passwords
Ranked #20,879 in Computers & Electronics, #404,469 overall | Donates to Squidoo Charity Fund
Pick good passwords
Passwords are everywhere and we need them to authenticate with a site. Do you know how to pick a good password? Do you know how hackers work to guess your passwords? This lens will try to provide you a better understanding of how to pick a good password and how they can be stolen. Be sure the strength of the password you are using is suitable for the information you are trying to protect. There are applications out there to help you manage your passwords as well as helping you create some.
Password Complexity
simple passwords will not do...
Systems that require strong passwords want passwords with a minimum length like 8 characters. Some require complexity such as having to include upper case characters, numbers or special characters (!@#$%^&*).
Hackers use dictionaries to brute force attack systems if they know usernames associated with a system they will login as many times as possible using dictionary words. Hackers also use Rainbow tables which are tables of computed password hashes.
Hackers use dictionaries to brute force attack systems if they know usernames associated with a system they will login as many times as possible using dictionary words. Hackers also use Rainbow tables which are tables of computed password hashes.
Authentication
what we are trying to do
As a user we make an identity claim to a system. The system will ask for information from us to have us authenticate that we are who we say we are. Authentication can be in many forms, something we know like a password is most common. Something we have like a token can be used or in the case of biometrics, it is something that we are.
Avoid using personal information for passwords
Be careful
We want to be very careful when choosing a password and not have it only based upon our personal information like our birthday, our sign or phone number.
Bad passwords: 12252001, Capricorn, 555125432. if your birthday, sign or phone number has been posted to a social media site.
Bad passwords: 12252001, Capricorn, 555125432. if your birthday, sign or phone number has been posted to a social media site.
Avoid using passwords based upon information we have shared
using pet names is a bad idea
You should use passwords that not even those closest to you would guess you have chosen. Hackers have successfully taken over user accounts based upon the password reset questions provided, like what was your high school, information which they have found published on Facebook.
Simple character substitutions will not help
Use a complex password
It is common to find users choosing dictionary words but substituting certain characters with symbols. Dictionary tables exist for hackers that have these substitutions in them.
a = @
i = !
s = 5
o = 0
Bad password: p@ssw0rd
a = @
i = !
s = 5
o = 0
Bad password: p@ssw0rd
Don't use words associated with the site or business.
Hackers use tag clouds.
Human nature seems to make us choose passwords that are associated with the site or business which will maintain our accounts. Hackers use Tag Cloudsto build dictionary of attack words that are associated with a business. A tag cloud engine searches a site and ranks words based upon the number of times they occurred within a site. It is likely most of someone's password includes one of the words which were found. Use pass phrases
Use the first initials of words used in a phrase you like and know well and add a special character in there somewhere as well as a number.
Phrase: Those that make haste to be rich shall not be innocent.
TtMhTbRsNbI9!
Phrase: Those that make haste to be rich shall not be innocent.
TtMhTbRsNbI9!
Social Engineering
find information about individuals
Where will I go to find out where you have computer accounts? Social Media sites, newsgroups or search engines. What will I find.
Use Social Engineering techniques.
Use Social Engineering techniques.
Books on Password Usage
Password cracking tools
There are a few popular tools available
Tools exist for use to verify the passwords our users have chosen are good. Unfortunately these tools are available to everyone.
- John the Ripper
- A very useful tool.
- Rainbow Table Resource
- Get free tables already created for you.
- ophcrack
- Crack Windows passwords
Featured Computer Security Lenses
by Edmands
Edmands
Todd Edmands is an Engineer with a Masters Degree in Systems Engineering & Information Assurance and an undergraduate degree in Geography. Todd is an Affiliate... more »
- 34 featured lenses
- Winner of 9 trophies!
- Top lens » Make Wind Chimes
Feeling creative?
Create a Lens!
Explore related pages
- Fastest Wireless Router 2012 Fastest Wireless Router 2012
- Top Wireless Routers 2012 Top Wireless Routers 2012
- Hacker School (99 Cent eBook and eReader downloads) Hacker School (99 Cent eBook and eReader downloads)
- * hacktivist * - Hacker School Attacked * hacktivist * - Hacker School Attacked
- Computer Running Really Slow ? Computer Running Really Slow ?
- Computer Security Jump Bag Computer Security Jump Bag
