Security - Passwords


Check this awesome bit about Passwords Strength at XKCD: http://xkcd.com/936/


The original text of this article has been left below for historic value.

With the invention of rainbow tables, no password is secure. I used to suggest using complex passwords (see below), and changing them on a regular basis, but now it seems the only person this will inconvenience is you. A hacker with access to your system can find your password in a matter of minutes. A password will keep nosy co-workers out of your system, but that is about all it is good for now, so really, you just need something they won't guess. As far as defending your system, look towards getting a solid firewall, and keeping your operating system and software up-to-date. If you have any actual secrets that matter, look at physically securing your system as well. This might be as simple as locking the door to your office.

For your entertainment, the original article can be found below the line:
In todays world, our user accounts can often be very powerful, potentially providing access to the servers that we use.

The simplest passwords are often just regular words, and are easy to break with a "dictionary" attack (basically just trying many of the words found in the dictionary). Dictionary cracks can be done in mere seconds.

For strong passwords, it is best have a password that is 6 or more characters, and does not contain any "dictionary" words, and especially not "admin", "administrator", "pass", or "password"

In addition, it is suggested that passwords be made up of at least three of the following types of letters:

Uppercase letters (ABCD...)
Lowercase letters (abcd...)
Numbers (1234...)
Non-alpha letters (!@#$...)

For example, Tiger Woods might need to select a password...

If he selected "golf" that would be too short, found in the dictionary, and only be one of the 4 types of letters.

If he selected "g0lfClub$" it would be long enough, not in the dictionary, and have all four types of letters

Even with a relatively secure password like this, a determined hacker with access to your network can still crack your password, but it will take more time and effort.

We generally change the admin passwords on our servers once a month. It might be a good idea to change your personal passwords on a regular basis as well.

What do you think?

Name (optional)

Email (optional)

Your comment (optional, but helpful)