The Bitmill Inc.

Password Security 101
Use Strong Passwords

Password Cracking and Computer Security

In general, the strongest passwords are sufficiently long, randomly generated and contain no words in any language. Most others are weak because of the cracking methods programmed into password cracking tools. The three main methods used are:

weak password attack
Common password weaknesses are exploited, such as blank passwords, the word password, the users' lognames or any other information the cracker may know about the user.
dictionary attack
Word lists from various sources, including foreign language and slang, are encrypted and compared to the encrypted password.
brute-force attack
Every possible character combination is encrypted and compared to the encrypted password until a match is found.

Memorable password selection using a scheme the crackers haven't already thought of is hard. Their tools nearly always start with the most basic approach: the dictionary attack. After a few seconds of comparing encrypted variants of every word in the dictionary, combinations are tried. You jam two words together, say "dogskirt"? Not good enough; this one is trivial. You include a number, say "dogskirt2"? That one will keep the cracker busy a bit longer, but again, not long enough. Spell it backwards? Nope, still trivial. Foreign word? Wrong again!

When all else fails, cracking software will resort to brute-force methods and sufficient password length becomes critical. Given enough time, your password will be cracked. This is best you can hope for!

Most people would be surprised to learn that their password had been cracked. Yet many large site administrators crack several passwords per day while performing routine security audits. If the good guys can discover your password -- and they will tell you to change it, of course -- think about what the bad guys might have discovered!

Always use strong passwords and change them often!

Free Random Password Generator
Password Tips
Use Strong Passwords
Longer Passwords Enhance Computer Security
How Passwords are Stored
Use Different Passwords
Passwords in Email
Two Factor Authentication
NT Password Length -- The LM Hash Factor

Link to this page

Knowledge is power. The Bitmill Inc. encourages links to our site. While your links to our site are much appreciated, please note that reciprocal links will be considered subject to relevance and quality. To link to this page, please cut and paste the following HTML code into your web page source file.

<a href="http://www.thebitmill.com/articles/password_whystrong.html">The Bitmill&#174; Inc. -- Use Strong Passwords</a>

Thank you for your interest and support.

Home | Site Map | Products | Services | Resources | Articles | Privacy Policy | Legal | Contact

© 2003-2006 The Bitmill Inc.
All Rights Reserved.

Valid XHTML 1.0! Valid CSS!