Monday, 18 May 2015 00:00

Password Security

Rate this item
(0 votes)

b2ap3_thumbnail_PASSWORD1.jpgIf you're concerned with security, passwords should be a big section of your To Do list. Whether it’s a hacker gaining access to your WiFi network, your protected work files, or your email, using a secure password is important. When you’re considering WiFi passwords, opting for WPA2 veruses WEP is a good move. But using WPA2 without using a secure password isn't enough. If a dedicated hacker is determined to access your WiFi, WPA2 is vulnerable to what is called a "dictionary attack". What this means is that using words found in a dictionary, a program tries each word that fits the length of your password. A sophisticated dictionary attack will also combine words. Using words that aren't found in a dictionary, as well as using numbers or special characters, will increase the possible passwords, making it feasibly impossible for a program to break your password. This also holds true for passwords for anything you use - like email or protected accounts.

Secure passwords do not have to be hard to remember, and simply replacing letters with symbols or numbers isn't always enough: @ instead of a, 3 instead of E, ! instead if i, etc. These substitutions are commonly made, and many password cracking programs are designed to incorporate this. When you're thinking about passwords, longer is better. The recommended minimum for a secure password is 10 characters, but that is certainly not a limit. Your particular router should tell you if there is a maximum number of characters your password should be. If you're trying to protect your password from people who know you, not just password cracking programs, it is also a good idea not to use names and dates that are important to you. Birthdates, anniversaries, pet names, etc, are all likely passwords, and easily guessed. Add numbers or special characters in the middle of your password, as opposed to the end.

Understanding What Makes A Password Secure

Consider these passwords:

[email protected]

vs

complicatedhardtohackpassword

vs

[email protected]

Which do you think would be most secure? The first password ([email protected]) would take about 3 hours or less to crack. Hopefully, you knew that would be the weakest password of the three. While it utilizes special characters and numbers, they are used to replace letters based on visual similarities between the number/character and the letter it replaces. It just barely passes the minimum requirement of 8 characters that most passwords are subject to.

But of the remaining two passwords, which would be harder to crack? The second password (complicatedhardtohackpassword) has no special characters or numbers and no capital letters, while the third password contains both capital letters as well as special characters and numbers.

Despite the second password's lack of entropy (lack of order or predictability), which has always been thought to be the basis of secure passwords, it would be 26.71 x 106 times harder to crack than the third password - that translates into 26 billion times harder to crack. If you add capital letters (ComplicatedHardToHackPassword), it becomes 13.9 x 1015 (13.9 quadrillion) times harder to crack. If you change it further - [email protected][email protected]$$w0rd - it becomes exponentially harder to crack: 53.9 x 1022 (5.39 septillion) times harder, in fact.

Rather than creating a password that utilizes entropy and is hard to make sense of, even when you see it written down, make a password that is easier for you to remember (so you don't NEED to write it down) but is infinitely more secure than the passwords you've used previously. Don’t leave out the numbers, capital letters, and special characters, but use them in a way that makes sense to you. Here are a few recommendations for creating hard to break passwords that you will be able to remember:

  • Use 10 or more characters

  • Use more than one word to create a password

  • Utilize capital letters, symbols and numbers in unique ways

    • try capitalizing letters other than the first letter of a word

    • place numbers in the between words or in the middle of a word

    • don’t use symbols or numbers to replace all of a specific letter

  • Make small changes to important names, events, or dates that make your password hard to guess

Let’s practice:

Your name is John Doe. Your wife is Jane, and your daughter is Jenny. You have a dog named Max. You live at 123 Some Street. Your favorite sports team is the Giants. Your favorite color is green. Once upon a time, you had a cat named Oliver - way back in college before you knew your wife … well, it wasn’t even your cat, it was your girlfriend’s cat, but you’ll never forget that fur ball. You really like number 17, because your favorite baseball player of all time wore that number, even though you don’t really watch baseball anymore.

Ok, so let’s make a password.

b2ap3_thumbnail_password1_20141201-194214_1.jpg

Compared to [email protected], this password ([email protected]) would be 9 thousand times (9 x 103) harder to crack. It is 19 characters long with 6 numbers and 2 symbols.

b2ap3_thumbnail_password2.jpg

Compared to [email protected], this password (Oliv3rD0g17Giants!123) would be 80 million times (8 x 107) harder to crack. It is 21 characters long with 7 numbers and 1 symbol.

How These Passwords Test "In The Real World"

No matter what I tell you, your password's performance in the real world is the important factor. I tested four of the passwords ([email protected] [email protected][email protected]$$w0rd [email protected] Oliv3rD0g17Giants!123) on a couple of online tests or meters. Since I am not using these passwords for my own accounts, I have no problem plugging them into a questionable website for our testing benefit. First, I checked Microsoft's Saftey and Security Center. All the passwords were rated "Best". I found another test, that had a variety of standards it graded on, giving extra points for exceeding "minimum standards".

[email protected] Scored 135

[email protected] Scored 168

Oliv3rD0g17Giants!123 Scored 178

[email protected][email protected]$$w0rd Scored 249

[email protected][email protected]$$w0rd scored 48 more points than the lowest score simply for the number of characters. Even without the score for the length, the four passwords score in the same ranking (just with lower numbers). Length definitely gives your password more security, but it's not everything. Be creative and create passwords that you will be able to remember (without using a password manager!) but are secure enough even your mother wouldn’t be able to guess them.



Locked Out

Sometimes, you create a password so good that even you can't crack it. If this happens, and you no longer have access to your computer or files, give us a call. Before you reformat that computer, let us save your data. We havecustomer service representatives standing by 24/7 to answer any questions you might have and get your data recovery case started today.

 Lock Graphic Designed by Freepik
Last modified on Monday, 18 May 2015 17:45
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.