A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource – Wikipedia
So, your password prevents unauthorised access to your personal messages, to your online storage service, to your bank accounts (online), to your social accounts (Facebook, Twitter, MySpace, etc) and thus has to be as hard-to-guess as possible.
To be able to choose a good password, one should know how are passwords broken or cracked and choose one accordingly;
- Dictionary Attack
This method involves trying all the words in a dictionary until the correct match is found. A ‘dictionary’ can be the one you use the look for meanings (Oxford Dictionary) – passwords like apple, computer, building, government, boy, girl – 😛 , or a list created by Mr.TheMaliciousHacker himself and containing a list of words related to you or your surroundings as he is aware that sometimes you use your parent’s name, your gf’s name or your pet’s name. Looking for these details about you is known as Social Engineering which will be discussed in another post.
- Bruteforce attack
This method is quite a long and tiresome one but proves to be very effective in most cases. It involves trying all possible combinations until the right one is found – aaa, ab4, ai4, … It takes very long sometimes but if the hack/attack is of great importance, Mr.TheMaliciousHacker will wait for the attack to be completed and the password revealed. But this process can be made fruitless in most cases by using complex and long passwords. See, having a 3 letter simple password will take very short time to crack than an 8 alphanumeric password.*Hackers usually use both methods at the same time !!
Following are a few do’s and dont’s for choosing a good/strong password plus some tips.
- Never ever use simple passwords like 1234, qwerty, azerty, 4321.
- Never use your name, pet’s name, lover’s name as password.
- Never use the name of the service provider as you password; e.g ‘hotmail’, ‘yahoo’, ‘facebook’ as passwords for your Hotmail, Yahoo and Facebook accounts respectively.
- Never use your birthdate alone in a password.
- Use a combination of letters, numbers and special characters. Note: p@$$w0rd is NOT a secure password.
- *Use a unique password for each of your accounts; no two passwords should be the same.
- *Change your passwords regularly.
Choosing the password
Say you are creating a new Windows live account. Obviously, you’ll have to think of a password; a secure one. Here’s one way of proceeding..
Your name: irshaad ———- (1)
Birthdate: 1611 —————-(2)
Favorite Movie: Skyfall ———- (3)
Use a combination of the three and there you go!
Password: i r s k y 1 6 f a l l 1 1
but as we said earlier, special characters must be used too, we replace the ‘a’ by an ‘@’ sign leaving us with the hard to guess password; irsky16f@ll11
Of Course!, do not use the same positioning and variables I used, as hackers learn very quickly and also can easily write a script (piece of code) to automate the process whereby the simply have to enter those the details and all possible combinations are saved as a dictionary file ready to be used for a successful Dictionary attack.
Here’s a link to a very good article about passwords from MakeUseOf