How do they crack your Password?
Most crackers(hackers) use what is known as "dictionary attacks" - where a computer or peice of software tries to guess a password by running through a series of common phrases or words in various combinations. They(The computers/hackers) check hundreds of common "root" passwords ( such as "dog", "tree", etc.) in combination with various "appendages," including every two- and three-digit combination, single symbols (like $ and ?), dates from 1900 A.D. on, and a few others. The crackers also sub in common characters like "3" for "E" and other letter substitutions, like "B" for "8", and so on. Other, less common methods are also used, but are not usually as effective as Dictionary Attacks.
Classes of Attack:
Cyber-attacks on passwords are catagorized from class A to class F. Many attacks do not exceed Class D, but when thay do, you better have a mighty-powerful password to defend yourself. Here is a chart explaining the classes of Cyber-attacks, and I believe you'll find a Class-D attack quite interesting:
| Class of Attack | *Type of Machine Being Used * |
| Class-A |
10,000 Passwords/sec. Typical for recovery of a Microsoft Office password on a Pentium 100 CPU |
| Class-B |
100,000 Passwords/sec Typical for recovery of Microsoft Windows Password Cache (.PWL Files) passwords on a Pentium 100 CPU |
| Class-C |
1,000,000 Passwords/sec Average recovery rate of ZIP or ARJ passwords on a Pentium 100 CPU |
| Class-D |
10,000,000 Passwords/sec Very Fast PC, Dual Processor PC. (Pentium D, Athlon 64 X2, Core 2 Duo, etc.) |
| Class-E |
100,000,000 Passwords/sec Workstation, or multiple moderately strong PC's working together |
| Class-F |
1,000,000,000 Passwords/sec Typical for medium to large scale distributed computing, supercomputers (These are very rare, though) |
When creating a password, there are a few basic rules you need to follow. These include, but are not limited to:
How to Create a Genuinely Secure Password:
A good way to create a password is to pick a less common root, for example,pitcher , and mispell it so that it becomes a non-exsisting compound-word, so (for ex.) pitchsure, instead of "pitcher". After doing this, it is a very good idea to add appendages (34a, $P$, etc.), except in unusual places, like in the middle or beginning/end of your already mispelled root-word. So, $1$1pitch%x%sure would be an almost perfect password. Other good examples may include 2arm1337war2 (armoire) or 123bayzboll321 (baseball)
Keeping Your Password Safe:
If you chose to store your password on a PC, make sure that it is in an encrypted form. Note: The Windows Password ache(.pwl files) is very insecure, so if Windows prompts "Would you like Windows to store this password?" do not click "Okay". Also, try not to send your passcode via e-mail to anyone, or tell them oraly.Yes, write your password down but do not leave the paper just lying around, and lock the paper away somewhere, preferably off-site and definitely under a lock and key.
Bad Passwords:
It is a very bad idea to use a simple and short password, and simply substituting letters(ex. 1 for L, 7 for T, etc.) in a simple passcode is a common security miconception, so 1473R (Later) , for example, is a bad password choice. Other bad examples include things located near you ("computer", "keyboard", "monitor", "speakers", "printer", etc.) are useless to fend off a cyber-attack on your password.Also, never use a password that is based upon your username, account name, computer name or email address.
Here is a list of the most common passwords. Most computers can guess these instantaneously:
- password
- 123456
- qwerty
- abc123
- letmein
- monkey
- myspace1
- password1
- blink182
- 1337
- (your first name)
It is very unwise to use one of these as a passcode. It is also not very good to use a relative's name or birthdate in a six-digit MMDDYY format as a password, either.
Changing Your Password:
It is a very good idea to periodically change your password, maybe every thirty days or so. If you do this, then a cyber-attack-in-progress will have to start over from the beginning. It is extremely important to change your password whenever you suspect that someone knows it, or even that they may guess it, or perhaps they stood behind you while you were typing it in during log-in. And emember, try not to re-use an old password.
Other Tips:
-Choose a password that you can type quickly, this will significantly reduce the chance of someone discovering your password by looking over your shoulder.
gearGE says:
Also, be extra careful regarding spyware! No meter how strong your password may be, functioning spyware on you machine will always be able to send a copy of it to its criminal authors.
RastaMon says:
A couple of things I sometimes do to create very secure, yet easy to remember passwords is to switch my keyboard to a different keyboard layout (2 clicks on my MacBook), and type something as though I were still using a QWERTY keyboard, and to use memorable equations.
Ex. 1) LJ{<rpne{prjt;! is simply PC_World_rockz! typed with the Dvorak keyboard turned on, while still entering the keys as they are labeled. Don't forget to turn return your keyboard to QWERTY (or your preferred layout)!
Ex. 2) x = -b ± √(b2 - 4·a·c) ÷ (2·a) is the quadratic formula, turned into an easy to remember, yet very secure 33 character passphrase that utilizes unmodified keys, keys modified with shift, keys modified with option, and keys modified with shift-option (aka alt). As an added bonus, there are many, many ways to alter the way in which it is typed in without changing the actual equation or making it harder to remember. For example, I could use / or ⁄ instead of ÷; I could leave out the spaces; I could use x, X, *, or * instead of ·; I could rewrite the equation as 2·a·x = -b ± √(b2 - 4·a·c), etc.
RastaMon says:
in response to: RastaMon
It appears the forum software added some funky markup to my quadratic formula that I was not expecting! After "√(b" should come "shift-6 4·a·c) ÷ (2·a)"
How to obtain all the special characters I will leave as an exercise for the reader! For Mac users, a cheat sheet is two clicks away (with proper preference settings).
Adama says:
I remember reading something similar to this while I going through my Yahoo! News. Very impressive and timely. Thank you for this awesome document! Just reminded me that I promised myself to change passwords often.
tech news tech blogs community & forums laptop prices software reviews downloads
Also change passwords every so often especially if your suspicious and use different passwords for your important accounts.