We use passwords each day to access our e-mail accounts, bank accounts, Facebook and Twitter accounts along with hundreds of different providers. There’s great temptation to use one password for all reports and to make it brief and simple to remember. However, this has devastating impact on the privacy and security. If you believe that you have nothing to conceal, consider again. Typically the passwords are broken not from mere curiosity but with malicious functions – to use your pc as spam bot, to steal a few of your cash, to infect your computer with computer viruses and spyware and so on.
What makes a password poor and simple to crack? In most cases the attacker doesn’t attempt to guess your password manually. Instead he uses an automatic computer program that attempts many passwords in very speedy series in order to discover a match. Here are some examples of weak passwords:
Generic passwords and default passwords. Examples: admin, administrator, user, guest, pass, password, etc.. These are the first passwords that are tried by the password cracking software.
Meaningful words or names. Examples: sandbox, NY, lion, john, mary, USA, etc.. Easily deciphered from the dictionary-assisted dividing tools.
Words or titles with extra amounts. Cases: john123, pass123, 123456, number1, etc.. Easily cracked by the automatic cracking tools.
Personal names, birthdates or comparable information. These are used a lot as passwords and are very easily cracked. By way of example, if the password is a birthday, then there are just hundreds or couple thousands (if the year is comprised) possible combinations, that is quite weak for a password.
As you can see, all easy passwords are not safe. However, how to choose safe passwords? The most important thing is to avoid using the exact same password for different computers or solutions. If you follow this rule, even if one of your passwords is either broken or otherwise compromised, another passwords will be secure.
Basically, the password strength is dependent upon the amount of potential combinations, which should be tried as a way to guess (or crack) the password. By way of instance, the standard 4-digit PIN codes are weak passwords, because there are just 10000 possible mixtures. This isn’t a big problem for ATM machines since the PIN code is useless without the card and many ATM machines block when the password doesn’t match over 2-3 times. However, in many other cases it’s possible to utilize automated password cracking tools, which may try tens of thousands or even millions of passwords per second, therefore any weak password will be broken in a matter of seconds or minutes.
The number of possible combinations is determined by the symbols, which can be used from the password and the password length. See the table bellow for some estimates of time for breaking of these passwords with different complexity on 4 typical computers. The first computer is a modern mid-level PC, which can test 1 million passwords per minute. The second is a future computer a decade from today, which will be able to test 65 million passwords per minute. The third computer is modern mid-level supercomputer, which may test 1 billion passwords per second and the last is a potential supercomputer 10 years from today, which will be able to test 65 billion passwords per second. Please be aware that these are approximate estimates and the actual password testing rate might be considerably slower or faster for several kinds of encryption algorithms.
As we saw in previous phases, the gap between the degree of security given by weak and strong passwords is enormous.
The question remains: how to create random strong passwords? Lets look at the alternatives.
- Choosing “randomly” letters and figures. It appears random but just at first sight. Numerous research studies have proven that humans are not very good randomly picks – they constantly try to spread the things too evenly, which isn’t random behavior.
- “Random” typing on the keyboard with shut eyes. This is slightly better than random picking but still nowhere random. Far better than the past two options but have 2 big drawbacks. The first is that the chance that the generated password might be stored on the site with malicious purposes or someone may eavesdrop on your connection and intercept the generate password. The next major problem is the characteristic of the random number generators, which quite often isn’t up to the job. Many of them are naively implemented and provide a whole lot fewer combinations compared to theoretically possible (no more that tens of thousands or hundreds of millions, which isn’t powerful password by any way – see the table in the previous chapter).
- Specialized random password generator programs. The very best choice provided that they are implemented properly and come from trusted source.
Mil Shield for example, is a program that offers a random password generator with top quality random creation and no password sending or logging. You may use it to create any sort of passwords from simple PIN codes to very strong and long passwords that are impossible to crack the fastest supercomputers.