How secure is your password? - Printable Version +- The Lurker Lounge Forums (https://www.lurkerlounge.com/forums) +-- Forum: The Lurker Lounge (https://www.lurkerlounge.com/forums/forum-4.html) +--- Forum: The Lounge (https://www.lurkerlounge.com/forums/forum-12.html) +--- Thread: How secure is your password? (/thread-3455.html) |
How secure is your password? - Yrrek - 01-16-2007 I found this article: http://www.wired.com/news/columns/0,72458-0.html via http://www.linuxsecurity.com The author does an excellent job of explaining how password cracking programs work, and how fast they can crack certain difficulty passwords. He also gives tips on how to improve ones' passwords to help improve the security of your information. Enjoy! Yrrek P.S. - Don't forget to update your passwords! =D How secure is your password? - roguebanshee - 01-16-2007 Something to remember, the writer assumes that the cracker has access to either a physical media or a fast LAN with one or more files using the password. He'd see his progress slowed down dramatically due to response times, if he tried the same thing against an online target. How secure is your password? - Maitre - 01-16-2007 Quote:So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle. The above paragraphs are lifted from the middle of the linked article as the advice for choosing "hard to guess" passwords (which seems to indicate that the attack software described by the author would have to go to it's sixth and seventh set of generating tools to get). Also, the first paragraph I quoted is something similar to the guidelines implemented by the IT folks at my company... Passwords must meet three of the following four criteria: 1) contains 3 or more lower case letters 2) contains 3 or more upper case letters 3) contains 1 or more special characters (@, #,$, %, &, !, ,, ., and ? are acceptable, \, /, and * are not) 4) contains 1 or more numbers Passwords must be reset every 2 months, and cannot be the same as any of your last 3 passwords. The thing I always try to avoid are things that everyone knows about me like my wife's name, my son's name, etc. These sorts of things are very easy to remember, and very easy to guess. They also seem like things that would be common in the passwords of grandparents and non-savvy folks who would be likely to have a document somewhere in their email of all their bank accounts, etc. Not that I know anyone like that... /forwards article on to his own parents/ |