Conversations
Ransomware
Don't Login on Untrusted Computers
You Are a Target
Never Give Your Password Over the Phone

powered by zFeeder

Passwords

Type: data threat prevention security

Passwords are used in many areas of security but are particularly popular in preventing access to data. The primary objective for success for most hackers or malicious intruders of a computer network, whether internal or external, is to break password protected computers or network locations. Software is usually used to break passwords and this is achieved by essentially repeatedly guessing the password until a match with the genuine password is made. The software methods used for breaking passwords are commonly deductive guessing, dictionary attacks and brute-force attacks.

Deductive guessing is the simplest form of hacking, but can be employed by anyone without expert hacking knowledge. Simply by using an educated guess an individual may successfully guess a very weak password. For example if a person’s favourite sports team was Liverpool and their birth date was 1983, a guess at the password could be “liverpool83”. Such weak passwords are quite common and therefore deductive guessing is often successful.

Dictionary attacks involve comparing lists of words, usually words from a dictionary, to the password until a match is made. Although this is a simpler method of password cracking, it is potentially quicker to do. Brute force attacks involve every possible password eventuality to be submitted systematically, an example of this would be to submit a guess of “a” and if that was not successful then “b” until eventually more characters are used, this process would be repeated until the password was successfully matched.

These methods of password breaking can be defended against simply by using a strong password. What a strong password consists of is rarely understood by individuals and strong passwords are rarely implemented. To avoid deductive guessing of passwords, a password that does not only contain information obviously linked to an individual. For example any names, dates or other information related to the owner of the password cannot be considered a strong addition to a password.

It is relatively easy to prevent successful dictionary attacks, simply by using a password that is not a known word. For example “password” is a weak password because it is a known word but “kriscurtis” is stronger because it is not a known word. That is not to say “kriscurtis” is a strong password as it is easily cracked using deductive guessing, but that it is stronger than “password” against dictionary attacks.

Brute force attacks take advantage of a computer’s ability to process large amounts of data extremely quickly. By going through every possibility for a password, brute force attacks will succeed sooner or later. However the longer a password is the longer a brute force attack will take to succeed, once a password reaches 15 characters in length the way windows stores the password is different and this makes cracking the password a lot more difficult.

The use of non-alphanumeric characters, such as a Space or a $, also increases the strength of a password as it makes deductive guessing and dictionary attacks highly unlikely to succeed. By making a long password with a combination of letters, numbers and non-alphanumeric characters, a password becomes very strong and defeats conventional hacking methods.

Making a password easy to use is important as a user who is unhappy with using a password will simply change it for something easier to use. In order to make it easy to use it should be easily remembered and relatively quick to type on keyboard. Sentences or phrases are a good way of creating a long and complex password while remaining easy to remember and type.

An example of a strong password is “my password is eA$y.”, this password is easy to type and remember while being longer than 14 characters. The use of spaces in passwords is often overlooked but as a non-alphanumeric character it is a very good method of strengthening a password, meanwhile making it easier to type the password as it is easier to type a sentence with spaces rather than a very long word or a scrambled collection of characters.

Password Examples

The key components to a good password are as follows:

Implementing strong passwords are vital in many areas of security, the ability to understand what a strong password consists of is an important security factor. Arguably the most important password is the operating system account password used to log onto a computer’s operating system, in modern Windows operating systems this password can be up to 127 characters long and use a large selection of characters. This makes a wide variety of passwords possible and there is little excuse for the use of weak passwords.