Protect Passwords From Being Hacked

2 10 2011

Hacking passwords can be simpler than you would think if your password is not strong enough. It all comes down to trying to guess the password over and over again. It is a matter of time before the guess turns out to be your password.

The common method of cracking a password includes guessing what a person is most likely to use as his or her password. This would entail a bit of knowledge about the person, like name, address, phone number, partner’s name, date of birth, etc. And as it turns out this background information is not that difficult to find out. There are numerous websites on the internet that let you search for a person’s background information. Some of them are free, some charge a monthly fee. (http://onemansblog.com/2006/10/02/investigate-yourself-for-free/)

Once you have a person’s background information you can start guessing the person’s password: the person’s date of birth, his or her partner’s name followed by a number (usually 0 or 1), the person’s social security number, the person’s favorite sports team, the person’s place of birth etc. or a combination of one or more of the above.

If the person’s password is not related to any of the above, there are other ways to get even more information about a person. Usually, people use the same password for multiple sites. Different sites have different level of security. A banking site may have very high security but a forum site the person usually visits or an online shopping site may not have the same level of security. A hacker can use the brute force attack on one of these sites and crack your username and password.

If the hacker has the password for one site, they can very likely use that password on other sites. This is because people usually use the same password for multiple sites because they find having multiple passwords cumbersome. Or a person can be using slightly modified versions of the same password on different sites. This means the hacker by finding out the password for one site has narrowed down the search for passwords for other sites.

Of course, a hacker will not manually guess all of this; he or she will use a fast computer and software to guess the password. So how fast can a computer guess a password using brute force and dictionary attacks? It depends on the length of the password and content of the password (whether the password is a combination of all the letters and characters on the key board or if it is just made up of lower case letters.)

The below table shows how fast a reasonably fast PC can guess a password depending on the password’s characteristics.

Password Length

All Characters

Only Lowercase

3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters

0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia

0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

Source: http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/

So how do you protect your password from being compromised? Some tips that can be followed when choosing a password are: Make sure you have uppercase letters at random positions in your password. Always have special characters in your password. Always have different passwords for different sites. Never write down your passwords. Instead you can use software like Roboform (http://www.roboform.com/php/land.php?affid=onema) that will store all your passwords in an encrypted form.

Another tip for protecting your password from hackers who may use the “forgot password” option in websites to hack your password: always setup a wrong answer for the password recovery question. For example, if the question is “What is your place of birth?” make sure the answer you set up is not actually the place of your birth!

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: