Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 09-07-2006, 11:33 PM   #1
Golden Master
 
Join Date: Mar 2005
Posts: 13,091
Default Passwords: The not to use

I heard this on a radio some other day and it caught my attention. Thought I'd share it.

These passwords are not recommened, even not to be used:

QWERTY
This password be be weird, but they are the first 6 letters of the keyboard...hence, the hacker liking to try it.

Your personal info:
Most of the times, hackers are actual friends or family. They can find it easier to get in.

The name of your pet/animal:
Animal passwords are easy to get through and actually naming the Pet's name can be easy for the family member. The animal is easy for any hackers.

Your name:
Long story short, people with their Login IDs and putting it as a password is the easiest way to get in.



WHAT I RECOMMEND (From there, it's my point of view)

Use letters and numbers:
Hackers are always frustrating themselves with digits together. Hackers will give up.

Mix it!:
Mixing letters and numbers, like this:
l33t or like m00t or even 7jm9op0 is THE OWN WAY to get 98% impossible hijacking.
Although, in order to remember it, try to minimize it to 8 characters...can your brain memorize this?:
5490ut9u54ehy45tm0h76u0698540ybj549084ujb084uy609g 546

At last but not least:
DO NOT TELL PASSWORD TO FAMILY OR FRIEND!!!
__________________

lhuser is offline   Reply With Quote
Old 09-19-2006, 08:31 PM   #2
Golden Master
 
jac006's Avatar
 
Join Date: Oct 2004
Posts: 5,810
Send a message via AIM to jac006
Default Re: Passwords: The not to use

I would also like

2. Know what makes for a bad password.

Because the attacks described above are becoming increasingly more common, you don't want to use anything in your password that's personal and easy to guess. Keep in mind the following don'ts:



Don't use only letters or only numbers.



Don't use names of spouses, children, girlfriends/boyfriends or pets.



Don't use phone numbers, Social Security numbers or birthdates.



Don't use the same word as your log-in, or any variation of it.



Don't use any word that can be found in the dictionary — even foreign words.



Don't use passwords with double letters or numbers.

Some of the worst passwords are: password, drowssap, admin, 123456, and the name of your company or department. Finally, never leave it blank. That's a surefire way to let the bad guys into your system.

Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

Many systems also support use of the space bar in passwords, so you can create a phrase made of many words (a "pass phrase"). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.

Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:



The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.



Use the entire keyboard, not just the most common characters. Symbols typed by holding down the "Shift" key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.

Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective.

In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers.

Create a strong, memorable password in 6 steps

Use these steps to develop a strong password:

1.
Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as "My son Aiden is three years old."

2.
Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.

3.
If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you've created to create a new, nonsensical word. Using the example above, you'd get: "msaityo".

4.
Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden's name, or substituting the word "three" for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become "My SoN Ayd3N is 3 yeeRs old." If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like "MsAy3yo".

5.
Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of "MySoN 8N i$ 3 yeeR$ old" or a password (using the first letter of each word) "M$8ni3y0".

6.
Test your new password with Password Checker. Password Checker is a non-recording feature on microsoft’s site that helps determine your password's strength as you type.
__________________

__________________
Macbook Pro and Logitech z5500s. All you really need.
jac006 is offline   Reply With Quote
Old 09-19-2006, 08:32 PM   #3
Golden Master
 
jac006's Avatar
 
Join Date: Oct 2004
Posts: 5,810
Send a message via AIM to jac006
Default Re: Passwords: The not to use

The second and also important part: Password strategies to avoid

Some common methods used to create passwords are easy to guess by criminals. To avoid weak, easy-to-guess passwords:



Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.



Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.



Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.



Avoid dictionary words in any language. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.



Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.



Avoid using online storage. If malicious users find these passwords stored online or on a networked computer, they have access to all your information.

The "blank password" option

A blank password (no password at all) on your account is more secure than a weak password such as "1234". Criminals can easily guess a simplistic password, but on computers using Windows XP, an account without a password cannot be accessed remotely by means such as a network or the Internet. You can elect to use a blank password on your computer account if these criteria are met:



You only have one computer or you have several computers but you do not need to access information on one computer from another one



The computer is physically secure (you trust everyone who has physical access to the computer)

The use of a blank password is not always a good idea. For example, a laptop computer that you take with you is probably not physically secure, so on those you should have a strong password.

How to access and change your passwords

Online accounts
Web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as "my account") somewhere on the site's home page that goes to a special area of the site that allows password and account management.

Computer passwords
The Help files for your computer operating system will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection upon startup of your computer. You can also try to find this information online at the software manufacturer's Web site.

Keep your passwords secret

Treat your passwords and pass phrases with as much care as the information that they protect.



Don't reveal them to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions.



Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect.



Never provide your password over e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more.



Change your passwords regularly. This can help keep criminals and other malicious users unaware. The strength of your password will help keep it good for a longer time. A password that is shorter than 8 characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.



Do not type passwords on computers that you do not control. Computers such as those in Internet cafés, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect.

What to do if your password is stolen

Be sure to monitor all the information you protect with your passwords, such as your monthly financial statements, credit reports, online shopping accounts, and so on. Strong, memorable passwords can help protect you against fraud and identity theft, but there are no guarantees. No matter how strong your password is, if someone breaks into the system that stores it, they will have your password. If you notice any suspicious activity that could indicate that someone has accessed your information, notify authorities as quickly as you can.



