Password Security 101
Use Strong Passwords
Password Cracking and Computer Security
In general, the strongest passwords are sufficiently long, randomly generated and contain no words in any language. Most others are weak because of the cracking methods programmed into password cracking tools. The three main methods used are:
- weak password attack
- Common password weaknesses are exploited, such as blank passwords, the word password, the users' lognames or any other information the cracker may know about the user.
- dictionary attack
- Word lists from various sources, including foreign language and slang, are encrypted and compared to the encrypted password.
- brute-force attack
- Every possible character combination is encrypted and compared to the encrypted password until a match is found.
Memorable password selection using a scheme the crackers haven't already thought of is hard. Their tools nearly always start with the most basic approach: the dictionary attack. After a few seconds of comparing encrypted variants of every word in the dictionary, combinations are tried. You jam two words together, say "dogskirt"? Not good enough; this one is trivial. You include a number, say "dogskirt2"? That one will keep the cracker busy a bit longer, but again, not long enough. Spell it backwards? Nope, still trivial. Foreign word? Wrong again!
When all else fails, cracking software will resort to brute-force methods and sufficient password length becomes critical. Given enough time, your password will be cracked. This is best you can hope for!
Most people would be surprised to learn that their password had been cracked. Yet many large site administrators crack several passwords per day while performing routine security audits. If the good guys can discover your password -- and they will tell you to change it, of course -- think about what the bad guys might have discovered!
Always use strong passwords and change them often!
Link To This Page
Knowledge is power. The Bitmill Inc. encourages links to our site. To link to this page, please cut and paste the following HTML code into your web page source file.
<a href="http://www.thebitmill.com/articles/password_whystrong.html">Use Strong Passwords</a>
Your link will look like this:
Use Strong Passwords
Thank you for your interest and support.
