DevNotes: Passwords

Using passwords is the first step in securing privacy on computers. Simple passwords can be easily guessed by people who know you, or can easily be cracked by people with experience.

In a recent survey of password use, more than 3000 accounts were cracked out of a test sample of over 13,000 using 25 different techniques. There is evidence that a hacker only needs to break one account to gain access to other accounts and other systems on the same network.

There are many tools to crack passwords, such as dictionary programs. A hacker will launch a dictionary attack by passing every word in a dictionary (which can contain foreign languages as well as the entire English language) to a login program in the hope that it will eventually match the correct password.

Here are some do’s and dont’s complied from numerous sources over the web.

Don’ts

• DON’T use your login name in any form (as-is, reversed, capitalised, doubled, etc.)

• DON’T use any names, whether a relative of yours or character in a novel, book, or movie.

• DON’T use other information easily obtained about you. This includes birthdates, license plate numbers, telephone numbers, your street name, etc.

• DON’T use a password of all digits, or all the same letter. This significantly decreases the search time for a cracker.

• DON’T use a word contained in (English or foreign language) dictionaries, spelling lists, or other lists of words.

• DON’T use a password shorter than six characters.

• DON’T share your password with anyone.

Do’s

• DO use a password with mixed-case (Ex. HYuj4iP, 3rtIdlP)

• DO use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.

• DO change your password regularly

Related Links:

blazonry.com's JavaScript Password Generator

View an online calculator which estimates the time it will take to crack a password with different criteria.

WWW Security FAQ by the W3C