Choosing A Secure Password

As we continue to use technology we require more and more passwords to access things. You might already know these basic tips:

1. Never reuse your old passwords. “One bad apple ruins the bunch”
2. Don’t change your password unless you think it’s compromised.
3. Consider two-factor authentication.

Although you might have a handle on the basics, below are a few password tricks you might not be familiar with, starting with a scenario for hacking a password.

‍Scenario for breaking a password:

‍Offline password-guessing attack

Attacker obtains a file of encrypted passwords like the LinkedIn breach in 2009. The attacker(s) would then unencrypt these passwords to authenticate themselves into the compromised accounts where more information can be stolen.

The attacker would do this by running a commercial program or hacker tool on their computer to guess as many passwords as possible. If correct (which often happens) then they would have access to your accounts.

With this method of guessing passwords, two factors are at play: efficiency and power.

Efficiency is how easily the program can guess a password. Some programs are so incredibly effective that they are able to guess common passwords first. They have special dictionaries that combine different words to guess common passwords. Common passwords typically have both a root and an appendage and do not have to be in any particular order. Example “passwords1234” or “p4s5w0rd12”

Modern password cracking programs will run common roots and appendages until they find a match.

This is why using individual words and characters is no longer great for making passwords.Password crackers will also feed in any information that may be related to the person’s compromised account. This includes names, addresses, postal codes, meaningful dates and any other meaningful information.  Some programs can even scan a target hard drive for clues and spend time scanning it for this information.

Obviously all of this work requires a good amount of processing capacity. Well, what helps password-cracking programs be so efficient? The processing power available to run these programs. As computers have developed over time and processing power has increased, these programs are able to process more and more passwords per second. In fact one program advertises eight million per second!

‍So what are some best practices for choosing a password?

Schneier scheme

‍Take a sentence and turn it into a password. Example: “Holy smokes! Would you look at that.” or hs!…wyl@t

Having a memorable sentence really makes it easy to create a password that is long and easy to remember. These are atypical, generally harder to crack but still not completely “fool proof” as software and hackers continue to get better with time.

‍Use a password managing service

‍Some password managers will generate new passwords for every app you use with a random password generation tool. This way your passwords are always different and always random.

While these tips might be useful, there’s certainly a positive correlation between Internet security and attacker sophistication.  If you aren’t able to go with a password manager, you’re always better off using two-factor authentication and using a randomly generated password.