How to have Safer Passwords: Rules 1-3
As part of our forensics practice, we sometimes have to break or “crack” passwords. Password cracking is much more difficult and can, perhaps, foil hackers when a few simple rules are followed. Here are some tips to help keep our client's data safe:
Three good rules for passwords:
1) Stay away from the dictionary! Standard words in a dictionary are far to easy to crack. There are many software products that will simply start with “a” and go to “Zythum” trying to find the password that will open the protected information. This type of Password Cracking is called a Dictionary Attack. And it is quite effective.
2) Use a Passphrase. A Passphrase is a longer password, perhaps a sentence or some other set of words that are strung together. This dramatically increases the time required to crack a password. Generally a Passphrase is going to be upwards of 15 characters in length. Use song titles, lyrics, favorite quotes, etc. to make the Passphrase memorable. Another technique related to the Passphrase is the Partial Passphrase. This involves using only a portion of the words in the Passphrase. For instance, use only the first or the first and second letter of each word of the Passphrase. Add numbers and symbols and you have increased the complexity dramatically. Place those numbers and symbols in the middle of the Passphrase and "crackability" drops dramatically.
3) Never use the same password twice. It is easy for us to fall into the habit of re-using passwords. The problem with that, however, is that once the bad guys have your password they have access to everything that particular password can open. So the hacker can move from a Facebook account into someone’s bank accounts.
By Scott Greene
ABOUT THE AUTHOR: Scott Greene of Evidence Solutions, Inc.
For over 30 years, Scott Greene has been helping companies meet the challenges of the swiftly evolving computer technology industry.
Directly from high school, Scott went to work for IBM. Scott studied Systems Engineering at the University of Arizona. He has since earned certifications in many products and programming languages.
The Evidence Solutions team analyzes data from Computers, Cell Phones, Black Boxes, Dispatch Systems, Medical Records. Scott then explains the digital evidence in plain English.
Scott’s extensive knowledge draws clients to him from all over the United States as well as Internationally for consulting, Forensics and expert witness services. His extensive and diverse experience allows him to be an expert in many facets of digital and electronic evidence. Scott, a sought after speaker and educator, travels throughout the country sharing his knowledge and presenting to local, regional, national and International organizations.
Copyright Evidence Solutions, Inc.
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.