Back in 1998, Scott Adams did a Dilbert strip that made many IT professionals cringe in sympathy.
As painful as this may seem, it’s one of the few times that Adams had underestimated where technology was going.
Ars Technica recently published an article entitled “Why passwords have never been weaker—and crackers have never been stronger.” I recommend it to anyone who has data on the internet that they want to keep secure. I’ve posted about passwords before, but this article explains why the urgency to use passwords that are uncrackable is even greater. It’s a technical read, but even if you don’t read it, you should be updating all your passwords.
“Newer hardware and modern techniques have also helped to contribute to the rise in password cracking. Now used increasingly for computing, graphics processors allow password-cracking programs to work thousands of times faster than they did just a decade ago on similarly priced PCs that used traditional CPUs alone. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers.”
- Use a different password for each account. If one is compromised, the others remain secure.
- Use combinations of multiple words (Seven Whipped Aardvark Quonset) which would take 27 undecillion years for a desktop PC to crack.
- “It’s also important that a password not already be a part of the corpus of the hundreds of millions of codes already compiled in crackers’ word lists, that it be randomly generated by a computer, and that it have a minimum of nine characters to make brute-force cracks infeasible. Since it’s not uncommon for people to have dozens of accounts these days, the easiest way to put this advice into practice is to use program such as 1Password or PasswordSafe. Both apps allow users to create long, randomly generated passwords and to store them securely in a cryptographically protected file that’s unlocked with a single master password. Using a password manager to change passcodes regularly is also essential.”
The Old Wolf has spoken.
Pingback: Russian Business Network strikes again. | Playing in the World Game
Pingback: Hackers around the world | Playing in the World Game
Pingback: Passwords: Squeal like a pig! | Playing in the World Game
The ISP that I work for has been using server generated passwords since well before I got on board at the turn of the century, and for good reason; when users were allowed to make their own, some 90% of their passwords were so simple that even I could have cracked them without need even for a computer.
That said, hardly a day goes by that I don’t have to instruct clients in why secure passwords are so darn important. That is, I don’t strictly (legally) speaking have to, but I don’t have the conscience not to.
One thing to consider: If you make a secure password for a service, and later find you’ve forgotten it, then most if not all services provide a ‘forgotten password’ feature where they send you an email (or a text message to your phone) with a one-time code or a link, which enables you to identify yourself and make a new password. As long as you have access to your email (or phone) you’ll never get stuck. You may create secure but disposable and fully forgettable passwords everywhere, safe in the knowledge that it only takes a minute of your time to create a new one whenever needed.
I read another tip that sounds good: combine words from different languages, so if a password-cracking routine is using a dictionary, they couldn’t get it unless they happened to use the dictionaries for the right languages – a very long shot.
Das ist une bonne idea!