Ever wondered how strong your password(s) really are? Thought putting a 7 at the end of "daisy" would fool any cracker out there? Actually, a single somewhat-modern Pc can break that password in less than an hour and a half by using the lo-tech "brute-force" technique(by the computer randomly guessing). This guide will hopefully show you how to create a strong password.
Most crackers(hackers) use what is known as "dictionary attacks" - where a computer or peice of software tries to guess a password by running through a series of common phrases or words in various combinations. They(The computers/hackers) check hundreds of common "root" passwords ( such as "dog", "tree", etc.) in combination with various "appendages," including every two- and three-digit combination, single symbols (like $ and ?), dates from 1900 A.D. on, and a few others. The crackers also sub in common characters like "3" for "E" and other letter substitutions, like "B" for "8", and so on. Other, less common methods are also used, but are not usually as effective as Dictionary Attacks.
Cyber-attacks on passwords are catagorized from class A to class F. Many attacks do not exceed Class D, but when thay do, you better have a mighty-powerful password to defend yourself. Here is a chart explaining the classes of Cyber-attacks, and I believe you'll find a Class-D attack quite interesting: |*_Class of Attack_*|*_Type of Machine Being Used_ *| |Class-A|10,000 Passwords/sec. Typical for recovery of a Microsoft Office password on a Pentium 100 CPU| |Class-B|100,000 Passwords/sec Typical for recovery of Microsoft Windows Password Cache (.PWL Files) passwords on a Pentium 100 CPU| |Class-C|1,000,000 Passwords/sec Average recovery rate of ZIP or ARJ passwords on a Pentium 100 CPU| |Class-D|10,000,000 Passwords/sec Very Fast PC, Dual Processor PC. (Pentium D, Athlon 64 X2, Core 2 Duo, etc.)| |Class-E|100,000,000 Passwords/sec Workstation, or multiple moderately strong PC's working together| |Class-F|1,000,000,000 Passwords/sec Typical for medium to large scale distributed computing, supercomputers (These are very rare, though)|
When creating a password, there are a few basic rules you need to follow. These include, but are not limited to:
A good way to create a password is to pick a less common root, for example,pitcher , and mispell it so that it becomes a non-exsisting compound-word, so (for ex.) pitchsure+, instead of "pitcher". After doing this, it is a very good idea to add appendages (34a, $P$, etc.), except in unusual places, like in the middle or beginning/end of your already mispelled root-word. So, +$1$1pitch%x%sure would be an almost perfect password. Other good examples may include 2arm1337war2 (armoire) or 123bayzboll321 (baseball)
If you chose to store your password on a PC, make sure that it is in an encrypted form. Note: The Windows Password ache(.pwl files) is very insecure, so if Windows prompts "Would you like Windows to store this password?" do not click "Okay". Also, try not to send your passcode via e-mail to anyone, or tell them oraly.Yes, write your password down but do not leave the paper just lying around, and lock the paper away somewhere, preferably off-site and definitely under a lock and key.
It is a very bad idea to use a simple and short password, and simply substituting letters(ex. 1 for L, 7 for T, etc.) in a simple passcode is a common security miconception, so 1473R (Later) , for example, is a bad password choice. Other bad examples include things located near you ("computer", "keyboard", "monitor", "speakers", "printer", etc.) are useless to fend off a cyber-attack on your password.Also, never use a password that is based upon your username, account name, computer name or email address. Here is a list of the most common passwords. Most computers can guess these instantaneously:
It is _very_ unwise to use one of these as a passcode. It is also not very good to use a relative's name or birthdate in a six-digit MMDDYY format as a password, either.
It is a very good idea to periodically change your password, maybe every thirty days or so. If you do this, then a cyber-attack-in-progress will have to start over from the beginning. It is extremely important to change your password whenever you suspect that someone knows it, or even that they may guess it, or perhaps they stood behind you while you were typing it in during log-in. And emember, try not to re-use an old password. _*Other Tips:*_
-Choose a password that you can type quickly, this will significantly reduce the chance of someone discovering your password by looking over your shoulder.