Group Actions
Engagement
  • Author Author: clem57
  • Date Created: Date Created
  • Views 2731 views
  • Likes 8 likes
  • Comments 47 comments
Related
Recommended

Why passwords are important...

clem57

     I know a lot of you are thinking, why bother about passwords? Well let me clue you in. Many passwords we use are very weak. Let me list a few and show how long it would take to break with modern computers.

 

        • password     This is in the top 5 common list of passwords used.
        • pickles         This is in the top 2160 common list of passwords used
        • milkbad        This would take 800 milliseconds because just letters and short
        • mIlkBaD       This would take 2 minutes because short and only letters
        • m1ln2aD      This would take 6 minutes. Now we have numbers and mixed letters, but too short and no symbols
        • m1$k3a%     This would take 1 minutes. Ops, not enough to fix the problem. Too short.
        • qwerty12345asdf    Wow! finally one that would take 701,000 years to brute force attack.
        • qw$rty12#45as*f     Adding in the symbols we get 130,000,000 years to brute force attack.

 

So in conclusion, it takes the following things to make a password strong.

  1. More than 8 characters or even  more than 16 characters.
  2. Upper and lower case. This helps double the choices from 26 to 52.
  3. Add in numbers and symbols. One without the other can weaken the password.
  4. Finally, use a password generator and stored database like KeePass for instance.

 

If you wish to play around with your choices, I found this great site https://www.comparitech.com/privacy-security-tools/password-strength-test/#password-test-tool .

Give it a spin and comment below on your experience. I would like to know what is the toughest password using the above tool?

Anyone up to the challenge. Oh a password generator does not count! image

Parents

  • Users need complex passwords - we know that much. Users need to avoid reuse as well - in case any password is compromised.

     

    But on the server side, administrators need to do their part as well. For one, there are still probably some sites with plain-text password storage ... when the best practice is to salt and hash the password, with the choice of salt and hash having a significant impact on offline cracking time (and resources necessary to validate the password). Sometimes users are asked to change their passwords not because the password itself is vulnerable, but perhaps it was salted and hashed with an algorithm which has become "weak" in the face of increased computing power and discovered vulnerabilities, whereas re-setting it will allow for a new salt-hash record using the latest settings to be made.

     

    But as usual, security is only as good as the weakest point ...

     

    - Gough

  • in reply to Gough Lui

    In my opinion, the correct message is that users need long passwords more so than say short "complex" ones. The way I teach my kids about passwords is to type out a long sentence without spaces. It is then easier for them to remember. For example "IloveEating99chocIces!TheMorethemerrier". This is so much easier to remember than some random "complex" password like "a1Bds342%$as34Q$o3".

     

    What scuppers this approach is when IT bods place length restrictions on passwords, and as you say, failing to implement best practice on server side. Thankfully, this issue of length is becoming less common.

  • in reply to BigG

      wrote:

     

    type out a long sentence without spaces. It is then easier for them to remember.

    I do this image; works a treat, easy to remember and, according to the testing websites, hard to crack!!

     

    Neil

  • in reply to BigG

    I have used this approach for a number of years.

     

    Sean

Comment Children
No Data