make strong passwords
10-28-2006, 06:53 PM
You should use a strong password (mixed letters, symbols, numbers) based on a word that cannot be found in a dictionary. Doing so prevents what Invision Board calls "cracking". Apparently there are people roaming around who think it's a hoot to break into message boards and be obnoxious. More important for moderators/administrators than members, but still.....a word to the wise. If you have a very simple password, make it a little more complicated.
Read on, if you want to know what makes a password vulnerable, and how alt characters can make your password nearly uncrackable.
Probably the most conventional way to crack a password in which the list of words found in a dictionary are used to try every possible single word. There are many different dictionary lists available besides the typical language specific such as the lists of names, slangs, acronyms, abbreviations, contractions and many other different forms of language use. Some new attacks also include 2-3 digits and/or other character combination added to the beginning or the end of every word attempted for every list. The other, a bit slower process is the use of case changing of each letter in all available dictionary lists in every possible position and combination for each word. For any of the above, a system with approximately 3 GHz processor and 512MB of RAM, can breeze through all attempts in no more than a few minutes to few hours. Upshot: Don't use words that can be found in a dictionary and think you are safe just because you added a number & a few characters.
To see a chart on how long various computer systems take to break down passwords, see this chart: <URL url="http://www.lockdown.co.uk/?pg=combi&s=articles">http://www.lockdown.co.uk/?pg=combi&s=articles
It will become clear quite quickly that having a longer password with more fields is the best way to go.
Password cracking programs allow for group character selection to minimize on processing time. Usually they are:
* 0123456789
* abcdefghijklmnopqrstuvwxyz
* ABCDEFGHIJKLMNOPQRSTUVWXYZ
* !@#$%^&*()-_+=
* ~ []{}|\ ;:<>,.?/
Choosing a password that includes at least one character from each of the five groups will keep a brute force attacking program guessing for a long time. Try coming up with your own words such as those that have never been spoken by anyone and certainly are not found in a dictionary. The above list is also made of characters that can be typed on a standard keyboard but there are many other ones found in windows character map which could be preset to be typed by a combination of keys.
While the above is good advise,<COLOR color="crimson"> adding alt-characters to your passwords makes it impossible to crack with todays current password cracking tools</COLOR>, here is a table that lists them all:
<IMG content="http://img145.imageshack.us/img145/5523/alttablevk1.gif">
<URL url="http://www.combobulate.com/node/25">http://www.combobulate.com/node/25
If you'd like to generate a password for yourself on occasion, you can use the customizable generator found here: <URL url="http://www.winguides.com/security/password.php">http://www.winguides.com/security/password.php
Read on, if you want to know what makes a password vulnerable, and how alt characters can make your password nearly uncrackable.
Probably the most conventional way to crack a password in which the list of words found in a dictionary are used to try every possible single word. There are many different dictionary lists available besides the typical language specific such as the lists of names, slangs, acronyms, abbreviations, contractions and many other different forms of language use. Some new attacks also include 2-3 digits and/or other character combination added to the beginning or the end of every word attempted for every list. The other, a bit slower process is the use of case changing of each letter in all available dictionary lists in every possible position and combination for each word. For any of the above, a system with approximately 3 GHz processor and 512MB of RAM, can breeze through all attempts in no more than a few minutes to few hours. Upshot: Don't use words that can be found in a dictionary and think you are safe just because you added a number & a few characters.
To see a chart on how long various computer systems take to break down passwords, see this chart: <URL url="http://www.lockdown.co.uk/?pg=combi&s=articles">http://www.lockdown.co.uk/?pg=combi&s=articles
It will become clear quite quickly that having a longer password with more fields is the best way to go.
Password cracking programs allow for group character selection to minimize on processing time. Usually they are:
* 0123456789
* abcdefghijklmnopqrstuvwxyz
* ABCDEFGHIJKLMNOPQRSTUVWXYZ
* !@#$%^&*()-_+=
* ~ []{}|\ ;:<>,.?/
Choosing a password that includes at least one character from each of the five groups will keep a brute force attacking program guessing for a long time. Try coming up with your own words such as those that have never been spoken by anyone and certainly are not found in a dictionary. The above list is also made of characters that can be typed on a standard keyboard but there are many other ones found in windows character map which could be preset to be typed by a combination of keys.
While the above is good advise,<COLOR color="crimson"> adding alt-characters to your passwords makes it impossible to crack with todays current password cracking tools</COLOR>, here is a table that lists them all:
<IMG content="http://img145.imageshack.us/img145/5523/alttablevk1.gif">
<URL url="http://www.combobulate.com/node/25">http://www.combobulate.com/node/25
If you'd like to generate a password for yourself on occasion, you can use the customizable generator found here: <URL url="http://www.winguides.com/security/password.php">http://www.winguides.com/security/password.php
...See our banners in the ZionFire gallery
10-28-2006, 08:10 PM
Excellent advice, Helena! Never thought of using alt-characters!
You can also check your password on this <URL url="http://www.securitystats.com/tools/password.php">site
You can also check your password on this <URL url="http://www.securitystats.com/tools/password.php">site
10-28-2006, 09:21 PM
Add and alt character is such a simple solution too. I hope everyone considers it.
There is so much identity theft and information theft out there...it's not just about people messing up message boards, but it really could mess up your life if people figure out your passwords to financial information.
My hope is to help raise some awareness that there are predators in cyberspace and just like we don't secure our homes by duct-taping the doors, we shouldn't be cavalier about the locks we put on our private information and think no one will pay attention.
There is so much identity theft and information theft out there...it's not just about people messing up message boards, but it really could mess up your life if people figure out your passwords to financial information.
My hope is to help raise some awareness that there are predators in cyberspace and just like we don't secure our homes by duct-taping the doors, we shouldn't be cavalier about the locks we put on our private information and think no one will pay attention.
...See our banners in the ZionFire gallery
« Next Oldest | Next Newest »
Users browsing this thread: 2 Guest(s)
Powered By MyBB - Hosted by Tierra Hosting