Search This Blog, Linked From Here, or The Web

Monday, August 18, 2014

[Tutorial] Picking the Right Password

Unfortunately, picking a password isn't as easy or secure as it was a decade ago. Back in the late 90's, it was okay to have a password that was 1234. Nowadays, kids can get their hands on software that can crack passwords within 24 hours with no issues. Companies in charge of accounts that deal with passwords aren't taking any chances either and are requiring passwords with certain rules and a change in password every so often.

Many of us are left stuck when we are forced to change our password. It becomes a drag on our time because now we have to remember something that we never wanted to change in the first place. Services like Yahoo! require password changes regularly because their servers are constantly being attacked. With that, they make it near impossible to keep a password for a while because they won't allow you to use old passwords.

So now you need to think of a new password, but you're not sure where to start. In this blog, I wanted to give you guys some tips on how to make some great passwords that are not only difficult to crack but also easy to remember.

First, I think it's important that you guys understand how password cracking is usually done. The most common method can take hours or days to do. Basically, it is a program that will go through every possible password that can be done. The idea of creating a good password is one that cannot be easily decoded by this device. To understand how to make a good password, you should know how a lot of these programs begin. Picking a password that contains all sorts of characters will force the machine to take even longer and perhaps even damage it as a bonus ;)

The machines usually start by choosing the letter A or the number 1. If the attempt to use that password failed, then they choose B then C then D until they get to Z. At this point, they may try numbers, or a combination of letters starting with AA, AB, etc. then AAB, AAC, etc.

Knowing this, it should make you cautious of using a password that begins with the combination ABC or 123 even if it ends in something else because this is what the program likely starts with.

To have a great password that is near unbreakable, you should have lots of seemingly random numbers, capital and lower case letters, as well as special characters like the ones above your numbers at the top of the keyboard (!@#$%^&*()).

Choosing something like this doesn't mean that the program will not find your password, it just means that it can take a very long time. The more weird and unusual characters you have, the longer it takes for the program to solve the password combination. If it takes more than 2 weeks, which some passwords can take that long to crack, a hacker may just say forget it and move on to another person to crack.

When I say seemingly random, I mean numbers that are not directly beside one another or aren't usually combined. Also, try not to pick numbers that repeat such as 666 or 777 even if they are at the back such as "ndh777". What can seem random to a computer may be something like your birthday. If your birthday is July 27, 1975, you could use the combination 07271975. To a computer, they wouldn't know where that code came from and it seems so random that they would have a difficult time finding it.

However, if a hacker finds out your birthday, they could feed it to the program and the program would begin by searching for numbers with your birthday included. To prevent it from figuring it out too soon, add some extra numbers and letters before and after your birthday.

One of the best combinations you can do is add numbers and letters that are personal to you and things that are not likely on a government or official file such as your favorite number or maybe a serial number to a favorite device of yours or maybe even the birth date, wedding, etc. of a friend. This would throw off the computer because this number has no direct relation to you. The only real downside to this is that it'd be a bit harder to remember if you ever forget. But if you memorize it, which you will if you constantly have to input it, you shouldn't have to worry about this.

For an example, let's make up somebody and give them a password. Their name is John Doe, they live on 74537 Main St. USA, their birthday is July 27, 2072, their social security number is 048276253, their wedding anniversary is December 31, 2094, and their favorite number is 38. We have so many numbers to choose from here to create our password. Let's try some combinations that you can see how they come from it and can be easy to remember if this is information about you.
j3072720728D: This password looks so odd and off the wall that anyone who sees it probably won't remember. This is also another good reason for using a password with so many numbers. People can remember names and words even if they make no sense because they sound it out. But how do you remember 3,072,720,728 especially when it doesn't have any commas? And, it also contains two letters which really throws people off! But if you are this John Doe, and you see this, you can remember it because it's easy to see which numbers are which.

I put a lower case j in the front because his first name is John. Thinking about it now, you could make it even more secure by adding the j at the end to really throw someone off. But this way is fine too. The first 3 comes from the 38 in his favorite number. The second number is altogether 07272072. This is his birthday exactly as it is written. 07-July; 27-day; 2072-year. The last number 8 comes from his favorite number 38. And the capital D at the end is for his last name Doe.

Do you see how easy it can be to remember a password like that for yourself? Put in your details and create a password like that and you'll be set! Don't be afraid to use other numbers too like your address, social, etc. However, be cautious when adding things like your social. Social Security Numbers have a certain look to them that can be picked up on.

Let's say a hacker was able to crack your impenetrable password and now can see exactly what you wrote. By knowing how other socials look, he/she can be able to identify that this too is a SSN and learn even more information about you! Instead, try to scramble the numbers, add fake numbers to the sequence, or only use a piece of the numbers like just the first and last numbers or whatever is mostly commonly used in it.

Once you've created a password, it's a good idea to write it down somewhere. The first few times of inputting it may be difficult and you might need to look back at it for reference. Keep it somewhere safe that only you know where it is. Also, if you do happen to write it down, just leave the number and don't write anything else on it such as "Password=73892732". If someone finds your note and all it says is "732984732", they might not be able to determine what the number is used for.

When it comes to online accounts, they become more tricky to pick. A hacker usually cannot use this same method above to determine your password as accounts will only allow X number of attempts before locking your account. The hacker will only have 3-5 chances before striking out.

So you may now be wondering how they can crack an account. Usually it's because you use the same password for multiples places (your Facebook password is the same as your Yahoo! Mail password), the hacker has hacked into a server (for Facebook or Yahoo!) and it lists everyone's e-mail and password to unlock the account, or they picked up on it through information you sent over the internet.

One of the worst places is at a public hotspot like Starbucks. My cousin showed me a program he obtained somewhere that allows him to pick up anything sent out by computers at these places and find out what websites they are visiting and any passwords and e-mails they are using to log in. Knowing this, you should limit the amount of time you spend online at these places, consider using your phone's WiFi hotspot feature instead, or not visit and log into websites like your bank account with Chase.

If the hacker has hacked into the actual server at Facebook, Yahoo!, etc., the company will usually inform you of this breach or you'll hear about it on the news. They will likely force you to change your password. There is no real way to protect yourself from these attacks except just finding a newer, better password to change to.

Try not using the same passwords for every account you have. I know it becomes difficult when you have 5 e-mail accounts, 1 Facebook, 1 MySpace, 1 Hulu, 1 Netflix, etc. but you'll be glad you did when your account is compromised. If someone figures out your Facebook password, they can now get into your e-mail if the passwords are the same. Once this is done, there will be no way for you to regain control of your Facebook account. Try having as many different passwords as you can.

Also, be extremely cautious of who you lend your password to. Keep a record of who you've given it to. In case of a fall out with this person, it would be a good idea to change your password that they know so they can't use it maliciously. It's even better to not share your password at all with anyone to limit the people who have access to your account.

By following the steps above, I hope you've been able to find the right password combination that works for you. Don't be discouraged when you are required to make a new password. Just follow the steps above again to pick a new password.

So far, my success has been great. I have had a few accounts compromised, but not as many as others. My password techniques seem to be helpful in eliminating the ease for someone to cause harm to me by figuring out an easy password. Just remember that this system, or any other, for that matter, are not infallible. You will still be prone to attacks. Picking the right password just makes it more difficult for someone to crack.

No comments:

Post a Comment

By commenting to this blog, you are agreeing to the guidelines, that may change at will, of this page.

Note: Only a member of this blog may post a comment.