Loading...


bookmark - Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords

Passwords That Should Never Be Used - How to create strong passwords and hacksafe passwords

 
 Discussion by Oxford with 34 Replies.
 Last Update: February 13, 2008, 10:07 pm (View Latest)
Page 1 of 2 pages.
bookmark - Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords  
Quickly Post to Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords w/o signup Share Info about Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords using Facebook, Twitter etc. email your friend about Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords Print
Reply / Comment New Discussion / Topic Share / Bookmark E-Mail a Friend Print


:)

QUOTE

Strong passwords are your first step in securing your systems. If a password can be easily guessed or compromised using a simple dictionary attack, your systems will be vulnerable to hackers, worms, Trojans, and viruses.

Trojan, virus, and worm authors have had great success attacking systems with weak and/or default passwords. Take IRC/Flood Trojan for example. McAfee’s virus profile states that IRC/Flood has over 120 variants and has infected over 60,000 machines in the last 30 days. IRC/Flood succeeds by checking for 22 different different easy to guess admin passwords (variants vary). Unfortunately, there are a lot more where IRC/Flood came from, W32/Tzet.worm, W32/Random.worm, and W32.HLLW.Gaobot.gen are in the wild just to name three.

Hackers also have no problem compromising systems with weak passwords. Programs like L0pthCrack for example make the process simple and efficient. Creating a password-cracking dictionary is not even a challenge. Type the words "Creating Password Cracking Dictionaries", without the quotes, in to your favorite search engine. A comprehensive dictionary can be downloaded or created from scratch in short order.

Below is a list of commonly used weak passwords that should NEVER be used. If any of these passwords look hauntingly familiar and are being used, you need to change the password immediately.

PCLinuxOnline has a great article:

Link:
Full Article

hope this could help u from now on to choose better passwords


:) Have a nice day!

[note=KuBi]Copied from AntiOnline.com .[/note]

   Thu May 25, 2006    Reply         

I totally agree with this idea but isn't it understood? Most of the webmasters would know this much, atleast.

Last time I visited a friend of mine and when he was logging on to his hotmail ID he was typing his password for a long time and I asked him what was he doing. He told me that he was typing his password consisting of alphabets and numbers that made up to 70 characters. It was one of the longest password I've ever heard of. And you know what he said, his email ID has the safest password.







   Thu May 25, 2006    Reply         

You could easily use a phrase as a password, and to include numbers in it, use any number as a space (like "this0is0the0safest0password0in0the0world0hurray"). This yaw you wouldn't forget it. Of course you could use a gigantic phrase but I don't know if that is even possible to store in the passwords database..

Other type of password that can be used is the "numb3r5_4nd_l3773rs" type.

Or you can even type a backwards phrase, so the dictionaries wouldn't be able to guess them (like "nac uoy fi em kcah ot yrt"):)

   Thu May 25, 2006    Reply         


More importantly than typing in common passwords, is the concept of default passwords. For example, how many wireless products come with default passwords where the owner is too stupid to think to change it. Now people are being arrested for connecting to wireless networks, but I think the fault should be placed on the people who aren't securing those networks in the first place, the product makers.

   Fri May 26, 2006    Reply         

Also, make use of symbolic (literally, not literary) passwords [^*@&%!!@#$*12342568 9ABCDEFGHIJKLMNOPQ...] arranged into random strings of blah. Takes forever to crack according to this article:
http://www.thecrypt.co.uk/lockdown/recovery_speeds.html

   Fri May 26, 2006    Reply         

it is a good idea all of you gave above.a security password must include number ,letter and symbol...certainly capitalization aslo need not lack.however,it is not a perfection.there is a good way to protect your password.the order of your typing them...you can type the latter part with keyboard then use mouse to input the fore part to avoid some spy software.

   Fri May 26, 2006    Reply         


Pheeew, I'm glad my password isn't on that list, altrough I didn't expect that to be the case :)

   Fri May 26, 2006    Reply         

i use an alphanumeric combination for my passwords. i tried to open a friend's account using his favorite artist's name and it worked. i told him at once about that, and asked him to change his password immediately or else I would hack his accounts. hehehe he changed the passwords to all of his accounts. some people are so vulnerable to hacking because they use simple words as passwords.

