Jump to content
Killersites Community
Sign in to follow this  
LSW

How Secure are our Passwords

Recommended Posts

I plan to add future posts to this as I come across anything worthwhile. As computers grow faster the ability to crack passwords improves. If you are still using 8 character passwords, it can be cracked in minutes. Add to that the eventual use of quantum computers by governments and one day maybe all of us... ANY password will be cracked in minutes. A computer can compare pre-listed common hashes at about 350 Billion a second.

Also stay away from dictionary words. There are two primary attack types:

  1. Brute force: The attacker will just run his computer through combinations (a, ab, abc, abc1, abc2, etc.), literally using brute force of computing power to try every possible comination and for a average computer 8 characters is childs play.
  2. Dictionary attack: This is running through common words and includes modifying them (horse, Horse, h0rse, H0rse, H0r$3, etc.). Again, a really easy way to attack.

So here are a few suggestions from me:

  • The longer the password, the better. You really should be using 12 characters at a minimum and I would suggest more like 14 - 18/20.
  • Use a password manager so you need not remember them all and can use randomly generated gibberish.
  • Move away from Passwords and use Passphrases. Lyrics, Poem lines, Quotes, etc. These can be complete with spaces and you need not have special characters or numbers. It would also be more easily remembered than "C9bgTkYhd9dr". You can type them without dealing with special characters that can be a pain on a mobile device and you have really long lengths.
  • Stay away from dates, those can be guessed like wedding date, kids birthdays etc.
  • Stay away from pets or their names, breeds, etc.
  • Stay away from children's information.
  • Stay away from favorite things like authors, bands, hobbies as these may be guessed as well.
  • Maybe use other uncommon languages, I have used Potawattomee, Tklinget, Gaelic. You need not even know the language, use a dictionary and see how your favorite animal is called in Gaelic "Winter Horse" in Gaelic will not be quickly broken, there are at least 4 forms of Gaelic, so I have to break not only what you like, but Irish, Scottish, Nova Scotian gaelic or Whales? And the name may include weird character groupings and special characters. If you remember what it was in English you can just look it up to remind yourself again.
  • Never ever repeat passwords for other sites. Make each unique.
  • Never give it out... to anyone.

Hope you decide to get more secure and get some ideas from what I post here in the future.

LSW

Share this post


Link to post
Share on other sites

The Real Rules for Strong Computer Passwords Go Against Everything You've Been Told

https://curiosity.com/topics/the-real-rules-for-strong-computer-passwords-go-against-everything-youve-been-told-curiosity

Quote

Everybody knows the rules to writing a password: you have to use upper and lowercase letters, a number or two, and preferably a symbol, if you want to be really secure. That rule came from a man named Bill Burr, and in 2017, he took it all back. That's not the way to make a secure password, he says. In fact, it's led most of us to make our passwords even easier to crack.

Unfortunately, in 2003, there wasn't much data on what made a strong password — he was left to rely on a white paper written in the '80s. "Much of what I did I now regret," Burr told the Wall Street Journal.

Here's the problem: Passwords written with numbers and symbols are hard to remember, so people make them shorter in order to keep them memorable. But when it comes to password security, length is more important than complexity. According to InfoSec Institute, a 16-character password made up of just numbers is just as difficult to crack as an eight-character password that uses any possible characters, even though the former uses a character set of 10 (0–9) and the latter uses a set of 94.

 

  • Like 1

Share this post


Link to post
Share on other sites

Gibson Research offers a online test for your passwords. Type in something, your passwords or something close to them and check to see just how long it will take to be cracked:

Gibson Research Corporation: https://www.grc.com/haystack.htm

u@4azE2s : From professional hackers to Nation states - 1.12 min. to 18.64 hours

A long passphrase is more memorable and takes longer to crack than a complicated password.

World of Tanks: A game I like and could remember easily. A Nation state with lots of PC power - 3.31 thousand centuries to guess until it found it.

  • Like 1

Share this post


Link to post
Share on other sites

Google releases Chrome extension to check for leaked usernames and passwords

https://www.zdnet.com/article/google-releases-chrome-extension-to-check-for-leaked-usernames-and-passwords/

Quote

 

Today, on Safer Internet Day, Google has released a new Chrome extension named "Password Checkup" that checks if usernames and password combinations entered in login forms have been leaked online during past data breaches and security incidents.
 
The extension works every time users log into an online service. The extension takes the username and password entered in the login form and checks them against a database of over four billion credentials that Google engineers have collected from public breaches in the past few years.
 
If the username and password combo are found in Google's internal database of unsafe credentials, the extension will show a popup alerting the user that he needs to change the credentials.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×