s skippy the bush kangaroo: password breach

skippy the bush kangaroo



Wednesday, January 04, 2012

password breach

a massive breach of security has exposed over 68,000 credit cards. the main cause of the breach was insecure passwords.

here's my tip for creating secure password that is easy to remember: pick a title from a book or box or something that is always on your desk and use that as the passwords. make it all lower case except for the third and fourth characters and substitute a letter for a number in the first i, l, or o. Seems complicated but is easy once you try. say the book "Tom Sawyer" is on your desk and is a permanent fixture. it might be one of a dozen books on your desk. so now your password is "t0MSawyer" (that second character is a zero). i don't like that it is only nine characters, but then i always go for fifteen or more characters. for many years i used UN1XthecOmpletereference, but then i worked in computer security some years ago and learned a lot about password cracking. my current password is above fifteen characters and has case changes and number substitutions and some non-alphanumeric characters.

password cracking can be done in a number of ways, but a dictionary-based cracker is easily defeated by my suggestion. you can't defeat a brute force cracker that generates every character and number combination in the world, but if you have a complex password, it will take a brute force cracker too long to crack your password, making it worthless to hackers to try.
posted by DBK at 9:25 AM |

3 Comments:

Frog, long time no see -- I hadn't realized you were posting here -- obviously, I don't get out often enough! But I will check here more often to see what your latest post is all about.
Thanks for the advice on passwords, by the way.
commented by Blogger CathiefromCanada, 10:45 AM PST  
Other thoughts on password strength:

http://xkcd.com/936/
commented by Blogger The Dead Acorn, 11:01 AM PST  
Automobile license plates are also a good source, especially if they mix numbers and letters. You can add state initials and your own and Upper case where you wish.
commented by Blogger montag, 7:31 PM PST  

Add a comment