Skip to content

Latest commit

 

History

History
37 lines (20 loc) · 2.18 KB

passwords.md

File metadata and controls

37 lines (20 loc) · 2.18 KB
Raw

Password

Passwords are used to keep your account private. Rather than going into detail on the probability of password break ins (I do advise you to look into the subject further though), i'll try and simplify the strength by stating three things.

  1. **Password Length: **A password security increases exponentially with each added character. I recommend using atleast **15+ **characters in passwords and the higher the better!
  2. Password Symbols/Numbers/LowerCase/UpperCase: Using a variety of Symbols, Numbers and different cases makes bruteforcing more difficult.
  3. Complicating Words in Passwords: If youre using words or sentences - try and substitute letters or remove. This will make a dictionary bruteforce attempt harder.

Lets look into a couple of different passwords:

(In this example we're taking a song lyric - I bless the rains - easy to remember)

  1. iblesstherains - 14 Characters, All Dictionary Words,
  2. IBlessTheRains - **14 **Characters, All Dictionary Words, Mix of Lower&Upper Case
  3. I,Bless.The.Rains? - 18 Characters, All Dictionary Words, 4 Symbols, Mix of Lower & Upper Case
  4. I,Ble55.Th3-Ra1ns? - 18 Characters, 4 Symbols , Mix of Lower &Upper Case, 4 Symbols ,4 Numbers

Obviously 4 is the most secure but it is more difficult to remember initially - Don't panic, below we have solutions on keeping passwords.

There are many different ways your account/password can be taken however we’ll cover the main ones:

  1. BruteForce: This is when a person or program will go through millions of combinations of passwords to break in. A Dictionary Bruteforce is when a bruteforce program is given a list of all the words in the language to make guessing the password easier.

  2. Online Hack: If you have gotten malware your computer is compromised and information on your computer can be sent to the hacker.

  3. Data Breach (See Yahoo Hacks / Cloudbleed): Sadly companies aren’t perfect and their services either have bugs or get hacked releasing personal information, sometimes including passwords.

Check out GRC's more detailed write up on password strength if youre interested: https://www.grc.com/haystack.htm