Monday, 7 November 2011

Password Safety,General (but important) Tips


1Create Strong Passwords

Ideally, passwords should be over 8 characters long. They should use a combination of lower case letters, upper case letters, numbers, and symbols. The more random the password, the harder it is to crack. More on this shortly.
Weak Password: johndoe
Much stronger: J0hn*Do3

2Update Your Password Often

The more often you update your passwords, the less likely that you'll be to fall victim to hacking.

3Never Use Common Passwords

Your partner's name, child's name, pet's name, sports team, last four digits of your social security number, city, college, date of birth, or common words/combinations like "god", "love", "password", "1234", or "qwerty" are all the first thing a hacker will guess.

4Use Different Password for Different Websites

If you use the same password for your online banking as for your sports chat forum, you are opening yourself up to an attack. Hackers will never target websites with strong security systems like your bank. Instead they will aim for smaller sites like forums or e-commerce sites. If they can attain those passwords, the chances of them having your banking password suddenly skyrockets.
You may be saying, "but how would they get me forum password?". A simple "brute force" attack in which a server is bombarded with thousands of possible passwords for your account are very common. To a hacker it is as simple as telling a program to do it in the background while he watches TV. And these programs are very common, easily downloadable from a number of websites.
You may be saying, "But how do they know what my username is on these websites?". Finding your login ID on these sites is generally as easy as going through your cookies or web browser's cache. Most insecure website will routinely leave this information unencrypted. And if you've ever used a public computer, you're essentially handing that information over, as if it wasn't easy enough to get!
So do yourself a favor and use different passwords for different websites. Clear your cache and cookies often, and be very prudent when using public computers.

Password Cracking Explained

There are a number of ways in which a hacker can get your passwords. The most common is a "brute force attack", in which a hacker simply slams a website with thousands of possible passwords for an account until one is accepted.
In a brute force hacking attack, three simple character changes is the difference between 2.23 hours and 2.21 years to crack your password. For a standard 7 letter password with just lower case letters, there are 8,031,810,176 possible combinations. That may seem like a lot, yet it would only take 2.23 hours to crack such a password using password cracking programs easily available over the web. Adding just 1 number, 1 upper case letter, and 1 symbol results in the password taking 2.21 years to crack.

Frequently Asked Questions

helpHow can I test my password strength?

We recommend using a utility such as Microsoft's Password Strength Checked. If your password doesn't register as "Strong" or "Best", change it right away!.

helpWhich passwords should I update?

All of your passwords! The password you use for less important sites like forums or e-commerce sites are just as important as the passwords you use for your online banking or your website's FTP.

helpHow often should I update my passwords?

The more often you update it the better, but being realistic, we would recommend updating your passwords at the very least every 2-3 months.

helpWhat else can I do?

Never type your password into any website that you don't know. This includes websites designed to create encrypted hashes of your passwords: many hackers create their dictionary of brute force attack options using these websites, and while they may appear useful on the surface, they most certainly are not.

helpBut this won't happen to me, right?

It could and does happen to people like you all the time. On February 18th, the Washington Post reported that over 75,000 systems were hacked in 1 day. This included 2,500 companies in the USA. Hackers don't discriminate: whether you're a small or big company, they will do whatever it takes to make life difficult on you. No one is immune: Google (article), Twitter (article), and Baidu (article) have all been successfully attacked.

 


 


No comments:

Post a Comment