   Fri May 26, 2006    Reply         

QUOTE (Radioactive)


You could easily use a phrase as a password, and to include numbers in it, use any number as a space (like "this0is0the0safest0password0in0the0world0hurray"). This yaw you wouldn't forget it. Of course you could use a gigantic phrase but I don't know if that is even possible to store in the passwords database..

Other type of password that can be used is the "numb3r5_4nd_l3773rs" type.

Or you can even type a backwards phrase, so the dictionaries wouldn't be able to guess them (like "nac uoy fi em kcah ot yrt"):)

Link: view Post: 253975


They arn't the best examples of passwords that you should use...

You need Special characters like: @~{}]['#/()*"$%"^!
Lowercase Letters like: abcdefghi
Uppercase Letters like: ABCDEFGHI
Numbers like: 01234567

All this will create the best password for example:

L@tS0fcH4r5_|v|4kE490oDPA5Svv0rD^£

   Fri May 26, 2006    Reply         

Hey i believe a password shouldnt be too much of alphnumeric kind. I mean if you keep a password like
igotcha7kidz

or anything like that which would be easy to remmember
i also suggest to change case like

JiBizMAname4me
i can be easy remmembered as it mean Jib is my name for me.

   Tue Jun 6, 2006    Reply         

Haha! I checked all my paswords, and I have safe passwords. Not even one was in there. Which is cool. Thanks for the find there. I think this article needs to get out more so people can see why they are getting their accounts hacked into. I am surprised at some they had though, I would never of guessed a lot of those, not that I have ever tried getting into someone's account either. :rolleyes: Oh well. Hey thanks!

   Tue Jun 6, 2006    Reply         

Remember the movie "Hackers?"

What were the Plague's four most commonly used passwords?

Love, Sex, Secret, and God!

LOL

I like the idea of using a phrase. Now if I could just think of one! (Hmmm,,,, "The Rain In Spain..." "FourScoreAndSeven..." "BeamMeUpScotty") ROFL....

//Captain.Jerry/

   Wed Jun 7, 2006    Reply         

the most secure as a password you can get is using a variety of different types of characters (symbols as well if possible) and different cases.

   Thu Jun 8, 2006    Reply         

the germans in WW2 thought they had an unbreakable coding machine - the enigma. but the allies cracked the code by fidning out the password was 1234! (or somethign similar like qwerty).

that's a lesson to keep in mind as it pretty much cost the germans the war.

   Thu Jun 8, 2006    Reply         

QUOTE (amhso)


the most secure as a password you can get is using a variety of different types of characters (symbols as well if possible) and different cases.

Link: view Post: 257060


... And the easiest to forget! LOL

   Thu Jun 8, 2006    Reply         

Another hint is use some different passwords :

Like the password for POP mail is sent over the network in plain text , so this one is easy to decode.
You may use a strong password but if you are using everywhere the same, once you get one you get them all.
And so you can make it so hard that you even can't remember your own passwords.
There are even freeware programs to store all your passwords in 1 application.

   Thu Jun 8, 2006    Reply         

Quote Absolute: L@tS0fcH4r5_|v|4kE490oDPA5Svv0rD^£

Actually, this is pretty easy to crack... it's made of dictionary words all with alternate representations - you can code a program to take that into account. Maybe you've even prompted a hacker to create a program that does that. :) Plus, you wouldn't remember the capitalization... I hope. :(

Also, "CircLEsarEfun57ILIKETrainS" or the such is not a good password either because it is made of dictionary words... programs can get around this.

A good way to make a short password is to make up a word:
e.g.
Aedapa
that isn't in the dictionary...
homevti is not a good pass because it is mostly a dictionary word...
also, ylper (reply spelled backwards) is very easy to crack because programs check for words spelled backwards...

Eventually any password is crackable, but if it is 15 letters or longer for a windows password, it takes months to crack. I mostly know about windows password, but the easy-to-hack hash type can only go up to 14 letters, after that it is much harder to crack.

