If your passwords are easily guessable, you are effectively giving attackers easy access to your accounts. If your passwords are along the lines of ‘password’, ‘123’ or ‘letmein’, they won’t even need to use their automatic password-breaking tools. This is especially true when people don’t change the default passwords that are used to control access to the settings of certain pieces of equipment such as broadband routers.
Without giving away any of your passwords, share your strategies for picking memorable passwords. Consider these questions:
- How many passwords do you use?
- How long are the passwords you use?
- Do you use upper and lower case letters, numbers, other symbols in them?
How to pick a proper password
Using your pet’s name, your street name or a random word can be easy to remember, but can also be easy to guess.
Even if the website uses hash functions, if the passwords are dictionary words, the attacker can generate lots of possible passwords, hash them and see whether any of them match a stored one. Attackers always start with dictionary words and variations thereof, as most passwords are normal words.
So your accounts will be more secure using passwords made up of a collection of numbers, letters and symbols that don’t resemble a dictionary word. One way of coming up with such passwords is first to choose a memorable phrase and convert it.
Strong passwords – long, non-dictionary words that are not easily guessable – are vital. The other thing to remember is to use a different password for every account.
The majority of cases in which someone’s password has been compromised have occurred when an attacker has cracked someone’s password on a low-value, low-security site, and that user used the same password for another, higher-value site. The attacker either knows or guesses the target’s username on the higher-value site and then tries the cracked password on it.
No comments:
Post a Comment