None Shall Pass: Prevent Hackers with Strong Passwords
February 17, 2010 by admin · Leave a Comment
Fans of the popular Monty Python film, Monty Python & the Holy Grail
For those who may not be familiar, consider picking this up from your local video rental. You’ll find a brief overview of the scene I’m referring to here.
Wouldn’t it be nice to know you had the Black Knight, (or his digital-password equivalent) protecting your website?
The Dreaded Dictionary Attack
Today, even modest computer users can easily have as many as a dozen passwords to remember, and it can be difficult to manage. Despite this, resist the urge to use the same password for all of your accounts. Similarly, avoid using a word that would be especially simple to remember. Among the most common words used, according to the experts in Inc. Magazine, are “password and “password1.” Still others use a common date.
Unfortunately, these types of passwords are simply no match for a dictionary attack. Automated password-cracking tools can check more than a million password variations in 28 hours — imagine how quickly they could breach your website when you don’t fortify the gates properly.
None Shall Pass!
Passwords composed of random strings of upper and lower case letters, numbers and punctuation can usually withstand an attack, but they are hard to remember. Consider keeping a list of your passwords in a secure place (not next to the computer!), so that you can refer to them when needed.
Additional strategies that will help you create difficult-to-break passwords that are easy to remember include:
- Two words connected by a number can withstand many attacks.
- Take the first letter of each word in a phrase and add a number or symbol and a capital letter. or “Mary had a little lamb”: Mhall#72.
- Try strengthening an abbreviation by swapping a symbol or a number for each a or e in the abbreviation. “salesman” becomes “$@lesm@n.”
Follow these tips, and your adversaries will quickly move on for more vulnerable opponents.
