Friday, August 30, 2013

Long passwords don’t offer “safe option”

A popular password-cracking app called “Hashcat” has upgraded it’s password characters to 55.  This app can actually crack a long password more quickly than a shorter one.
When passwords are made longer than the normal 8-11 characters, people start to make sentences out of them.
In 2011, Graham Cluely stated,  the best passwords are in a sentence.  Today, a password with 15 characters or longer are usually a combination of words or phrases because it’s hard to remember them.  Having a long password with only random numbers and special character such as T&7j#15!pDr8q is much harder to remember or even type than a simple MyN3wP@ssW0rd or Hamilton1.
Hackers are very quick at catching onto these passwords.no-password
“I’ve been saying for a long time that while passphrases can offer better protection against password cracking than a simple password, it’s easy to over-estimate the usefulness of that measure,” says ESET Senior Research Fellow David Harley.
It’s just like when an online dictionary can guess what word you are wanting to find even after you misspelled the word when typing it in.  Fuzzy matching algorithms are able to catch simple-to-fairly-complex variations exactly the same way.
Hackers use  “A Dictionary Attack” to crack passwords.  So if you have a common word as a password,  a dictionary is ran to scan and seek out those words, enabling hackers to crack your password much more easily.

A Solution

KeyPass, LastPass, and 1Password are all secure websites created for you to store all your passwords into one place.  All you have to do is remember 1 password.
A good technique  to use when creating a password is to make up a sentence and use the first letter of each word for your password.  You can alter certain letters into characters or numbers for variation.  Here is an example of how to create a password from a sentence.

password-security
Three key notes to remember:
  1. Never use a dictionary word
  2. Create a different password for each website
  3. Keep an antivirus up to date

References:
Long passwords don’t offer “safe option” as cracker app upgrades – WeLiveSecurity
http://www.welivesecurity.com/2013/08/27/even-long-passwords-can-be-cracked-quickly-as-hashcat-app-upgrades/
August 27, 2013

No comments:

Post a Comment