Note: This is a guest post written by Ryan Barnes
Passwords are pretty commonly found in computers today, with the vast majority of us using them on our actual computers, on forums, social networking sites and elsewhere.
We use them on our phones and our tablets, and they can even protect the memory cards in our cameras. It’s important then, that we keep our passwords sensible, safe and secure – here are some tips on using passwords, and more importantly, keeping them secret.
How to choose a good password – Mix it up!
By far and away, overwhelmingly, enormously, stupidly, the biggest method used by computer hackers to breach networks today is repeated passwords. When computer experts and websites tell you to use different passwords, they’re well and truly not saying it for the good of their health. It’s not that having multiple passwords is a good idea, having just one password is a bad idea. A very, very bad idea. If you use that password for eight different websites, it doesn’t matter how secret you keep that password. All it takes is one of those eight websites to get hacked and your password to be exposed. If you use the same username AND password in multiple places, then it’s a wonder you’ve not been hacked already.
When a website gets hacked its user passwords are generally kept in a database, right next to the username they’re associated with. If that database gets exposed, not only is your password available for access, so is your username. Hackers with that data, can, and WILL, use it on other websites that you’ve registered on to see if they can get access. Think of it this way: forums are some of the most hacked types of websites on the net. If your forum password and your email password are the same, and that forum gets hacked: how long would it take for hackers to then get access to your online banking and social networking accounts?
How to choose a good password – Password Doesn’t Mean Pass WORD
Wordlists are the hacker equivalent of a skeleton key. I’ll explain what a wordlist is in a minute, but passwords work like this: you write a password in normal, readable ‘plaintext’, software performs a mathematical function on that ‘plaintext’, and you’re left with a password hash. When you enter your password online, that mathematical function is repeated and then the result is compared to the digitally stored hash: like digitally, mathematically checked ID. When a hacker gets access to your password hash, he or she tries a number of different words with that mathematical function until there is a match: if there is a match then they have your password.
The two most popular ways of finding that match (or ‘cracking’ your password) are by bruteforcing and wordlisting. Rainbow tables are another option, but we’re still years away from that being a real threat. Brute-force techniques are exactly what they say on the tin. Every single plaintext password you can think of is tested before a match is found. Wordlists are lists of common passwords that are read by the computer and tested first.
This sounds really complicated but it boils down to this. The simpler your password is, the more likely it is to be on a wordlist and the faster it’ll be found by an attacker. Try and make your password hard to guess by maybe jumbling up the letters in a word, and adding numbers and special characters like ? and *. These kind of passwords are less likely to be on wordlists.
There is no one-size-fits-all solution to passwords, but your best bet is to use different ones as often as you can, even if you only change a number or a letter. Make those different passwords really hard to guess, and you stand a much better chance against online intrusion.
Note: This guest post was written by Ryan Barnes, who is a blogger for USB Design, a leading company in bespoke USB flash drives. He writes about technology and computers, and uses his custom USB flashdrives for work and media.