"You Shall Not Pass...word"

"You Shall Not Pass...word"

Feb 15, 2021

Locking away private possessions has been paramount since before humans were saying "Unga bunga", we desire the peace of mind that what is ours, remains ours. But what if I told you that what's yours is mine? Thanks to a simple little thing that you didn't make more secure because "No one is going to care about my little old password". Except one thing, that one little password just gave me access to your Facebook profile. Now I can conduct some social engineering, read messages, look at private photos, and even blackmail you. Before we get into panic mode, let's delve a little deeper into this topic, shall we?

What if the lock you bought at the store was able to be unlocked by ten thousand different keys? Well, in 2020 the most used password was "123456" and to say the least, most hackers wouldn't even need effort to crack that. A password as simple as a few digits is the equivalent of using a pad-lock that can be opened with any key. "How do we combat this", you ask. By following the guidelines set forth in this article, the chances of your password being cracked will be considerably reduced, maybe even nullified.

Beginning with the primary issue: password strength; What's the difference between "123456" and "F6j#O9)1G5"? The most accurate answer is about 50 years; that's right, it would take password cracking software around 50 years to crack the latter password. The predominant process by which a password cracker such as John The Ripper uses is called "brute force" which is exactly as it sounds. The software tries millions of different combinations in an attempt to guess the correct password. Of course, there are sub-categories of password cracks, but we won't cover them in this article.

The key to a perfect password is rather simple, combine upper and lower case letters, numbers, and symbols. Yep, it's that easy! You're right though, there's way more to cover: the next step is to not have the same consecutive character back to back. Let's use our dummy password for example, "F6j#O9)1G5". This is a textbook ironclad password, varying characters and none are repeated. Let's say that we change the password to "Ff6j#3O9(G5", is it better or worse? This minor change might look like a strong password, but we actually just took off about 10 years from a brute force attack. By using consecutive letters and characters, such as the "Ff", "#3", and "9(" we play directly into John The Ripper's plans. As the computer algorithm cycles through it's password combinations, it cycles character after character, similar to a how a slot machine cycles through until jackpot! Just the simple process of removing consecutive characters has just spared your password from getting cracked.

But what if I can't remember my password? Well, you could just let your browser save all your passwords...but that is a security risk in and of its own. Hackers and viruses steal hundreds of thousands of passwords every day. My best advice is to keep a log book to write down your passwords, do not save your passwords on your computer. There are two reasons for this: If your computer crashes, you lose all your passwords and the risk of passwords on your computer being stolen is a considerable risk.

If you have a long list of passwords that aren't secure, just take the time for one password a day. By changing a single password and writing it down each day, by six months time you will have a compendium of secure passwords and the peace of mind that your accounts are safe from hackers.

Enjoy this post?

Buy JMC Information Technologies a sailboat

More from JMC Information Technologies