A Word About Passwords

 

It's a lot of work to change all your passwords.

If you are going to go through this exercise you might as well make sure the new passwords are strong enough for the world that is 2014. There was a day when your dog's name might have been an ok password. You might even get crafty and substitutes some characters as in d0gGy, there no one will ever guess that, pure genius.

If you password is a word or a w0rd with s0m3 numb3rs subst1tut3d 4 l3tt3rs - IT'S NO PASSWORD AT ALL.

If you make your password so complicated that only Star Trek's Commander Data can understand it, well that might not work either. And of course there are a bunch of password managers, software in various forms that offer to manage your passwords. This might work, provided you trust the folks guarding your passwords - and their program doesn't have an exploit. Not that the bad guys would specifically target programs that store passwords. If you did use a password manager and it was breached, wouldn't you be back in the same spot you are today? You are likely not reading this because you have nothing better to do, but if you are 'thanks for droppin' in'.

 

Make It Hard For Computers

Humans are one of the slowest animals on the planet. Anything we can catch with our bare hands we can't catch with our bare hands. Anything big enough to look at us as a menu option on the food chain can also out run us too. As far as raw computing power we're not the fastest either & we're getting slower all the time, relatively speaking that is.

So we can't outrun a lion and we can't beat a computer at a game of chess. But thankfully it turns out we're downright sneaky when we need to be! If we know enough about the character of the lion or the properties of the computer we can use that knowledge to our advantage. If we know this one simple thing, the longer a password is, the harder it is for a computer to crack we can trick the computer into wasting its time for trillions of years.

For the following example we are going to use the services of the Gibson Research Corporation, a really excellent resource for online security related issues. GRC has a password utility that nicely demonstrates, in real time, how long any password would last a computerized attack.


1st target password:password

password is a plain old word, pretty lame.

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=0.00217 seconds

 


 P@ssw0rd

P@ssw0rd now uses an uppercase, a symbol and a number. A good start.

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=1.12 minutes


P@33w0rd

Being sneak and changing the ss's to 33's did not do squat to thwart the computer.

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=1.12 minutes


P@33w0rd1

Notice how much time is added just by adding a single character?

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=1.77 hours


P@33w0rd11

Notice how much time is added just by adding a single character?

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=1.00 week


P@33w0rd111

Notice how much time is added just by adding a single character?

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=1.83 years


P@33w0rd1111

Notice how much time is added just by adding a single character?

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=1.74 centuries


Hopefully this little demonstration has stimulated your sneaky cells. You may be thinking, "What if i had a long password that was hard for the computer to crack but easy for me to remember"? We hope so, it will make the rest of the demonstration seem to just fall in line with your thinking.


My-password-is-easy-to-remember

Not all systems will let you use a password this long. This password might be hard for a computer but not for a human because they are sneaky too!

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=2.09 trillion trillion trillion centuries


My-f#$%@$ -password- is-easy- to-remember -Bi@#$@%^!

Adding 1 or 2 small bits to an easy to remember string will make it hard for the casual observer to remember it as easily as the previous option.

Massive Cracking Array Scenario (Assuming one hundred trillion guesses per second)=15.50 million trillion trillion trillion trillion trillion centuries

 

The problem with the last example is the hard to remember parts are hard to remember. But what if you could replace them with something that was really easy to remember, but only looked hard to remember? What if you could use something like ihtcampbothbb that looks like random data but is really encoded data?

BlockQuotePasswords

Using this method you can make a 'key' to add to your long phrase that makes it hard for the casual observer to remember. The key can be created out of an event in your past that is not going to be easily forgotten and is not necessarily common knowledge.

 

Related Articles

What You Need To Know About the Heartbleed bug in 30 Seconds

How Secure Is Your Small Business Network?

How To Flush Your Business Down The Tubes In A Few Minutes

 

 

What We Do?

Websites 4 Small Business, designs, builds and hosts websites. We specialize in small business websites.

When it's possible, practical and cost effective, we use Open Source off the shelf software to get your site up and running fast. Our philosophy is simple:

Why reinvent the 'technology wheel' at your expense?Cave Man creating wheel

Ok tell me more,...

 

Who We Do It For?

Hills & Valley Water Systems
Designs For Business
Trader Joe's Tractors
ST AUBIN's Carbon Cloth
Flying Eagle Services
Frame It Right GC
West End Business Network
Blue Sky Landscaping
Arduino Help
Joomla! 3 Help