Passwords - pws

P@$$W0RD$

Email addresses, messengers, network logins: they're all protected with passwords, but the fact that we have a password isn't enough to protect. It's the 'kind' of passwords that we choose which actually decides how protected our systems are.

Here are the don'ts that you should keep in mind while creating a password:

Don't use names of people, places, pets etc. These are the most obvious choices and are the first options someone will check to find a match and it often works. Also, don't use your phone number, birth date or any other obvious personal detail as your password.

Don't use a word from the dictionary. The most common password cracking method is the 'dictionary attack' and involves trying the words from dictionaries, not only the English dictionary but from many other languages too, to see if any word is accepted as the password.

Don't use a combination of words either. If, when cracking a password, words direct from the dictionary don't yield a results then combinations and hybrids of words are used next.

Don't use popular names/titles/words/phrases from books/movies/songs.

Don't make a password that consists of either all numbers or all alphabets. Passwords that consist of a word followed by a number are also very easy to crack. Instead of this approach, you should try using both alphabets and numbers and alternating between the two. Additionally, try to use both upper and lower case characters and try to use as many characters as possible.

Here are some methods that you can try for making easy to remember but difficult to crack passwords:

Pick a phrase that you can remember easily. It can be some lyrics from a song, a movie tagline, an idiom, something off a bumper sticker...absolutely anything as long as you can remember it easily. Let's use 'Polly wants a cracker' as an example. Now pick a number you can remember easily, like your date of birth, say '25/05'. Interlace the first character of the phrase with the number. In our example, if you're alternating after one character, the password becomes 'p2w5a0c5' and '2pw50ac5' if you start with a number and alternate after two characters.

Pick a phrase and kick out some of the vowels. For instance, 'To kill a mockingbird' becomes 'tkllmockngbrd'. Now add some numbers. You can delete a character at the place where you insert the number, like 'tkl2mockn5brd'.

Use net lingo. Everyone uses stuff like GR8 and 2morrow in emails and chat messages. You can simply use them in your password. Strings like 'GR8ness' and 'L8R2day' may be used as they contain both numbers and alphabets and also use both upper and lower case characters. Better still, get creative and make some of your own!

Pick a word or a resulting phrase from any of the previous three methods. Now replace characters with substitutes like '@' or '$'. For example, 'password' becomes 'p@$$w0rd'. Or just add characters to a string (without the replacement). Taking 'popcorn' and adding different characters and numbers gives us 'p$Pc,r6n'.

Choosing a password using any of these methods will make your password safer but every password can be cracked...eventually. So change your password frequently (say at least once a month) and try not to use the same password for more than one account.



"We proposed some solutions to stop receiving unwanted messages. In the next 18 months, spam will no longer be a serious problem," Gates told a forum of Arab government representatives in the Egyptian capital.

Spam accounted for nearly two-thirds of all email traffic in December, a record high, US-British filter firm MessageLabs said earlier this month.

 

 

 

Comment/Reply (w/o sign-up)

It's all true about passwords, but it depends how much you care if somebody hacks your account or not. My passwords aren't usually complicated, but I've never yet had a problem. I might be just lucky of course, but unless you're running a huge project online I don't see that the chances of having a problem are very high. Maybe I'm just naive.

Comment/Reply (w/o sign-up)

The people who change their passwords every month are paranoid.

Unless they work in a security-integral environment, in which case it's justified.

But still, having a completely meaningless 13-character password that you change every month is just paranoid. >_> Plus, if you don't use the same password for a few accounts, eventually you'll end up forgetting them and having to write them down somewhere.

Which is even more dangerous, if someone gets ahold of it.

Comment/Reply (w/o sign-up)

Then of course, there are the 'password holders' that themselves have a single password. This has its ups and downs, if someone is trying to break in, all the passwords are random. And its a bit better than writing them down, because even if the attacker gets a hold of the password holder they have to break into it. If its designed well, that can take some time, giving the defender time to change and re-issue passwords.

Comment/Reply (w/o sign-up)

AS far as password are concerned ... have any of you played with jtr (john the ripper). A couple of years ago I used jtr to check the integrity of passwords my staff were using on their accounts. If jtr could rip them within 5-10 mins ... I would ask them to change to something else - with a few pointed guidlines of course ;-).

I don't know if jtr is still available, I still have an old version on my freebsd box. If so, run your passwords through it and see how you fare!

cheers

Comment/Reply (w/o sign-up)

well, these are all good, but i have something to ad: use something people would never expect: such as, if most people have somebody they like as their password, use somebody you hate! just my opinion, not like it really counts...

Comment/Reply (w/o sign-up)

I have always used large password e.g. 75m4g558a6h2p but i never tend to change them often its just to much trouble.

Its atualy suprising how many people dont use the guidlines that are said, most of the people in my college use names of pets and names of family.

Comment/Reply (w/o sign-up)

I typically use a leveling system for my passwords. For most sites where security is of little concern, I use a single password. This offers me the ease of being able to remember my password as well as provide a basic level of security (much like the air shield in SpaceBalls). Remember too that most websites/applications require a minimal amount of security, so this password is used in most cases.

My next level is a more complex password where I need a higher level of security. As the number of places that require this level dramatically decreases, the chances of someone being able to crack and use that password elsewhere is acceptably small. I consider this site to require this level of security.

Finally, for uber-important places that require top security, I have a random code-generated password that may be unique for a particular site. The complexity for this password ensures that the average hacker will have a fair amount of work ahead of him to obtain it, and it cannot be used on other sites. I'm sure you can guess which sites require these passwords.

So, now that I've laid out my security system, don't go get any ideas.

 

 

 

Comment/Reply (w/o sign-up)

it all depends on the system, who is running it and how secure i feel it will be. I have several passwords that i rotate around each account that are not very secure then i also have far more secure ones for important information and things i fear loseing. for instance Ebay account password etc is not a simple dictionary word.

Comment/Reply (w/o sign-up)

Te sad thing is you would think this would be common sense, but its not, another ting is how everything is sposed to have a diffrent password, but maybe if you are paranoid and can rememebr them all and what they goto, lol, the adverge american person has 4 diffrent password which i think is enough, thats all I use but and one is really stong, a have a couple of short, simple ones for things that 1 i don't care much for security of and 2 i want a short password because i use it all the time, ie my im client uses one of these but even still someone would have to know me pretty well to guess it and my forurth one is like in between for things that need a bit more protection.

Comment/Reply (w/o sign-up)