Categories
Tech

Tech Talk: Passwords

"Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth – yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Here are some password tips:

1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)

2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)

3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.

4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?

5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.

6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link. (Ed. note: Lifehacker readers love the free, open-source KeePass for this duty, while others swear by the cross-platform, browser-based LastPass.)

7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.

8. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is."

Taken from How I’d Hack Your Weak Passwords

Just wanted to pass along these good words of advice to our readers. I can’t personally recommend the software he mentions in this article, b/c I don’t use it. I really liked the chart showing how useful using an uppercase or numeric value is. Comments? Questions?

UPDATE: I wanted to put this back on the main page after I got two extra special SPAM emails last week. One from my brother linking to www.hgr5.tabletxpills.com (don’t go there). He sent it to my old email address via his old hotmail account. The email included a CC of everyone else in his address book (hint hint). Somehow someone got the password to his hotmail and ran a script to email eveyone this link. The second one was a desperate cry of help from my old roommate, Kylin Kovac. He was stranded in Europe and needed me to click a link and send him money. Funny, I haven’t talked to Kylin since he got married and swamped with kids and medical school. KYLIN, UPDATE YOUR GMAIL PASSWORD!