P@$$words: Securing Your Life

You just got a brand new computer after the last one was hacked into because of a weak password. Now you are paranoid about having a password that no one can crack. Is it better if you make it long, or complicated, or even short with random characters?? In this article all you password related questions will be answered. Read More...

Cracking Passwords
Before we jump into the password strength discussion, let's first talk about how passwords are cracked. This will give you a better understanding of why using these techniques can help protect your accounts. Windows passwords are called MD5 Checksum Hashes. A hash is a complicated string that is the encrypted form of an original string. The way hashes are created makes it impossible to actually decode. To crack a hash you actually have to guess the password and convert it to a MD5 hash. If the hashes are equal, your guess is the password, if not, you have to guess again. This makes is more complicated to crack since you can't reverse engineer the MD5 hash. You must guess it. There are many programs out there that can crack hashes, but we will not discuss them (This is an article on good passwords, not cracking them).

There are several ways to crack a hash, but there are two basic types. A dictionary attack and a brute force attack. A dictionary attack is when a program tries words from a dictionary as it's guess. After converting to a hash, if the hashes are equal, the dictionary word is the password. For some of those who are more sophisticated, a brute force attack is necessary. A brute force attack it the most common (Because there is almost a guarantee it will find the password), but it is the slowest. This is because it simply starts trying random patterns. For example, if you had a password that was two characters and only lowercase the program would try: aa,ab,ac,ad,ae,af, etc. Once you start adding more characters and character sets (a-z, A-Z, 0-9 + Special Characters) you can see how the time will add up. Take a look at this example. We are assuming that a brute force attack is being performed and it can try 1,000 passwords a minute.

Pass Length	Character Set	# of Passwords	Time
4	a-z	456976	7.6 Hours
4	a-z, A-Z	7311616	5.07 Days
7	a-z, A-Z, 0-9	6060711605323	4208827.5 Days
7	a-z, A-Z, 0-9, Special	10030613004288	19084.1 Years

Notice how the time it takes to crack increases exponentially as you add more characters and make the passwords longer. If you used the last option, the world would have been destroyed by Global Warming before your password was cracked. Armed with this knowledge, you should already have a good idea for a password. Take a look at some of the tips below for good ideas for creating a password that is even harder to crack!

Password Creation Tips
One of the most important things about making your password is to make one that you can remember. If it is so complicated that you have to write it down, make one that is simpler to remember. Aside from forgetting the password, writing it down is one of the worst things to do. If someone got a hold of the paper, they would have all your passwords and would be able to access everything you protected with that password. If you can't remember your passwords, most browsers (including Firefox) include a password remembering feature. Firefox even offers a master password feature. It will encrypt all your passwords, but to use one you need to enter the master password. For other passwords you can try programs like RoboForm can remember all your passwords and multifunction as a form filler. All passwords RoboForm can be protected with a master-password too!

Even though all of these tools are great, nothing beats good 'ol brain power. You can never trust a computer. They can crash or be hacked (Your passwords in RoboForm are encrypted with Government Standard Encryption, it probably won't happen) and are just not reliable. You mind is the best way to bank all your passwords. Just as a side note if you really are a security frantic, you can try a very expensive solution called Iron Key. Iron Key is a flash drive trusted by the military to protect trade Government Secrets. I'm not going to go into details but it is pretty much everything proof. Nothing can break into it without destroying the encryption keys and if you enter the password wrong ten times it will self destruct. Yeah, sounds cool doesn't it. It even has a secure browser and password manager built into it so you can pretty much do everything with your flash drive. All this for a pretty hefty price!!!

If all these solutions seem too expensive or just too much for you, try some of this tips that can improve your password strength so you don't need Military Grade Encryption. One of the most basic passwords is a password that contains just lowercase letters (Ex. password). Now once you have a good word let's disguise it by making some of the letters uppercase (Ex. PassWORd). Don't use a pattern such as PaSsWoRd, make it random to make your password even more secure. Next let's add numbers to it to complicate it further (Ex. PassWORd23). This is pretty common. Most people will use a word and then a two digit number (such as the last two digits of the year they were born). If you want a good password, try a number you like and then disguise it into your password (Ex. Pa2ss3WORd). If this isn't too hard to remember yet, try adding some special characters: @ for a and $ for s or replacing numbers with their symbol: 3 is # 1 is ! (ex. P@2ss#W0&d). This probably looks complicated. You really don't have to use that many special characters, but the more, the better. The example password, P@2ss#W0&d, would take about 71231092.8 centuries to crack. That's pretty long!!

Passwords are some of the most important thing on the web. They protect your sensitive data and provide us access to some of our personal information. Without passwords, the web and computers would be very insecure. I hope this article has help you learn how to protect your accounts with a strong password. If you have any password related questions, post a comment, post it on the forums, contact us for live help from our CrossLoop gadget, or PM us through our Youtube Channel. And as always, thanks for reading!!