Good passwords are:
  • unique. Do not use a password you already use for another account, such as your bank account PIN.
  • difficult to guess. Don't use common words or names.
  • at least 7-characters long.
  • made up of both lower and upper-case letters, numbers, and symbols.
Bad passwords include:

  • a complete word from any dictionary (English or other);
  • your login name in any form (as is, reversed, capitalized, doubled, etc.);
  • common names, such as the names of family members, pets, or friends;
  • based on any information easily obtained about you (e.g., license plate numbers, telephone numbers, employer, school name, automobile brand, street name, etc.);
  • all the same digit or letter (this significantly decreases the search time for password cracking software);
  • any obvious sequence of characters (e.g., 123456);
  • obvious to anyone watching you enter them (such as "qwerty").
Info from microsoft and yahoo!. Edited by jac006.
__________________
Macbook Pro and Logitech z5500s. All you really need.
jac006 is offline   Reply With Quote
Old 09-19-2006, 08:49 PM   #4
Daemon Poster
 
cileskot's Avatar
 
Join Date: Feb 2006
Posts: 1,352
Send a message via AIM to cileskot
Default Re: Passwords: The not to use

nice finds
__________________
Compaq Presario SR1750NX
AMD Athlon 64 3500 2.3Ghz
ATI Radeon 256mb
1.5gb Ram
19" Samsung LCD
cileskot is offline   Reply With Quote
Old 09-19-2006, 09:09 PM   #5
Daemon Poster
 
Toby's Avatar
 
Join Date: Jan 2006
Posts: 1,028
Send a message via MSN to Toby Send a message via Yahoo to Toby
Default Re: Passwords: The not to use

Sorry for double post, accindent.
__________________
Dell Inspiron 9400 Notebook 120GB 5400RPM SATA HDD, 500GB 7200RPM SATA External HDD, DVD+-RW, DVD+-RW External, Mobile Intel Calistoga i945PM, Intel Core 2 Duo 2.0 GhZ, 2GB DDR2-667MhZ Dual Channel SDRAM, Nvidia GeForce GO 7900 GS 256MB Single-Pipe.
TinyXP Rev05, PerfectDisk, TuneUp Utilities, Window Washer, Nod32, Bo-Clean, SuperAntiSpyware Pro, Spyware Blaster, Comodo Firewall Pro.
Toby is offline   Reply With Quote
Old 09-19-2006, 09:10 PM   #6
Daemon Poster
 
Toby's Avatar
 
Join Date: Jan 2006
Posts: 1,028
Send a message via MSN to Toby Send a message via Yahoo to Toby
Default Re: Passwords: The not to use

Quote:
Originally Posted by lhuser
At last but not least:
DO NOT TELL PASSWORD TO FAMILY OR FRIEND!!!
Whoops, I gave my friend my demonoid account info.

Nah, but it's cool, he's my best mate. I trust him... Plus I set up all his security software for him. So our computers should be pretty much as secure as each others.
__________________
Dell Inspiron 9400 Notebook 120GB 5400RPM SATA HDD, 500GB 7200RPM SATA External HDD, DVD+-RW, DVD+-RW External, Mobile Intel Calistoga i945PM, Intel Core 2 Duo 2.0 GhZ, 2GB DDR2-667MhZ Dual Channel SDRAM, Nvidia GeForce GO 7900 GS 256MB Single-Pipe.
TinyXP Rev05, PerfectDisk, TuneUp Utilities, Window Washer, Nod32, Bo-Clean, SuperAntiSpyware Pro, Spyware Blaster, Comodo Firewall Pro.
Toby is offline   Reply With Quote
Old 09-23-2006, 01:25 PM   #7
Beta Member
 
Join Date: Nov 2005
Posts: 4
Default Re: Passwords: The not to use

i have a question:

don't hackers target specific people? they're not gonna go after any old scrub are they? and if they don't even know the person, how on earth could they begin to start typing things at random trying to base the password on personality traits? things don't add up.

do they have a program that inputs all possible password combination or something?
Diggs is offline   Reply With Quote
Old 09-23-2006, 01:32 PM   #8
Daemon Poster
 
cileskot's Avatar
 
Join Date: Feb 2006
Posts: 1,352
Send a message via AIM to cileskot
Default Re: Passwords: The not to use

you feed password lists to password crackers.
__________________
Compaq Presario SR1750NX
AMD Athlon 64 3500 2.3Ghz
ATI Radeon 256mb
1.5gb Ram
19" Samsung LCD
cileskot is offline   Reply With Quote
Old 09-23-2006, 01:51 PM   #9
Golden Master
 
DJ-CHRIS's Avatar
 
Join Date: Apr 2006
Posts: 5,203
Send a message via AIM to DJ-CHRIS Send a message via MSN to DJ-CHRIS Send a message via Yahoo to DJ-CHRIS
Default Re: Passwords: The not to use

Quote:
Originally Posted by Diggs
i have a question:

don't hackers target specific people? they're not gonna go after any old scrub are they? and if they don't even know the person, how on earth could they begin to start typing things at random trying to base the password on personality traits? things don't add up.

do they have a program that inputs all possible password combination or something?
They can get infomation aobut you, it's really easy. Sites sell your personal infomation for starters. Their are also programs that try every possible password known to mankind (Brutis and Cain)
DJ-CHRIS is offline   Reply With Quote
Old 09-24-2006, 05:27 PM   #10
Fully Optimized
 
UK31337's Avatar
 
Join Date: Feb 2005
Posts: 2,776
Default Re: Passwords: The not to use

Some say you're better off setting the first and last characters as either numbers or non-standard symbols. I'm told that brute-forcers often start with the letters, so setting the first character to something else will make it take far longer for it to actually get round to serious business.

I'd also go for 16+ characters, just to be on the safe side. We've been told to never use UNIX shell characters, but that's just so the sysadmins can make changes when need be, without causing any major problems.

Stuff like this would be strong, in my opinion:

2L9GHnaPqoGbLkmd9bCxCK4
__________________

__________________
Master of common sense. If you don't like it, stop reading.
UK31337 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:58 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0