Hope this helps someone...

   Wed Jun 21, 2006    Reply         

QUOTE (Absolute)


They arn't the best examples of passwords that you should use...

You need Special characters like: @~{}]['#/()*"$%"^!
Lowercase Letters like: abcdefghi
Uppercase Letters like: ABCDEFGHI
Numbers like: 01234567

All this will create the best password for example:

L@tS0fcH4r5_|v|4kE490oDPA5Svv0rD^£

Link: view Post: 254266


I agree!! You should use number, letters and symbols so that you password is not easy to guess. You want a password you can rememember but one that others can not guess.

   Thu Jun 22, 2006    Reply         

I think most of the more modern scripts nowadays, from FTP control php scripts to more complicated discussion boards, have built in functions to tell whether a password provided by the user is a strong or a weak one. I have come across such a discussion board. It informs me that the password I am using is a weak one and it does not allow me to proceed until I provide another one. I am not using something like my date of birth or a string similar to my user name as the password, it just turns out that since they are all alphabets, the security is still not good. I have to put in some numerals in my string to make it stronger to pass the security check. I think such built in functions are quite good.

   Thu Jun 22, 2006    Reply         

To make a decently secured password go to http://javascript.internet.com/passwords/p...-generator.html. Make sure that the length of your password is at least 6 characters (although it really should be 10) and that all of the "character option" checkboxes are checked.

My password wasn't on the list :), although I didn't expect it to be.

   Fri Jun 23, 2006    Reply         

Yeah passwords are one of the things that one should be very careful with. It is easy to make a good password but it is much easier to make a bad one and risk loooots of your money, work and god know what more if hackers really get into you.

So take all the advices that were said up there and use them so you'll be safe..

   Fri Jun 23, 2006    Reply         

I dont really have a use for things like that, because I try not to make enemies so no one really want's my passwords. I mean, I don't exactly have an easy password either, but still. I don't think that anyone should be all that worried unless they are a *BLEEP* of some sort.

[note=Dooga]
Please watch the language. Even if it's censored, it would be much better to practice a good use of language instead of having a machine do it for you.[/note]

   Fri Jun 23, 2006    Reply         

One of the saddest things I've heard was alot of people use the word "password" as their password. Even for servers of corporations, the people who had setup their servers used the password "password", as the password for the servers. Which is stupid.

   Sun Jun 25, 2006    Reply         

Sometimes when I register for boring "register to view it all" types of sites, I just use usernames and passwords like "jenny" or "googleaaa" because I'm lazy :)

   Sun Jul 2, 2006    Reply         

It is the rule of the thumb not to use any word that is present in any dictionary as your password. Even if you combine them with numbers it will be easier to crack. The longer the word and the more complex it is it will become more secure.

   Sun Jul 2, 2006    Reply         

My mom tells me that at her workplace, they use Unix root passwords (or something called that, I only remember the word "Unix".)

These passwords have to be exactly 8 characters long, and must contain one of each of the following:

1. an uppercase letter
2. a lowercase letter
3. a number
4. a special character

So a password like "E==m*c^2" (Einstein's forumla in C++) would be valid, but a password like "abcdefgh" wouldn't.

Here's a very simple rating system that KDE uses to determine password strength:

1. Count how many uppercase letters there are (up to 4 are counted)
2. Count how many lowercase letters there are (up to 4 are counted)
3. Count how many numbers there are (up to 3 are counted)
4. Count how many special characters there are (up to 5 are counted)

5. Add these numbers up, and take a score out of 16. A score of 7 or 8 would take about 7 days to guess if the program cracking it tried at 40MHz (40,000,000 attempts per second).

Here's my own:

0. The score for any category is calculated with the following formula:

(<priority>) - (<priority>) / (<number of characters in category> + 1)

1. Count how many uppercase letters there are. The priority for category 1 is 5. (26 chars total)
2. Count how many lowercase letters there are. The priority for category 2 is 5. (26 chars total)
3. Count how many numbers there are. The priority for category 3 is 3. (10 chars total)
4. Count how many keyboard-accessible special characters there are. The priority for category 4 is 7. (32 chars total)
5. Count how many other special characters there are. The priority for category 5 is 15. (129 chars total)

The password "E==m*c^2" would get a base score of 12.933333333.

EDIT (2008-02-12 21:53:30): After this, the score is converted into a score out of 100. (I decided to do this to incorporate length into the score.)

The formula looks like this:

100 - 100 * (0.90 ^ <length>) * (0.90 ^ <base score> - 0.025)

So the final score for "E==m*c^2" would be 90.057142284048211935767242789242.

   Tue Feb 12, 2008    Reply         

I usually am very careful when I create passwords for logins.. It actually depends on the account that it is being assigned for...

Like for example, if it is for something personal like a personal email account or something.. I either randomly squash the keys or if at home, I get my cats to generate the password for me they do it by hitting the keys they like best :o ..

But if it is related to work or of high priority, I follow an algorithm that is usually used for generating passwords :D

   Wed Feb 13, 2008    Reply         

Of course, when choosing a password, it is also a good idea to choose something that you can actually remember. Some password like sE9@&F1rt` is going to be hard to memorize.

BTW, I'm making a random password generator right now. I'll be putting it into my experiments folder.

   Wed Feb 13, 2008    Reply         

QUOTE (CaptainJerry)

Remember the movie "Hackers?"

What were the Plague's four most commonly used passwords?

Love, Sex, Secret, and God!
Link: view Post: 256914


Wow! I can't believe someone just brought up the exact thing I thought of when I saw this topic! Great ideas everyone. My passwords tend to be somewhat secure... never terrible, but never great. Alas, such is the result of laziness. :o

   Wed Feb 13, 2008    Reply         

Since people are now tapping into the power of GPUs to run many millions of passwords through the system every second - I think they have a rate of roughly 200MHz, or 200,000,000 combinations per second.

However, a technique I quite like using to create a secure password is to use a line from a song. For example, Amarok is currently blasting out "Our House" by Madness :P I could take the following line:

QUOTE


Our house, in the middle of our street.
And make it a very secure password:

QUOTE


ourhouseinthemiddleofourstreet


Only lowercase letters! I hear you cry :P Well, it is actually incredibly secure:

2630 possible combinations of letters in a 30 character password, if you know it is all in lowercase.

At 200,000,000 attempts per second, that is 2630 divided by 200,000,000 = 1.41x1034 seconds to go through all the possibilities. That is only 4.5x1026 years to guess it.

If you look at the maths, length is far more important than the variation of characters that you use (although, obviously, that helps). Song lyrics are also a bit easier to remember than something like Tr4P17_RuL3Z! as a password.

   Wed Feb 13, 2008    Reply         

Quickly Post to Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords w/o signup Share Info about Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords using Facebook, Twitter etc. email your friend about Passwords That Should Never Be Used How to create strong passwords and hacksafe passwords Print
Reply / Comment New Discussion / Topic Share / Bookmark E-Mail a Friend Print


Similar Topics:

How To Remember Complex Passwords

The Trap17 forums have a whole subforum devoted to those amongst use who have failed to remember their passwords, and have locked themselves out of their free web hosting account. If you forget your password, you can go to [url="http://www.t ...more

   30-Aug-2008    Reply         

Mass Password Brute

Are you a member of Rockyou.com? You probably know about this (and have most likely deleted your account and sided it with a complaint letter to the company), but 33 MILLION passwords were stolen from the database, and are now floating around in cyberspace. Some people have gotten so ticked, they’ve ...more

   25-Jan-2010    Reply         

View Saved Passwords

With Firefox, your saved logins and passwords for quick access to protected services like messaging, forums, etc.. can be accessed and seen if you do not remember a password and you want to find it. Let's see how it works : 1.In order to access the list of saved passwords, click the ...more

   27-Mar-2010    Reply         

Stopping Spam And Its Effects!    Stopping Spam And Its Effects! (0) (1) Browser Spy BrowserSpy can tell you all kinds of detailed information about you an  Browser Spy BrowserSpy can tell you all kinds of detailed information about you an