Group Actions
Engagement
  • Author Author: clem57
  • Date Created: Date Created
  • Views 3487 views
  • Likes 8 likes
  • Comments 47 comments
Related
Recommended

Why passwords are important...

clem57

     I know a lot of you are thinking, why bother about passwords? Well let me clue you in. Many passwords we use are very weak. Let me list a few and show how long it would take to break with modern computers.

 

        • password     This is in the top 5 common list of passwords used.
        • pickles         This is in the top 2160 common list of passwords used
        • milkbad        This would take 800 milliseconds because just letters and short
        • mIlkBaD       This would take 2 minutes because short and only letters
        • m1ln2aD      This would take 6 minutes. Now we have numbers and mixed letters, but too short and no symbols
        • m1$k3a%     This would take 1 minutes. Ops, not enough to fix the problem. Too short.
        • qwerty12345asdf    Wow! finally one that would take 701,000 years to brute force attack.
        • qw$rty12#45as*f     Adding in the symbols we get 130,000,000 years to brute force attack.

 

So in conclusion, it takes the following things to make a password strong.

  1. More than 8 characters or even  more than 16 characters.
  2. Upper and lower case. This helps double the choices from 26 to 52.
  3. Add in numbers and symbols. One without the other can weaken the password.
  4. Finally, use a password generator and stored database like KeePass for instance.

 

If you wish to play around with your choices, I found this great site https://www.comparitech.com/privacy-security-tools/password-strength-test/#password-test-tool .

Give it a spin and comment below on your experience. I would like to know what is the toughest password using the above tool?

Anyone up to the challenge. Oh a password generator does not count! image

  • in reply to BigG

      wrote:

     

    I just so happened to request a new password on Microchip.com. My password choice failed.

     

    Talk about a bad password rule. Has to be one of the weakest security rule I've seen in a very long time... someone to speak to them... image

     

    image

    Are you serious of no special characters? This can lead to a dictionary attack at least. And 15 characters is not very long entropy either.

    Clem

  • in reply to BigG

    They have good microcontrollers with hardware encryption accelerators and safe protected key storage.

    Their software staff (web developers, but also those that write examples for the hardware that supports secure operation) seem to be on a different level.

  • I just so happened to request a new password on Microchip.com. My password choice failed.

     

    Talk about a bad password rule. Has to be one of the weakest security rule I've seen in a very long time... someone to speak to them... image

     

    image

  • in reply to clem57

    I don't disagree with what you propose but I feel you get the best bang for a security buck from the user community.

     

    Two simple objectives.

    • Never, I repeat NEVER use the same password twice. That means on the same site or across multiple sites.
    • Use complex passwords with 16 characters.

     

    Hackers focus little to no effort on a bank. They hack the site with your gym memberships. Why? The password for both are the same.

     

    Retaining complex passwords across multiple sites is difficult. Encourage the use of password management tools.

     

    Sean

  • I wish to propose the following:

     

    • Traditionally, authentication procedures are divided into two stages: identification and secret password. Note identification with longer strings helps make the password space large...
    • To date, research on password security and the usability of these mechanisms has rarely been investigated. But more has been done since news of hacker attempts hits the public raising awareness.
    • Since security mechanisms are designed, implemented, applied and breached by people, human factors should be considered in their design. Too often we neglect this using simple techniques.
    • It seems that currently, hackers pay more attention to the human link in the security chain than security designers do, by using social engineering techniques to obtain passwords. This means Facebook, twitter and other places can help a hacker get into the mind of the user...
    • The key element in password security is the crackablity of a password combination. But often the length of the password is too little.
    • System-generated passwords are essentially the optimal security approach; user-generated passwords are potentially more memorable and thus less likely to be disclosed.
    • Password composition, alphanumeric password is more secure than one composed of letters alone. But the use of all elements like symbols and caps is better.