![]() “We’re all good at securing small pieces of paper. “Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down,” wrote consultant Bruce Schneier in 2005, eons ago in the digital world. Many pros subscribe to the “write it down” philosophy. News features on password security invariably cut to the cynical expert who belittles every common or realistic password practice. Mangling can create a false sense of security. There is reason to fear that site-enforced mangling rules cause users to pick simpler, easier‑to‑guess base passwords. Everybody is oh-so‑devious in the same ways. Mandatory punctuation marks gets you password! and A password that might look secure, like $pider_Man1, isn’t. A requirement to mix capitals and lowercase elicits Password or PaSsWoRd. When a site insists on having a number, password becomes password1 or password123 with alarming regularity. Almost everyone’s mind follows the same well-worn mental grooves. In theory, mangling makes it a lot harder to guess a password. Most of us have been shamed and browbeaten into adding numbers, punctuation marks, and odd capitalization to our passwords. It tries every single word in the dictionary, as well as all common proper names, nicknames, and pet names. Initially, cracking software runs through an exhaustive, frequently updated list of thousands of the most popular passwords and then segues to a full dictionary search. One commercial software recovery program intended for forensic use (on seized computers of child pornographers and terrorists) claims it can check 2.8 billion passwords a second. John the Ripper, a free hacking program, can test millions of passwords a second. You still have to consider the speed of today’s hacking software. Okay, you’re in the 99 percent not using an insanely bad password. A typical list would run password, 123456, 12345678, and qwerty. How is that possible? Simple-you try the four most common passwords. ![]() One recent study found that nearly 1 percent of passwords can be guessed in four tries. They pick the low-hanging fruit-the passwords easiest to guess. Most identity thieves don’t bother with trickery. Security is always about the weakest link. There are weak locks and strong locks, but neither does any good when a pickpocket swipes your key. They may sell collected passwords on the black market for about $20 each.Ī password is like the key to your home. ![]() ![]() Scammers know that the password you supply is likely to be similar or identical to ones you use elsewhere. They’ll ask you for some personal data-mixed in with Trekkie trivia -and prompt you to make up a password. Have you ever wasted a few moments with a sketchy website that promises to reveal your Klingon name (wizard name, ghetto name, porn star name, etc.)? Some of these sites are fronts for password-harvesting operations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |