Tag Archives: Passwords

How strong is my password?

Posted on by The Old Wolf

The faster processors like CPU’s and GPU’s become, in addition to using them for byzantine calculations like orbital mechanics, finding the largest prime number ever, bitcoin mining, economic theory, and figuring out how many angels can dance on the head of of a pin, more hackers will use them to try to crack your password.

I’ve written about strong passwords before, but it becomes more and more important almost with each passing month to make sure that your personal data – financial records, credit card numbers, birth date, Medicare numbers, bank accounts, and the like – stay safe. Because the bad guys want them. And there are more bad guys than ever. And they are worse than ever. Since August 26, 2020 there have been four separate attempts to access my Microsoft account from Turkey, Belarus, Thailand, and an unknown location – fortunately all unsuccessful because my password is relatively strong.

I just did another comparison for the sake of not being able to sleep at 2AM, and because that’s the rabbit hole my mind decided to go down. There is a website named, just like the title of this post, “How Secure is my Password?” and using it will tell you how easy it is for a computer¹ to crack your password by brute force (that is, just trying every possible random combination of numbers and letters and such).

Some examples:

PasswordTime required to crack
mW_37UmK4B),b(L}41 trillion years
Hotmail%23464321 BYZ3 Sextillion Years
Choice Berry Worthless Kaboom300 Decillion Years²
passwordinstantly
George400 milliseconds
(about 1/2 second)
my dog butch54 years

The lesson is hidden in the patterns. Random collections of numbers, letters (upper and lower case), and special characters are good. A lot better than dictionary words. Adding spaces is better. But using a sequence of four random words separated by spaces is still best of all, and are often easier to remember (see this XKCD comic for reference).

Regardless of what system you use, our online existence requires an increased use of passwords. Some people have hundreds that they use, and of course it’s always recommended to use a different password for each account – because if you don’t and a bad guy gets one, he can get into everything that you have used that password for. As a result, some sort of a password vault or storage system is a good idea. Keeping your passwords in an encrypted file works, but you have to remember one master password to get into it, and you need to make sure that one master password is a strong one. Other solutions are available online – you can check them out and decide which one best meets your needs.

But remember that the takeaway here is “frustrate the bad guys: always use strong passwords.”

The Old Wolf has spoken.

Footnotes:
¹ I have no idea what the computing power of that hypothetical device is – whether it’s an 80168, or a core i7, or some insanely fast GPU, or the Summit supercomputer delivering 148.6 petaflops. So the numbers given need to simply be looked at in terms of relativity. A password that will be cracked in 3 microseconds is going to be far weaker than one that takes a trillion years.

² 300,000,000,000,000,000,000,000,000,000,000,000 years, in case you were wondering.

Not from Yahoo (scam)

Posted on by The Old Wolf

yahoo

“Your Mail version is outdated.” “Upgrade your account now.”

Never follow links like this that ask you to enter your email username and password. Would you hand your credit card to a criminal? Don’t give access to your Yahoo, Gmail, Hotmail, or other accounts to scammers.

If  you have loved ones who are not especially tech-savvy, please protect them from this kind of jiggery-pokery.

Be safe out there.

The Old Wolf has spoken.

Joyeuse – the Sword of Karolus Magnus

Posted on by The Old Wolf

dZHAhW9

Pictured above is the hilt of Joyeuse (Joyous), reputedly the sword of Charlemagne. Whether or not this is true remains a subject of debate for historians, but there is no question this artifact which resides at the Louvre, is very old. Visit the Wikipedia article linked above for more provenance information.

The sword is mentioned in the Song of Roland (le Chanson de Roland), France’s epic 11th-century poem based on the based on the Battle of Roncevaux in 778:

In the mead the Emperor made his bed,
With his mighty spear beside his head,
Nor will he doff his arms to – night,
But lies in his broidered hauberk white.
Laced is his helm, with gold inlaid,
Girt on Joyeuse, the peerless blade,
Which changes thirty times a day
The brightness of its varying ray.
Nor may the lance unspoken be
Which pierced our Saviour on the tree;
Karl hath its point – so God him graced
Within his golden hilt enchased.
And for this honor and boon of heaven,
The name Joyeuse to the sword was given;
The Franks may hold it in memory.
Thence came “Montjoie,” their battle – cry,
And thence no race with them may vie.

(Translation by John O’Hagan)

 Li emperere s’est culcet en un pret.
Sun grant espiet met a sun chef li ber.
Icele noit ne se volt il desarmer,
Si ad vestut sun blanc osberc sasfret,
Laciet sun elme, ki est a or gemmet,
Ceinte Joiuse, unches ne fut sa per,
Ki cascun jur muet .XXX. clartez.
Asez savum de la lance parler,
Dunt Nostre Sire fut en la cruiz nasfret :
Carles en ad la mure, mercit Deu ;
En l’oret punt l’ad faite manuvrer.
Pur ceste honur e pur ceste bontet,
Li nums Joiuse l’espee fut dunet.
Baruns franceis nel deivent ublier :
Enseigne en unt de Munjoie crier ;
Pur ço nes poet nule gent cuntrester.

I wrote earlier about my encounter with the Rosetta Stone; artifacts of this nature have a curious way of drawing one into their time period, even if only in imagination. I’ve been to the Louvre countless times, but never encountered Joyeuse there; it goes without saying that seeing everything in the Louvre is not an affair for even several visits.

But it’s nice to know that such things are lovingly preserved.

The Old Wolf has spoken.

Passwords: Squeal like a pig!

Posted on by The Old Wolf

Passwords are the bane of computer users  and IT administrators, and – for the most part – an open, beckoning door to hackers, scammers, and Russian Viagra spammers.

But until someone comes up with something more practical and secure, we need them.

Sure, people are trying. Fingerprint scanning, retinal scanning, all sorts of biometric stuff is either on the market or in development, but thus far there seem to be either financial barriers or security questions around many of these.

So we continue to use passwords.

I’ve written about strong passwords and stronger passwords; for myself, I do my best to make my passwords as strong as possible, but I have dozens of them, and that makes them hard to remember.

A cartoon posted by an IT colleague of mine just today points out the difficulty, especially as we grow older:

10868106_10152623985991179_8450016556394107360_n

Buckets

As Friedrich Althoff  (not Konrad Adenauer) said, “Was gebe ich auf mein dummes Geschwätz von gestern?” (What do I care about the stupid hqiz I said yesterday?”)

Now, some sysadmins take joy in making things as hard as possible for their user base:

dt980406dhc0

Dilbert

Having spent years in IT, Mordac is hands-down my favorite Dilbert character. Parenthetically, Mordac’s appearance has changed over the years, but I like this iteration the best because he reminds me of one of my old IT colleagues, who was paradoxically one of the nicest guys I’ve ever met.

On the other hand, it drives me nuts when webmasters limit their passwords; given the nature of hacking attempts, to deliberately block users from including spaces or special characters in their passwords is inviting more incursions, and whenever I encounter a site like this it makes me want to reach through my modem and slap someone to Nouakchott and back.

So how does one remember a laundry list of passwords without putting sticky notes on your CPU? Well, there are certain encryption programs and lockers out there that allow you to keep these things written down, using one (very complex) master password to access the file, which is my preferred method. Another one is using mnemonics such as Tt*hiwwUR (sing “Twinkle, twinkle, little star”…) but it’s tough to come up with a whole grundle of these.

Whatever the case, you owe it to yourself to use strong passwords wherever your identity or your data is at risk. The recent massive hack at Sony is a perfect example of why (even though this may have been an inside job, which would render any company vulnerable.)

The Old Wolf has spoken.

Hackers around the world

Posted on by The Old Wolf

Holy Mother of Mogg!

I don’t use my Hotmail account very often, but I keep it around for a few odd reasons. I just saw a post at reddit and thought I’d better check my own account.

Hackers

And that’s only the last few days!

Folks wonder why their email accounts get hacked; with this kind of assault, if you don’t have a strong password, it’s very likely your email account will be taken over by some random hqiz-eater and used for sending out spam or malware.

Takeaway: Use Strong Passwords! In some ways it may be like keeping honest people honest, but for the average user, it’s usually the best form of prevention. As for the bottom-feeding scumbags, by the sacred skull of Mogg’s grandfather, may the universe reward them according to their works.

The Old Wolf has spoken.

Make your passwords even stronger

Posted on by The Old Wolf

Back in 1998, Scott Adams did a Dilbert strip that made many IT professionals cringe in sympathy.

12717.strip.zoom

As painful as this may seem, it’s one of the few times that Adams had underestimated where technology was going.

Ars Technica recently published an article entitled “Why passwords have never been weaker—and crackers have never been stronger.” I recommend it to anyone who has data on the internet that they want to keep secure. I’ve posted about passwords before, but this article explains why the urgency to use passwords that are uncrackable is even greater. It’s a technical read, but even if you don’t read it, you should be updating all your passwords.

“Newer hardware and modern techniques have also helped to contribute to the rise in password cracking. Now used increasingly for computing, graphics processors allow password-cracking programs to work thousands of times faster than they did just a decade ago on similarly priced PCs that used traditional CPUs alone. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers.”

Recommendations:

  • Use a different password for each account. If one is compromised, the others remain secure.
  • Use combinations of multiple words (Seven Whipped Aardvark Quonset) which would take 27 undecillion years for a desktop PC to crack.
  • “It’s also important that a password not already be a part of the corpus of the hundreds of millions of codes already compiled in crackers’ word lists, that it be randomly generated by a computer, and that it have a minimum of nine characters to make brute-force cracks infeasible. Since it’s not uncommon for people to have dozens of accounts these days, the easiest way to put this advice into practice is to use program such as 1Password or PasswordSafe. Both apps allow users to create long, randomly generated passwords and to store them securely in a cryptographically protected file that’s unlocked with a single master password. Using a password manager to change passcodes regularly is also essential.”

The Old Wolf has spoken.