Why are the passwords significant?
We use passwords every day to access our e-mail accounts, bank accounts,
Facebook and
Twitter accounts and hundreds of other services. There is great temptation to use one password for all accounts and to make it short and easy to remember. However, this has devastating effect on our security and privacy. If you think that you have nothing to hide, think again. In most cases the passwords are cracked not from mere curiosity but with malicious purposes – to use your computer as spam bot, to steal some of your money, to infect your computer with computer viruses and spyware and so on.
What makes a password weak and easy to crack? In most cases the attacker does not try to guess your password manually. Instead, he uses an automated computer program that tries many passwords in very fast succession in order to find a match. Here are some examples of weak passwords:
- Generic passwords and default passwords. Examples: admin, administrator, user, guest, pass, password, etc. These are the first passwords that are tried by the password cracking software.
- Meaningful words or names. Examples: sandbox, NY, lion, john, mary, USA, etc. Easily cracked by the dictionary-assisted cracking tools.
- Words or names with added numbers. Examples: john123, pass123, 123456, number1, etc. Easily cracked by the automated cracking tools.
- Personal names, birth dates or similar information. These are used a lot as passwords and are very easily cracked. For example, if the password is a birthday, there are only hundreds or few thousands (if the year is included) possible combination’s, which is very weak for a password.
As you can see, all easy passwords are not safe. But how to choose safe passwords? The most important thing is to avoid using the same password for different computers or services. If you follow this rule, even if one of your passwords is cracked or otherwise compromised, the other passwords will be safe. The above rule will not do you much good if all your passwords are weak and easy to guess. It is hard to come up with hundreds completely different and strong passwords and it is even harder to remember them.
What makes a password strong?
Basically, the password strength depends on the number of possible combination’s, which must be tried in order to guess (or crack) the password. For example, the standard 4-digit PIN codes are weak passwords, because there are only 10000 possible combination’s. This is not a big problem for ATM machines because the PIN code is useless without the card and most ATM machines block when the password does not match more than 2-3 times. However, in many other cases it is possible to use automated password cracking tools, which can try thousands or even millions passwords per second, so any weak password will be cracked in a matter of seconds or minutes.
The number of possible combination’s depends of the symbols, which are used in the password and the password length.
How to generate strong random passwords?
The difference between the level of security provided by weak and strong passwords is huge. The question remains: how to create random strong passwords? Lets look at the alternatives.
- Choosing “randomly” letters and numbers. It appears random but only at first sight. Numerous research studies have proven that humans are not very good at random picks – they always try to spread the things too evenly, which is not random behavior.
- “Random” typing on the keyboard with closed eyes. This is slightly better than random choosing but still nowhere random enough.
- Online random password generators. Much better than the previous two alternatives but have 2 major drawbacks. The first is the possibility that the generated password may be saved on the website with malicious purposes or someone may eavesdrop on your connection and intercept the generated passwords. The second major problem is the quality of the random number generators, which very often is not up to the task. Many of them are naively implemented and provide a lot fewer combination’s than theoretically possible (no more that tens or hundreds of millions, which is not strong password by any means).
- Specialized random password generator programs. The best option as long as they are implemented properly and come from trusted source.
I think now you know about the need of creating secure passwords.. 🙂
Leave a Reply
Want to join the discussion?Feel free to contribute!