Your passwords are the keys you use to access personal information – stored in your computer or your online accounts. It is not easy to break a password – there is no direct way to do this, however certain other methods do exist – if your password is weak (read on to find out more) – it can be recovered in a couple of minutes using an ordinary computer.Here are a few tips on choosing a strong password. As we proceed, I will explain clearly the difference between a strong password and a weak one. Or rather, how to classify them.
How to choose a strong password?:
A strong password is one which has a random string of characters. It should meet the following criteria.
1. Length – The rule of the thumb is – each character you add to your password increases the protection that it provides by many times over. An ideal password is 8 or more characters: 14 characters or more is recommended.
You can also use a ‘pass phrase’. Since many systems support the use of space bar in passwords (a space bar is equal to a *, it is counted as part of the password), you can create a phrase made of many words. For example:
Mypasswordcanneverbecompromised.
Such a password is easy to remember and very hard to recover.
2. Combine letters, numbers and symbols – The more variety of characters you have, the more secure is the password. Instead of your password being ladyluck, change it to l@dYlucK123. Use the entire keyboard, your password will be much stronger if you use all the symbols.
– A strong and easy to remember password in 4 steps –
1. Passphrase – Think of a sentence you can remember and if the password system accepts [spacebar] as a character – your password can be made very strong and very easy to remember.
2. Add complexity – Mix uppercase and lowercase letters and numbers. Letter swapping and misspellings are recommended. For example, if your password says, ‘My name is James Bond’, it can be also said as, ‘My nAMe iz J@me$ B0|\|D’ – which is a much better password than the former.
3. Add special characters – Like in the previous example, substituting @ for a, $ for S, increases the strength of a password.
4. Change your password regularly if it is simple. Doing so is a good practise.
Weak Passwords (Password strategies to avoid)
1. Avoid repeated characters – such as 123456, asdfg or adjacent letters on your keyboard.
2. Don’t use dictionary words (ever) – Using sophisticated tools (explained later) passwords that are based on words from the dictionary can be guessed/ broken in almost no time. This includes dictionary words spelled backwards, mis-spellings and substitutions.
3. Use more than one password everywhere - If you have multiple accounts, using a common password is not recommended. It is critical to use different passwords for different systems.
4. Don’t give out your passwords over e-mail or based on an e-mail request - Any e-mail that requests your password or requests you to go to a website to verify your password is almost certainly a fraud. Such a method is called as ‘phishing’
5. Do not type passwords on computers that you do not control – Computers such as those in Internet cafes, computer labs or airport lounges etc. are unsafe for any personal use other than anonymous Internet browsing. Do not use the computers at such places to check emails, bank balances, business mail or any other account that requires a username and password. Chances are – keyloggers are installed and your password will be recorded.
6. Do not use other information easily that can be easily guessed. This includes pet names, license plate numbers, telephone numbers, identification numbers, birthdate etc. If you have multiple passwords, you can store them in a ‘password safe’. Some safes worth checking out are:
(KeePass is highly recommended)
KeePass – keepass.sourceforge.net {Open source password safe}
How can passwords be broken?
Many password recovery tools are out there. They use a technique called a brute force attack. To understand this, let me give you an example.
I had a debate with my friend – I challenged him that I can get the password to his Microsoft Word (.doc) file. [To add a password to a Word file, go to Tools>Options>Security] He said it was impossible since it was clearly mentioned that passwords once lost can never recovered (Word says this).
Using a dictionary brute force, I got his password in 15 minutes on my Pentium 4 machine. Simple. Why? Why was I able to recover his password when Word clearly says that password can never be recovered?
His password was ‘ladyluck’. I used a password recovery software (freely available on the Internet) and recovered his password within seconds.
But had his password been something like, ‘920394290asdas23@#@#’ it would have taken years (possibly millions of years) to get the password. That is why the emphasis on the length and complexity – brute force attack time is directly proportional to the length.
A network of computers (a farm as it is called) can be used for brute forcing. Such an attack, can typically recover a password that would take decades on your computer to break, in a few minutes. However, you are out of this!
Stay secure!
Great stuff here man!
Really informative