chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Best Practices for Choosing a Password filter_list
Author
Message
Best Practices for Choosing a Password #1
Weak passwords are a constant problem for websites and businesses trying to secure their data. There are thousands of hackers all over the world trying to break into systems at all hours of the day using password cracker software.

Since disconnecting systems from the internet is not an option for most organizations, it is important to enforce strong password policies in order to keep hackers out. The reason for that is if users are given the opportunity, they will pick weak passwords. Fortunately, all modern operating systems today allow system administrators to enforce strong password policies.

Most Common Passwords

Many people are prone to using short and simple passwords that are easily guessed. Some of those most common passwords include:

* Blank password
* The word "password"
* The user's username or login name
* Names of spouses, friends, or pets
* License plate numbers
* Swear words


Hackers use password hacking programs that attack most of the above passwords as well as many other simple variations of the above. Hackers targeting a specific person such as a politician or celebrity can perform searches on the internet to get personal information. Even a myspace page that contains the name of a pet could allow a hacker to break into a user's account.

Self-Service Password Reset Vulnerability

Educated guesses are very effective when it comes to systems with self service password reset policies that ask personal questions. In 2008, Sarah Palin's yahoo mail account was hacked by someone researching Sarah Palin's personal life to answer the password reset questions.

Phishing Schemes and Keyloggers

The easiest way to get passwords is to have trojan horses install programs on a user's PC to record keystrokes via a keylogger program. Another way is for a hacker to set up a website that looks exactly like the real website and trick users into giving away their username and password via a link given in email to the fake website. It's important for users to be suspicious of all email purporting themselves to come from their bank, school, social networking websites, etc.

Password Strength

The following character classes are used to define the strength of a password.

* Upper case letters (26 characters)
* Lower case letters (26 characters)
* Punctuation (approximately 33 characters)
* Numbers (10 characters)


The amount of time and computing effort required to break a password increases significantly if a random character is picked from each character class. In a recent phishing scheme for myspace passwords, only 8% of passwords had all four character classes.

Best Practices for Password Security

Only a few important steps are needed for users to protect their passwords and online security.

The first thing to do is to pick a strong password utilizing all characters classes to maximize the strength of a password. The password needs to be at least eight characters but more is better. Make it easy to memorize by using a mnemonic device. For example:

Mdslwys90! (My dad is always right = right angle 90!)

Secondly, make sure all antivirus software, phishing filter software, and anti-malware software is installed. There is free antivirus software out there that is quite good and comparable to paid commerical antivirus software.

Finally, be suspicious of all emails even if they appear to be authentic. Except for an occasional slip in English grammar, it's usually impossible to detect an email that is actually part of a phishing scheme. The graphics and logo in the email as well as the fake website are usually identical to the real website. The best practice is to always use the browser bookmark to go to the website instead of using a link in an email.

From XtremeRoot.com/ofsec/
Even if on the slightest you take a smidget
Or dare touch my revenue I slice you with the razor, quit it
Icey till I make it frigid... (BURRRR)...
The laws of physics says it's getting cold...
My money taller than a hall of midgets

-Busta Rhymes

Reply

RE: Best Practices for Choosing a Password #2
If you can choose a big enough password, and you need to make it a secure one then you can just Hash any random text, and use the Hash as password.

Benefits?
  • The text would be easy to remember.
  • Hash would be alphanumeric, long, and completely random.
[Image: rytwG00.png]
Redcat Revolution!

Reply

RE: Best Practices for Choosing a Password #3
Like... with a program, crypo, what? I dont know of any sites that let encrypt/decrypt hashes.
Even if on the slightest you take a smidget
Or dare touch my revenue I slice you with the razor, quit it
Icey till I make it frigid... (BURRRR)...
The laws of physics says it's getting cold...
My money taller than a hall of midgets

-Busta Rhymes

Reply

RE: Best Practices for Choosing a Password #4
Any site or program which lets you hash words. Crypo.com does, the program I released a while ago (HashBrute) does it too.
[Image: rytwG00.png]
Redcat Revolution!

Reply

RE: Best Practices for Choosing a Password #5
"There are thousands of hackers all over the world trying to break into systems at all hours of the day using password cracker software." Including us! xD xD :rofl:

Reply






Users browsing this thread: 1 Guest(s)