SparkMonkeyHellion
Banned
- Messages
- 546
- Location
- Guantanomo Bay, Cuba
I figure I'd share a couple of things that I have learned about security from my work in the IT field.
First and foremost, the most obvious passwords are going to be the names and birthdays of your family. Do not use them. Ever.
Never use any sort of personal information.
Here's a rule of thumb, if the information exists on A) Your Driver's License B) Your Tax Form C) Your Criminal Record D) Any mail you receive DO NOT USE IT.
Most people use this stuff because it's easy to remember. However, it is just as easy to use a different mnemonic device. Choose a celebrity or historical figure. Use their whole name.
"AbrahamLincoln42" is an incredibly secure password and it's easy to remember (don't even think about it, that's not my password for anything). You have 3 different types of characters in this password (lower case, UPPER CASE, and ####)
Why is this important? Rainbow files and password crackers. The more types of characters you use, the harder it is to figure out what your password is. Think of it this way; if you use "alllowercase" as your password, there are only 26 characters to choose from. That is a 12 character password. So whats 26^12? I don't know. But that's how many possibilities there are for a 12 character password in all lower case.
If you use 0-9 as well, that means you now have 36^12 possibilities. Substantially more. This means that a Rainbow file (basically a file containing all possible passwords within certain parameters) would be exponentially larger.
Now, say you have Upper, lower, and ###. That is 62^12 possibilities for just a 12 digit password. That's a very high number. Most basic password crackers/Rainbow files will simply not have that kind of ability.
Now, the most secure passwords are considered to be 20 characters long today. That's incredible! However, consider how many possibilities that is:
Password with upper/lower/###
62^20 = 7.04423425547E+35 possibilities (a f*** ton!) compared to the original
vs
Password with just lower
26^12 = 9.5428956661682E+16 possibilities.
And really, length alone is one of the best ways to secure a password. In my experience, most crackers/rainbow files give up after about 8 to 12 characters. So even if you're password is "12121212121212121212", that is more secure than using your name or the name of someone related to you. Despite the simplicity of the above password, most automatic programs/files will simply give up, because that password is just as statistically likely as "iamagoatmadeofcheese". Even still, whatever password you have a better time remembering is the best.
A little bit of inside info on how passwords are stored: They are called "Hashes". Basically, your password, whatever it is, is broken down into numbers. Those numbers are fed through a formula to end up with one big huge number (usually stored in hexadecimal I think) - how is this safe? Because that formula doesn't work backwards. Take an algebraic problem. Once you solve the problem (which is equivalent to the password) you get a single number. That single number gives no hints about what made it. And only that one algebraic problem creates that number. Most of the time.
With the advent of HTTPS technology (and other things) it's much harder for the badguys to simply steal passwords, so they are left guessing (literally), so the best thing you can do is add length and complexity to your passwords.
There is a bit more information available here regarding "Information Entropy" and other password theory:
Password strength - Wikipedia, the free encyclopedia
Recapitulation:
1) Length is your biggest asset against brute force attacks. This is because most crackers/rainbow files (in my experience) give up after about 12 characters.
2) Complexity is your next biggest asset.
3) Use mnemonic devices, just don't use something that is directly related to yourself! If your password is not something obvious, then humans can't guess it. That means that automatic tools have to try to guess it, and they have limitations too.
Thanks for viewing!
For personal security I also recommend using KeePass and TrueCrypt:
KeePass Password Safe
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux
First and foremost, the most obvious passwords are going to be the names and birthdays of your family. Do not use them. Ever.
Never use any sort of personal information.
Here's a rule of thumb, if the information exists on A) Your Driver's License B) Your Tax Form C) Your Criminal Record D) Any mail you receive DO NOT USE IT.
Most people use this stuff because it's easy to remember. However, it is just as easy to use a different mnemonic device. Choose a celebrity or historical figure. Use their whole name.
"AbrahamLincoln42" is an incredibly secure password and it's easy to remember (don't even think about it, that's not my password for anything). You have 3 different types of characters in this password (lower case, UPPER CASE, and ####)
Why is this important? Rainbow files and password crackers. The more types of characters you use, the harder it is to figure out what your password is. Think of it this way; if you use "alllowercase" as your password, there are only 26 characters to choose from. That is a 12 character password. So whats 26^12? I don't know. But that's how many possibilities there are for a 12 character password in all lower case.
If you use 0-9 as well, that means you now have 36^12 possibilities. Substantially more. This means that a Rainbow file (basically a file containing all possible passwords within certain parameters) would be exponentially larger.
Now, say you have Upper, lower, and ###. That is 62^12 possibilities for just a 12 digit password. That's a very high number. Most basic password crackers/Rainbow files will simply not have that kind of ability.
Now, the most secure passwords are considered to be 20 characters long today. That's incredible! However, consider how many possibilities that is:
Password with upper/lower/###
62^20 = 7.04423425547E+35 possibilities (a f*** ton!) compared to the original
vs
Password with just lower
26^12 = 9.5428956661682E+16 possibilities.
And really, length alone is one of the best ways to secure a password. In my experience, most crackers/rainbow files give up after about 8 to 12 characters. So even if you're password is "12121212121212121212", that is more secure than using your name or the name of someone related to you. Despite the simplicity of the above password, most automatic programs/files will simply give up, because that password is just as statistically likely as "iamagoatmadeofcheese". Even still, whatever password you have a better time remembering is the best.
A little bit of inside info on how passwords are stored: They are called "Hashes". Basically, your password, whatever it is, is broken down into numbers. Those numbers are fed through a formula to end up with one big huge number (usually stored in hexadecimal I think) - how is this safe? Because that formula doesn't work backwards. Take an algebraic problem. Once you solve the problem (which is equivalent to the password) you get a single number. That single number gives no hints about what made it. And only that one algebraic problem creates that number. Most of the time.
With the advent of HTTPS technology (and other things) it's much harder for the badguys to simply steal passwords, so they are left guessing (literally), so the best thing you can do is add length and complexity to your passwords.
There is a bit more information available here regarding "Information Entropy" and other password theory:
Password strength - Wikipedia, the free encyclopedia
Recapitulation:
1) Length is your biggest asset against brute force attacks. This is because most crackers/rainbow files (in my experience) give up after about 12 characters.
2) Complexity is your next biggest asset.
3) Use mnemonic devices, just don't use something that is directly related to yourself! If your password is not something obvious, then humans can't guess it. That means that automatic tools have to try to guess it, and they have limitations too.
Thanks for viewing!
For personal security I also recommend using KeePass and TrueCrypt:
KeePass Password Safe
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux