How to choose a secure password
by RBH - March 08, 2021 at 11:03 AM
Just a short tutorial on password security and how to stay safe. If you have some tips or comments it will be nice to share them.

A secure password is a must have for anybody that has an online presence. Here I will share with you a few tips on how to create a secure password.

A password like sh4d0w#7 even though it looks full of different letters, numbers and characters, is not really secure. The password is short, you are using known substitutes of letters (4 instead of A, 0 instead of O, etc.) and shadow is a common word.

On the other hand if you make up a password containing four random words for example- yonderlyquantumincongruouslament. Although it doesn't look as secure as the previously machined password containing letters numbers and punctuation, it actually is the more secure password of the two because it is more random thus making it harder to guess (or brute force).

Here are the most common guidelines recommended to create a strong password:

• Your password should be random and long (above 12 characters) the longer the password is the harder it is to crack.
• Use a mix of character but not the common letter replacements because they can easily be cracked.
• Don’t use common passwords such as: password, 123456…..
• Don’t use keyboard paths like qwerty.
• Use random uncommon words.
• You can also use a sentence that you change( use only first few letters of each word in a sentence and add numbers and characters ) The point of building a secure password is to protect it from being cracked easily.

What is Password Cracking?
Password cracking is the process of guessing the correct password to a restricted account or system. You can crack the password by exploiting its vulnerabilities. By either comparing stored passwords against word list (and checking the common passwords such as:123456) or use algorithms to generate passwords that match.

What is the password strength?
A passwords effectiveness in resisting cracking attacks is measured by its password strength. A password's strength is calculated by the following factors:
• Length- the number of characters in the password (a password that is too short isn't  safe).
• Complexity- does it contain a mix of letters, numbers, and symbols (for example: [email protected]#hk!54sp)?
• Unpredictability- Is it something that an intruder would quickly figure out (for example: password or 123456)? Cracking a password can be done by using a variety of methods.

Here are the most populate methods used to crack passwords.

Guess– As the name implies, this approach entails making educated guesses. Passwords such as qwerty, password, admin, etc. are commonly used or used as default passwords. If they have not been changed or if the user is careless when selecting passwords, they can be compromised easily.

Dictionary attack- The use of a wordlist to compare against user passwords. The dictionary attack is similar to the brute force attack. Brute force attacks create passwords for the attack using algorithms that combine alphanumeric characters and symbols. Using the brute force attack, a password with the value "password" can also be tried as [email protected]$$word.

Rainbow table attack– This approach makes use of hashes that have already been computed. Assume we have a database where passwords are stored as md5 hashes. Another database with md5 hashes of widely used passwords can be developed. The password hash we have can then be compared to the hashes contained in the database. If there is a match, we have the password.

Spidering– Most businesses use passwords that contain company information. This information is available on business websites as well as social media platforms such as Facebook and Twitter. Spidering collects data from these sources in order to construct word lists. After that, the word list is used in dictionary and brute force attacks. 

Another important thing when talking about password is to make sure that you do not keep your passwords and cookies in your browser. Additionally it is always recommended to have an updated antivirus to counter keylogger as well as a patched Operating System.

So when you choose your next password keep these rules and techniques in mind so you can be as secure as possible.

Some links with tools:

Possibly Related Threads…
Thread Author Replies Views Last Post
How to make a secure telegram. DataFiend 19 1,101 5 hours ago
Last Post: Bernstein9292
SANS SEC540 Secure DevOps Training | PDF 2020 malandraum 92 9,099 November 16, 2021 at 07:26 AM
Last Post: dns11172
EC-Council Secure Programming With C xTeSg 14 533 September 23, 2021 at 05:37 AM
Last Post: cawan

 Users browsing this thread: 1 Guest(s)