Password Security Tips - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 03-30-2009, 03:29 PM   #1 (permalink)
Banned
 
Join Date: Feb 2009
Location: Guantanomo Bay, Cuba
Posts: 546
Default Password Security Tips

I figure I'd share a couple of things that I have learned about security from my work in the IT field.

First and foremost, the most obvious passwords are going to be the names and birthdays of your family. Do not use them. Ever.

Never use any sort of personal information.

Here's a rule of thumb, if the information exists on A) Your Driver's License B) Your Tax Form C) Your Criminal Record D) Any mail you receive DO NOT USE IT.

Most people use this stuff because it's easy to remember. However, it is just as easy to use a different mnemonic device. Choose a celebrity or historical figure. Use their whole name.

"AbrahamLincoln42" is an incredibly secure password and it's easy to remember (don't even think about it, that's not my password for anything). You have 3 different types of characters in this password (lower case, UPPER CASE, and ####)

Why is this important? Rainbow files and password crackers. The more types of characters you use, the harder it is to figure out what your password is. Think of it this way; if you use "alllowercase" as your password, there are only 26 characters to choose from. That is a 12 character password. So whats 26^12? I don't know. But that's how many possibilities there are for a 12 character password in all lower case.

If you use 0-9 as well, that means you now have 36^12 possibilities. Substantially more. This means that a Rainbow file (basically a file containing all possible passwords within certain parameters) would be exponentially larger.

Now, say you have Upper, lower, and ###. That is 62^12 possibilities for just a 12 digit password. That's a very high number. Most basic password crackers/Rainbow files will simply not have that kind of ability.

Now, the most secure passwords are considered to be 20 characters long today. That's incredible! However, consider how many possibilities that is:

Password with upper/lower/###
62^20 = 7.04423425547E+35 possibilities (a f*** ton!) compared to the original

vs

Password with just lower
26^12 = 9.5428956661682E+16 possibilities.

And really, length alone is one of the best ways to secure a password. In my experience, most crackers/rainbow files give up after about 8 to 12 characters. So even if you're password is "12121212121212121212", that is more secure than using your name or the name of someone related to you. Despite the simplicity of the above password, most automatic programs/files will simply give up, because that password is just as statistically likely as "iamagoatmadeofcheese". Even still, whatever password you have a better time remembering is the best.

A little bit of inside info on how passwords are stored: They are called "Hashes". Basically, your password, whatever it is, is broken down into numbers. Those numbers are fed through a formula to end up with one big huge number (usually stored in hexadecimal I think) - how is this safe? Because that formula doesn't work backwards. Take an algebraic problem. Once you solve the problem (which is equivalent to the password) you get a single number. That single number gives no hints about what made it. And only that one algebraic problem creates that number. Most of the time.

With the advent of HTTPS technology (and other things) it's much harder for the badguys to simply steal passwords, so they are left guessing (literally), so the best thing you can do is add length and complexity to your passwords.

There is a bit more information available here regarding "Information Entropy" and other password theory:
Password strength - Wikipedia, the free encyclopedia

Recapitulation:

1) Length is your biggest asset against brute force attacks. This is because most crackers/rainbow files (in my experience) give up after about 12 characters.

2) Complexity is your next biggest asset.

3) Use mnemonic devices, just don't use something that is directly related to yourself! If your password is not something obvious, then humans can't guess it. That means that automatic tools have to try to guess it, and they have limitations too.

Thanks for viewing!

For personal security I also recommend using KeePass and TrueCrypt:
KeePass Password Safe
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux
__________________

__________________
SparkMonkeyHellion is offline  
Old 03-31-2009, 02:32 PM   #2 (permalink)
True Techie
 
Join Date: Feb 2009
Location: New York
Posts: 201
Send a message via AIM to myr707 Send a message via Yahoo to myr707
Default Re: Password Security Tips

Very informative. Thanks alot
__________________

__________________
Click Me
myr707 is offline  
Old 03-31-2009, 03:09 PM   #3 (permalink)
Grandfather of Techist

\_(ツ)_/
 
Trotter's Avatar
 
Join Date: Jan 2005
Location: The South
Posts: 31,461
Default Re: Password Security Tips

