Author Topic: Cracking passwords  (Read 1632 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 11958
Cracking passwords
« on: Tuesday, 21 January, 2014 @ 03:11:46 »
Quote
UK cyber-security chief: 'the password abc123 is better than nothing'
Overcomplicating cybersecurity advice risks scaring the people who most need help away, says the head of a government-supported online safety organisation

Public safety isn't helped by being absolutist about password strength, the head of the Government's Get Safe Online has warned.

Although strong passwords are better than weak ones, Tony Neate argues it is just as important to impress upon the public that any password is better than none - even if it's as simple as abc123.
http://www.theguardian.com/technology/2014/jan/20/uk-cyber-security-chief-the-password-abc123-is-better-than-nothing


Results for abc123 from four reputable password checkers:


Microsoft


GetSafeOnline


Intel


GRC


Not a great idea to enter your actual password but maybe enter something similar in the password checkers above.

If you need passwords that are more secure there's various free online password generators available online, such as:

Norton Password Generator

GRC's Ultra High Security Password Generator


Once you've chosen passwords for all the sites you use you need a way to remember them, i.e. a Password Manager.  For most people the password manager in your browser is probably easiest to use and may be sufficient; info for Internet Explorer / Firefox / Chrome.

If you want something more secure there are various free and commercial products such as LastPass / Dashlane / Roboform / KeePass. If you use Firefox on Windows, Keefox (inc. KeePass) works very well but requires a little time to figure it out and configure it.


Your Clever Password Tricks Aren't Protecting You from Today's Hackers


Quote
So consider the following two passwords:  ngdh$82K and 3333333333333333333. Which of these two passwords will be cracked last? The answer is the longer one, despite the fact that it has almost no entropy.
https://xato.net/passwords/the-worst-password-tips/

Quote
Which of the following two passwords is stronger,
more secure, and more difficult to crack?

D0g.....................

PrXyc.N(n4k77#L!eVdAfp9

You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!
https://www.grc.com/haystack.htm

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 11958
Re: Cracking passwords
« Reply #1 on: Tuesday, 08 August, 2017 @ 20:14:06 »
Quote
Password guru who told the world to make them complicated admits: I got it completely wrong

It has become the bane of many office workers' existences: being forced to use complicated and difficult-to-remember passwords laden with random numbers and symbols.

But the man who originally came up with the rules on safe passwords has admitted that his guidance was totally wrong, 14 years after it was first published.

Bill Burr wrote what has become the "bible" on password security in 2003 while working for the US Government. It advised using capital letters, numbers and non-alphabetic symbols in passwords, in the belief that they would be more difficult to guess.

The original password guidelines from America's National Institute for Science and Technology written by Burr have recently been updated to do away with the old rules.

They now advise that people use long but easy-to-remember "passphrases", a sequence of words that do not need to feature special characters or numbers. Using “horsecarrotsaddlestable” would take one trillion years for a “botnet” cyber attack to crack, compared to one minute for “P@55w0rd”.
http://www.telegraph.co.uk/technology/2017/08/08/man-wrote-password-bible-admits-advice-completely-wrong/

Good advice at the time but things change, as others have figured out, e.g.
MargaretThatcherIs110%Sexy

Still best to use different passwords, oops, 'passphrases' for different sites.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 11958
Re: Cracking passwords
« Reply #2 on: Wednesday, 09 August, 2017 @ 13:48:34 »
Quote
If you find passwords a burden - simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.
https://www.grahamcluley.com/n3vr-m1d-password-rules-get-a-password-manager-to-generate-and-remember-your-passwords-instead/

But don't forget the master password!

Offline TonyKath

  • Global Moderator
  • Forum Deity
  • *****
  • Posts: 1527
Re: Cracking passwords
« Reply #3 on: Wednesday, 09 August, 2017 @ 23:14:14 »
An alternative I have never heard suggested is to use foreign alphabets if you are familiar with them and know how to bring up the appropriate keyboard on all the devices you are likely to use.  Or better a mixture of them and English to make the possibility of a brute force attack succeeding even more remote.  That way you can use relatively simple memorable phrases or more complicated if you mix the use of the two alphabets.  E.g. a well known phrase:

ΓοινγΓρεεκ

GoingΓρεεκ

ΓoιnγGρeεk

Even...

GoingΕλλενικός

No...none of these are my p/w here!!  I do use Greek plus a number on one site, though.

Tony




Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 11958
Re: Cracking passwords
« Reply #4 on: Monday, 21 August, 2017 @ 13:19:53 »
Going slightly off topic here but mixing alaphets has been used to spread fake news:

Quote
Kremlin supporters suspected to be behind fraudulent articles designed to look like they came from Le Soir and the Guardian

The people behind the fraudulent article built a website that looked similar to the original and made the domain name look plausible by replacing the i in Guardian with a Turkish ı.
https://www.theguardian.com/technology/2017/aug/18/experts-sound-alarm-over-news-websites-fake-news-twins

Offline TonyKath

  • Global Moderator
  • Forum Deity
  • *****
  • Posts: 1527
Re: Cracking passwords
« Reply #5 on: Wednesday, 23 August, 2017 @ 00:08:50 »
Er... Guardian with ı... not plausible, methinks.  Guardian with y, rr, dr - totally plausible!!

Tony


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 11958
Re: Cracking passwords
« Reply #6 on: Wednesday, 23 August, 2017 @ 01:14:47 »
Er... Guardian with ı... not plausible, methinks.

Well, the article was in, er, the Guardίan

(that's Guardίan with a Greek "ί")