Difference between revisions of "Better Passwords"

Line 15: Line 15:
  
 
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.
 
'''Exercise:''' Firefox users install the http://noscript.net/ extension; Chrome users install [https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn NotScript] extension.
 +
 +
===Step 3: Prevent profiling===
 +
 +
Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.
 +
 +
'''Media:''' A [http://xato.net/passwords/more-top-worst-passwords/#more-269 study] of the most commonly used passwords and one covering password [http://arstechnica.com/security/2012/08/passwords-under-assault/2/ hacking] techniques
 +
 +
A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords.
 +
 +
{{#ev:youtube|ANXYxDBzleg}}
 +
 +
===Step 4: Prevent brute force attacks===
 +
 +
Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.
 +
 +
 +
{|
 +
|Length/Variations
 +
|26
 +
|36
 +
|52
 +
|68
 +
|-
 +
|3
 +
|0.18 seconds
 +
|Pie
 +
|0.47 seconds
 +
|1.41 seconds
 +
|3.14 seconds
 +
|-
 +
|5
 +
|1.98 minutes
 +
|10.1 minutes
 +
|1.06 hours
 +
|4.0.4 hours
 +
|-
 +
|8
 +
|24.2 days
 +
|10.7 months
 +
|17 years
 +
|1.45 centuries
 +
|-
 +
|10
 +
|44.8 years
 +
|1.16 millenia
 +
|45.8 millenia
 +
|45, 582 millenia
 +
|}

Revision as of 20:35, 27 May 2014

Step 1: Keep your computer clean and protected

Before we begin talking about strong passwords we must make sure that our computer is protected from spyware (that could leak your passwords) and unauthorised remote access. This is part and parcel of everyday computing but is especially pertinent to keeping your passwords secure from theft. Most hacking attacks happen by stealing your account password through the installation of spyware on the computer. You must install and maintain up-to-date (and legitimate) anti-virus and firewall software. You should also ensure that your operating system and all applications on your computer have the latest updates. These steps are the precursor to all secure computer operations.

Exercises: Protect your computer from malware and unauthorised remote access by installing and configuring an anti-virus and firewall from https://securityinabox.org/


Step 2: Always be vigilant and cautious

The Internet is rife with cyber criminals creating scams that trick you to reveal your password or inadvertently install a piece of malware that will leak them (especially if you skipped Step 1 above). You must be extra vigilant when clicking on links sent to you in an email or chat message. Avoid installing pirated software and browsing to websites whose identity, authenticity you cannot be sure of. Don't use Internet Explorer to browse the Web, run Firefox with the No-Script extension or Chrome with extensions that forbid webpages to execute code on your computer.

Media: Read this account from a Wired journalist on how hackers compromised his entire digital life, and how he managed to restore it. Lots of good tips and advice.

Exercise: Firefox users install the http://noscript.net/ extension; Chrome users install NotScript extension.

Step 3: Prevent profiling

Many people find it difficult to remember passwords and end up creating something that is related to their personal life or interests. For example, a user in New York City might choose 'manhattan' or 'yankees2012' as their password. Perhaps they will use their child's name and year of birth or the name of their pet dog.

Media: A study of the most commonly used passwords and one covering password hacking techniques

A common tactic in password hacking is called profiling – finding out personal details that may have been used as your password. By mining your Facebook, LinkedIn and other public profiles the attack will learn a lot of information about your identity and begin to guess and figure out your passwords.

Step 4: Prevent brute force attacks

Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.


Length/Variations 26 36 52 68
3 0.18 seconds Pie 0.47 seconds 1.41 seconds 3.14 seconds
5 1.98 minutes 10.1 minutes 1.06 hours 4.0.4 hours
8 24.2 days 10.7 months 17 years 1.45 centuries
10 44.8 years 1.16 millenia 45.8 millenia 45, 582 millenia