Great advice. I have already started putting it to use.
__________________
Cougar MX330-G / Antec EA650 650W / ASUS GTX960-DC2OC-2GD5 / AMD Ryzen 5 1600 / MSI B350 Gaming Plus
Samsung 970 EVO 250GB M.2 SSD / WD Blue SSD 250GB / WD Black 750GB / WD Green 1TB
2x16GB Corsair Vengence RGB / Win10 Pro x64 / Mionix Naos 7000 / Tecware 87 Key Mechanical

R.I.P. Danny L. Trotter ... 14 Nov 1945 - 4 Sept 2009
Trotter is offline  
Old 03-31-2009, 03:17 PM   #4 (permalink)
Banned
 
Join Date: Feb 2009
Location: Guantanomo Bay, Cuba
Posts: 546
Default Re: Password Security Tips

Quote:
That I'm the techie in my family, says more about their tech knowledge than mine
I say something similar when playing games like CoD - I was a late bloomer into videogames, so I don't have the "core" skills that many gamers do, thus I'm usually a full notch worse than my friends (or more)....

However I occasionally do really well (like 1st or 2nd on my team) and when that happens... we are losing. So I'm exclaiming "I am in FIRST! This is why we are LOSING!"

PS: Thanks guys, just doing my part. If you have any questions about anything let me know! I am by no means a security expert; just sharing what I've learned from people who know more than me!

PSS: Please REP ME!
__________________
SparkMonkeyHellion is offline  
Old 03-31-2009, 05:10 PM   #5 (permalink)
Wizard Techie
 
CrazeD's Avatar
 
Join Date: Feb 2006
Location: Maine
Posts: 3,736
Send a message via AIM to CrazeD Send a message via MSN to CrazeD
Default Re: Password Security Tips

Good guide.

However your example password, "AbrahamLincoln42", isn't all that secure at all. You're forgetting dictionary attacks, in which the program just looks for common words or names, so using a password with names or any word at all isn't secure.

Instead, you're better off with a random combination of uppercase, lowercase, numbers and even symbols. It may be harder to remember, but that's the most secure password you can use.

Like 3-4 years ago I was in a gaming clan, and some hacker group had beef with us, and so they used to hack our Teamspeak often. We grew tired of it, so I changed all of the admin's passwords to a 60 character randomly generated alpha-numerical password, and we were never hacked again.

60^62 is a pretty big number.
__________________

Intel Q9400 | Gigabyte EP45-UD3P | G.Skill 2x2GB DDR2 1000 | XFX HD5870

Need website help? PM me!
CrazeD is offline  
Old 03-31-2009, 08:59 PM   #6 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Re: Password Security Tips

What about passwords that use upper case, lower case, numbers and symbols?

Dont forget about using some 1337 speak as well mixed in with regualr english.

S0mEth1nGl!kEth!5

will be real secure as not only will they have to bash letters and numbers but the symbols as well.

It will make it real hard to just use a brute force to get something like that and you also increase the amount of passwords you can create as well.

@ for a or A

$ for S or s

& for 8

So yeah there is so much more that can be done that just mixing in a upper case letter every now and then or adding a couple of digits.
__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline  
Old 04-01-2009, 08:05 AM   #7 (permalink)
Banned
 
Join Date: Feb 2009
Location: Guantanomo Bay, Cuba
Posts: 546
Default Re: Password Security Tips

Wow - I did totally forget dictionary attacks. Fiddlestix. That's embarrassing.

Still - I would like to point out that with the clan feud that took applied effort by humans which most people will not have to worry about. Most.

The best thing for handling passwords is the KeePass application I linked. It will generate random passwords for you and store them in an encrypted database. That way you only need to remember 1 password, and it's much safer since it's only stored on your local machine and not on the iNet.
__________________

__________________
SparkMonkeyHellion is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DBD::mysql Perl module install CrazeD Linux and Open Source 4 02-28-2009 04:37 PM
prep for HijackThis Log posting paulmars HijackThis Logs (finished) 38 02-03-2009 05:51 PM
Wireless disconnects seemingly randomly 636benjamin Computer Networking and Internet Hardware 6 07-09-2008 10:28 AM
User Locked Out of Account....Its Weird Though.... qbbraveheart Computer Networking and Internet Hardware 2 05-07-2007 08:58 AM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 07:03 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.