A database of about 1400 encrypted passwords can be decrypted by a hacker utilizing his cracking tool and a regular off-the-shelf Pentium 4 PC in under 15 minutes (using dictionary attack) and about less than 8hrs (using brute-force attack).
Here is a guide from Privacyright.org:
http://www.privacyrights.org/ar/alertstrongpasswords.htm
My advice:
1. Use at least 12 characters (I highly recommend 15). Combine alphabets, numbers and special characters.
2. Change them every 180 days (I highly recommend 90 days)
3. Use your own algorithm. So, when you need to change it you don't have to remember a bunch of passwords. For example: Password1 is !L0v3mybeatles0!1! Password2 is !L0v3mybugs0!2!
4. Don't share your passwords
5. Don't use any words in your passwords that may depict your name, your family, your car, your school or anything that describes or relates to you
6. If you have too many passwords, use a password manager. There are many out there but I only trust one - PasswordSafe. Google it. Lifehacker suggests 5 alternatives:
http://lifehacker.com/5042616/five-best-password-managers
7. No names, no common words, no birthdays, no SSN, no address, no famous quotations.
8. When the system won't permit you to use more than 8 characters and special characters, be creative and please, email the webmaster (politely) to improve their password requirements.
In the old days, when "auditing passwords" :) these are the common passwords we've uncovered
god, jesus, godislove, bart, simpsons, loveisgod, honey, sweetheart, ****** (masked bec it's too obscene), name, password, secret, cia, fbi, nsa, hacker. :), :(, cool and many others
m4x
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment