Jump to content

How Secure are our Passwords


LSW

Recommended Posts

I plan to add future posts to this as I come across anything worthwhile. As computers grow faster the ability to crack passwords improves. If you are still using 8 character passwords, it can be cracked in minutes. Add to that the eventual use of quantum computers by governments and one day maybe all of us... ANY password will be cracked in minutes. A computer can compare pre-listed common hashes at about 350 Billion a second.

Also stay away from dictionary words. There are two primary attack types:

  1. Brute force: The attacker will just run his computer through combinations (a, ab, abc, abc1, abc2, etc.), literally using brute force of computing power to try every possible comination and for a average computer 8 characters is childs play.
  2. Dictionary attack: This is running through common words and includes modifying them (horse, Horse, h0rse, H0rse, H0r$3, etc.). Again, a really easy way to attack.

So here are a few suggestions from me:

  • The longer the password, the better. You really should be using 12 characters at a minimum and I would suggest more like 14 - 18/20.
  • Use a password manager so you need not remember them all and can use randomly generated gibberish.
  • Move away from Passwords and use Passphrases. Lyrics, Poem lines, Quotes, etc. These can be complete with spaces and you need not have special characters or numbers. It would also be more easily remembered than "C9bgTkYhd9dr". You can type them without dealing with special characters that can be a pain on a mobile device and you have really long lengths.
  • Stay away from dates, those can be guessed like wedding date, kids birthdays etc.
  • Stay away from pets or their names, breeds, etc.
  • Stay away from children's information.
  • Stay away from favorite things like authors, bands, hobbies as these may be guessed as well.
  • Maybe use other uncommon languages, I have used Potawattomee, Tklinget, Gaelic. You need not even know the language, use a dictionary and see how your favorite animal is called in Gaelic "Winter Horse" in Gaelic will not be quickly broken, there are at least 4 forms of Gaelic, so I have to break not only what you like, but Irish, Scottish, Nova Scotian gaelic or Whales? And the name may include weird character groupings and special characters. If you remember what it was in English you can just look it up to remind yourself again.
  • Never ever repeat passwords for other sites. Make each unique.
  • Never give it out... to anyone.

Hope you decide to get more secure and get some ideas from what I post here in the future.

LSW

Link to comment
Share on other sites

  • 4 weeks later...

The Real Rules for Strong Computer Passwords Go Against Everything You've Been Told

https://curiosity.com/topics/the-real-rules-for-strong-computer-passwords-go-against-everything-youve-been-told-curiosity

Quote

Everybody knows the rules to writing a password: you have to use upper and lowercase letters, a number or two, and preferably a symbol, if you want to be really secure. That rule came from a man named Bill Burr, and in 2017, he took it all back. That's not the way to make a secure password, he says. In fact, it's led most of us to make our passwords even easier to crack.

Unfortunately, in 2003, there wasn't much data on what made a strong password — he was left to rely on a white paper written in the '80s. "Much of what I did I now regret," Burr told the Wall Street Journal.

Here's the problem: Passwords written with numbers and symbols are hard to remember, so people make them shorter in order to keep them memorable. But when it comes to password security, length is more important than complexity. According to InfoSec Institute, a 16-character password made up of just numbers is just as difficult to crack as an eight-character password that uses any possible characters, even though the former uses a character set of 10 (0–9) and the latter uses a set of 94.

 

  • Like 1
Link to comment
Share on other sites

Gibson Research offers a online test for your passwords. Type in something, your passwords or something close to them and check to see just how long it will take to be cracked:

Gibson Research Corporation: https://www.grc.com/haystack.htm

u@4azE2s : From professional hackers to Nation states - 1.12 min. to 18.64 hours

A long passphrase is more memorable and takes longer to crack than a complicated password.

World of Tanks: A game I like and could remember easily. A Nation state with lots of PC power - 3.31 thousand centuries to guess until it found it.

  • Like 1
Link to comment
Share on other sites

  • 1 month later...
  • 1 month later...

Google releases Chrome extension to check for leaked usernames and passwords

https://www.zdnet.com/article/google-releases-chrome-extension-to-check-for-leaked-usernames-and-passwords/

Quote

 

Today, on Safer Internet Day, Google has released a new Chrome extension named "Password Checkup" that checks if usernames and password combinations entered in login forms have been leaked online during past data breaches and security incidents.
 
The extension works every time users log into an online service. The extension takes the username and password entered in the login form and checks them against a database of over four billion credentials that Google engineers have collected from public breaches in the past few years.
 
If the username and password combo are found in Google's internal database of unsafe credentials, the extension will show a popup alerting the user that he needs to change the credentials.

 

 

Link to comment
Share on other sites

  • 2 months later...

Millions of people still use 123456 as their password

https://www.techspot.com/news/79747-millions-people-use-123456-their-password.html

Quote

 

Facepalm: In today’s digital age where most consumers know their modems from their motherboards, one might imagine that the quality of people’s passwords has improved. But a recent study shows that isn’t the case, with terrible, easy-to-guess passwords still being used by millions.
 
The report by the UK's National Cyber Security Centre (NCSC) analyzed passwords found in public databases of breached accounts to find out popular words, phrases, and strings. It appears that the worst password of 2018—123456—remains the most popular, appearing in more than 23 million passwords.
 
The second-most popular string was the equally bad 123456789, while the other top five entries include "qwerty," "password," and 1111111.

 

 

 

 

  • Like 1
Link to comment
Share on other sites

  • 1 year later...

Hi LSW, I posted the below as a new thread when I found nothing under "password managers" before thinking to look for more general "security" labelled topics. Any feedback would be helpful and I know you've covered some of this above already. Really I'm wondering about which ones (pw managers) and why in comparison to others. Thanks in advance :)

Jim.

PS: re the below, on 2nd thoughts the password issue is actually far more unwieldy at home than at work.

 

Few things wind me up in this life quicker than technology not behaving as expected, just ask the printer, but the worst culprit is passwords!! Last Friday had to be written off because I got so wound up having just changed a password and later trying to log in via another browser...but enough of that and to the point.

What's the professional opinion here on password managers such as lastpass, 1password, dashlane etc? I've always been suspicious of the very idea but if i'm getting involved in the world of web design I can see the password issue becoming as unwieldy as it is at work sometimes. 

So are password managers a good thing, a bad thing, an essential thing in this industry, a necessary evil? And if they are required some recommendations based on personal experience would be appreciated. Thanks. 

Now back to Curtis and the Impressions to keep the sunny Monday chilled vibe going 😎

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...