1$ y0ur p@$$w0rd pr0t3ct3d @cc0unt r3@lly s3cur3 fr0m pry1ng 3y3$?
In the past week we have heard that a major company was hacked and personal data for millions of people was stolen. It might have taken some super sleuths months to breach the computer system, or it might have been broken by a kiddie script. It will probably never be known exactly how they came to have 100 million data records stolen.
How about you? Were some of your personal records stolen from that company?
I’ll tell you that you are in greater danger of having you personal data stolen by a key logger Trojan. That is easily fixed by sanitizing your system and installing a good anti-virus program and an anti-spyware program.
Your most vulnerable soft spot is in all likelihood through a password protected account.
I decided to test a sophisticated password cracking program on a one of my own servers. I pulled a magazine from a stack of them and picked two words and combined them: recognitionenormous. Less than five minutes later the password was cracked.
So I tried some “clever” substitution passwords like: s3crEt3y3$ (secret eyes). Ten minutes later the password was broken.
0h$ayc@nUCbyth3d@wns3@rlyl1ght (the star spangled banner) took 15 hours. I had figured that one would be unbreakable.
“zaq1xsw2cde3vfr4” – a nice 16-character password took 30 minutes as did “vfrtgbnhyujm”. These are simple patterns on the keyboard. I did not even try QWERTY, p@ssw0rd and myd0gh@$fl3@$ because I know that they are favorites – you would be surprised how many people have that as their password.
Take my word for that as I have been director of IT at several companies and know these things.
Any password that is remotely based on words can be easily be cracked by sophisticated dictionary-based programs. If you think you have a cleaver substitution, you can bet someone else with a devious mind has also thought of it.
Odd names of trolls or names from the Hobbit are out. Star Wars characters are great names for servers, but they don’t serve well for passwords.
So what makes a good password?
Some people think the longer, the better, such as this beauty: “jhget6tdjnsty8uendgtcsrwqolpsy673903gde7yhbfrsolmeloiuybcywaodkelsua8n3e7fjwnsye938dhenusgenjdythsenwjei8d5h3w7shgdxw8opleny68hd”, a 128-character pseudorandom password. True, a password cracker that sequentially walks through all character combinations would take just about a lifetime to guess.
But such a password is impossible to remember and takes just about forever to enter manually, so it will most likely be stored somewhere. What better place to store it in a file named xyzzy.txt on a laptop with no password or a password of “secret”. Your bank account is toast should someone or something gain access to that laptop.
Shorter random passwords are littered on the undersides of keyboards and scratched on the bottoms of mice all across corporate America. The odd sticky note on a video display joins the bad password legion.
Passwords need to be easily memorized and hard to crack. Above all, they should be usable.
How about the first letters of some silly saying? M3absftsln (My eyes are bloodshot from the smoke last night). This combines Upper case, lower case and numbers and is ten characters long. Up until today it was good, but by this afternoon it will be added to just about every cracker’s dictionary, so don’t use this example.
Do not use songs or opening sections of a book, as they are probably already emtered into someone’s database. Just make up your own funny saying and secure all your accounts now.
This is even more important as everyone is migrating to smartphones to access all of their bank and other accounts on the go. One bank accepts deposits by taking a picture of a check and uploading it to them. Yes, the picture data is encrypted, but you still have to enter a password to access your account.
Whatever password you choose, make sure you never have your browser remember your password for you. Yes, I know it is convenient, but it is not secure.
Were you ever guilty of having a computer with an easily-guessed password?
