing it in.
Note : Make sure your password is something you can remember and type quickly to avoid it being seen by someone looking over your shoulder in an internet café or at work.
6. The Stale Password
This is a lead off from point 2 which I just remembered to add. If you don’t change your password regularly a brute force attack will eventually get it. (it may be days,weeks or months)
Note : Change your password religiously to avoid it being brute force cracked
I hope these notes are helpful in helping you determine a good and secure password for yourself and hope that to many of you aren’t logging out at the moment to change it.
-
November 14th, 2003, 01:02 PM
#2
Not bad mark_boyle2002...
GREEN TO YOU
Other common ones are your own name, a friend or family members name, pets names,things that directly relate to you, these are also not a good idea... and if you must use these combine it with other letters and nub=mbers and characters, other wise you make it to easy for any one to crack...
Nightfalls_Girl
-
November 14th, 2003, 01:45 PM
#3
-
November 14th, 2003, 02:25 PM
#4
Dr_Evil, what are the links for?
-
November 14th, 2003, 02:30 PM
#5
I think they are just backing up what I said. Incase no one believed me. Also the final link he posted had some stuff I never thought off.
-
November 14th, 2003, 02:37 PM
#6
Yes, MsMitts,
Exactly what Mark said,
I think they are just backing up what I said. Incase no one believed me. Also the final link he posted had some stuff I never thought off.
Dr_Evil
-
November 15th, 2003, 12:30 PM
#7
Senior Member
very good mail... a bit of advice from my end too... keep a password which is difficult to guess for others... n easy to remember by you...
Now is the moment, or NEVER!!!
-
November 15th, 2003, 02:39 PM
#8
Also, password length, mix cases, and numbers. I usually go with no less than 10. ^_^
-Cheers-
PS: It all depends on importance and how much you are willing to work to keep your stuff secure. If your password gets cracked it is your fault.
-
November 15th, 2003, 02:41 PM
#9
he, my current one for one of my school accounts is now 31 caracters long...
well i had to do somthing, i have admin rights...
keeps on getting changes, every 2 days... i think im a little paranoyed....
Nightfalls_Girl
-
November 15th, 2003, 03:12 PM
#10
Just a thought:
besides the usual UPPER/lower/number mix, i suggest adding 'ALT + something' characters to your passwords.
I've wrote this before around here somewhere, but i can't find the post.
ALT+ 0160 equals the space character. There are few pass crackers proggies that can decode this one (so i've read).
greetz
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|