Coming up with a password is a compromise between security and convenience. Very complex passwords are highly secure but difficult to remember. To make them work, users end up in a constant loop of resetting forgotten passwords or relying on writing them down on sticky notes. Simpler passwords are easier for us to remember but all too easy for others to discern. Even if you think your pet's name is rare and choose SenorFluffypants as a password, that information would be easy for an adversary to find on, say, Facebook. Because passwords are annoying and tedious to keep track of, most of us resist changing our obvious passwords, many of which can be found in leaked databases. The top passwords of 2012 remain what they have been for years: password, 123456, and 12345678.
Passwords like those are especially easy to crack, says Peter Theobald of KLG Computer Forensics. "Anyone with a password that can be found in the dictionary, even if it's a minor variation followed by a number, gets found quickly," he says.
It's possible that one or more of your passwords has already been stolen (you can check PwnedList, an online database with more than 966 million compromised passwords on file), but even if it hasn't, relying on weak passwords is a fool's game. Once hackers get into an account, they immediately start searching for any linked or related accounts. Before long, a complete stranger could be wreaking havoc on your social reputation, credit rating, and finances. If you suspect that one of your online accounts has been hacked, immediately change the passwords on any other important account you have; hackers have programs designed to try the cracked password at other sites. Even if you've been smart enough to maintain separate passwords for different accounts, hackers will leverage access to your email to reset passwords for other sites. ("Forgot your password? Have a new one sent to your email account.") But when you do reset passwords, don't repeat mistakes of the past. There are ways to make passwords both secure and memorable.
The Bad Guys
Before we examine what good passwords look like, it helps to know your adversary. Using a PC with inexpensive multicore graphics processing units (GPUs), a hacker can try about 8 billion password combinations in a second?thousands of times faster than just a few years ago, when the processing depended on just the CPU. Because they're designed for parallel computing, GPUs are much better at the large-scale mathematical operations needed for cracking passwords. Powerful password-cracking software is available for free, and hackers also have access to growing shared lists of millions of actual user passwords.
By analyzing these lists, professional password crackers know that when forced to pick a password with a mix of upper- and lowercase letters, a number, and a special character, users tend to choose a familiar word or a dictionary word, capitalize the first letter, and add the number and special character at the end (such as Fido1*). The geekiest among us may replace vowels with numbers (leetspeak), such as F1d01, or shift our hands on the keyboard to mask the actual password. But hackers know this, and a simple algorithm is all they need to get past it.
Even passwords that combine more than one strategy are vulnerable. Take, for example, the password MyS3cr3t!. It meets typical security guidelines, and online password-strength meters would call it strong. With faster processing, and programming rules that add characters and punctuation to a word list, a hacker could crack that password in just 12 hours.
Don't Be an Idiot: Make a Bad Password Good
It's not all that hard to turn a mediocre password into a great one. All it takes is the addition of some strategically placed numbers and symbols?and a good base word or phrase in the first place (which means saying goodbye to pet names and favorite sayings). Below, we chart a password's journey from weak to strong, showing how long it would take for a commonly used algorithm to crack each version.
Password: Aquarius
Time to Crack: 9.08 Mintues
Password: Aquarius1
Time to Crack: 1.59 Days
Password: Aquar$ius1
Time to Crack: 19.24 Years
Password: Aqu57ar$iu3s
Time to Crack: 17,400,000 Years
ray charles cheney heart transplant weather san diego unitarian new black panther party lost in space elizabeth banks
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.