Recently I did a review of Password Safe. The purpose behind software like password safe is to create strong, well encrypted passwords. The reasoning being fairly straightforward; long, well made passwords that are tough to crack and follow no pattern at all are really hard to remember.

An account I own in an online game was compromised days ago. Besides the obvious frustration and discomfort, the biggest fear I experienced was the recognition that I used a similar password for a lot of services. In the days following this I systematically altered every single password for every service I was involved in, using Password Safe from my DropBox so I can import my encrypted passwords at work, school or even a friend’s house (DropBox takes 3 minutes to install and getting a friend to try it gets you more storage).

Last month RockYou.com had its password database accessed by a computer hacker. He revealed that the database of usernames and passwords did not have any sort of encryption. Wanting to reveal just how ineffective companies were at protecting their client’s security, the hacker released all 32 million passwords to the public (with no other information). This study just recently released analyzed those passwords and revealed just how poor the majority of passwords were.

Brute force algorithms on powerful computers can crack passwords six to eight characters in length in a matter of minutes. The study revealed that over 30% of the passwords were below six characters in length using no special combination of alphanumeric characters, thus making everyone’s password breakable with little or no effort. Worse even was the most common password: “123456”.

It’s fairly clear that users are not concerned with security, neither was I quite frankly until a few days ago when I discovered myself what carelessness in such regards can cause. Imagine someone with access to those 32 million passwords. Suppose 10% of those people use the same password for their PayPal, suppose it’s just 2%...that’s 640,000 potential PayPal accounts compromised.

For those of you still using passwords easy to crack, the study suggested the following:

• A minimum of 8 characters in length
• A mix of alphanumeric, upper case, lower case, and special characters.
• Avoiding at all costs common slang, catch phrases or other easily recognizable words.

If you don’t want to bother with making your own passwords, then get a program that handles such troubles for you, such as this one: KeePass.

Post your comment

Submit