A note about password security

in #cybersecurity7 years ago

Howdy, Steemians!

Let's talk about password security.


xkcd passphrase
Source: XKCD

In my previous post, I reviewed how an ethical hacker was able to crack a Sia wallet password using Python and a little algorithmic magic. In this post, I plan on talking about some general password advice (to aid in protecting against hacking).

If you haven't noticed by now, I like to sneak a lot of links into my writing. I think this helps me give you resources without pandering too much over each one. Feel free to click the links as you go, but don't feel like you need to - you won't miss out on any main points if you choose not to go down the rabbit hole.

If you're on this website, I imagine that you know a thing or two about making a secure password. However, I'm sure that some of you rely on other tech to secure your passwords for you.

Perhaps you use Dashlane, LastPass, 1Password, or KeePass to help keep things secure.

And maybe on top of that you use 2 factor authentication, either through Google Authenticator or Authy?

But what if you didn't have these services? What if you had to make a password from scratch, needed it to be secure, and needed to be able to memorize it?

That's where passphrases come in.

Passphrases

Passphrases are a type of password, and they are exactly what you think they would be: phrases being used instead of a word or an ugly long string of number-letter combinations (which is what our Steemit accounts generate with by default).

Like the XKCD comic above explains, pass phrases are easier to remember and can be quite longer than a regular password, making them harder to crack. They could be quite easy to throw together and remember.

Pointers

Want some pointers on making a strong passphrase? Well, let's see.

Are you fond of your first love? Did they have any ... quirks? "Martha always kept her socks on when we had sex. 100% of the time." might be a phrase that resonates with you.

Are you a programmer? "One curly boy (;) out of place and the entire world falls apart!" could be up your alley.

You still have to be careful, though. As insecure passwords can be quickly cracked with a dictionary, passphrases can also be run against similar dictionaries to see if your information compares to a movie quote or a popular saying. Perhaps Martha's odd sock habits are known throughout the land? Maybe it's a phrase used around all the pubs in town? Might be good not to use it for your passphrase, then.

To ensure that your passphrase is harder to crack, it should be unique (not something that's found on the internet/pop culture), so take a moment to think of a phrase that works for you.

Further reading/resources

Ars Technica (a popular outlet for security and tech news) has a good article about how some passphrases can still be easily cracked. If you're interested in looking into the math behind it, there are quite a few papers on it (one of which is linked in the Ars story).

There are also videos about the topic out there, if you're not a fan of reading (if that's the case, thanks for making it this far!). In one of these vids, Edward Snowden (love him or hate him) is spot on when reviewing the topic around 2 years ago:

Testing

Interested in testing our your password strength? There's a tool for that, although you should be careful about putting your actual password into online text boxes. Using that site, the passwords above would take between 5 quattuortrigintillion years and 5 septentrigintillion years to crack. Unless, of course, your hacker has access to a quantum computer.

Final thoughts

Stay safe out there! At the end of the day, the most important piece of the security puzzle is the user. Don't give your password away, don't write it down where it can be found, and don't use it for more than one service unless you don't mind all of them being compromised at once if there's a back-end security breach. Some online services have been hacked without even compromising a user account, so remember: don't put anything on the internet that you can't afford to have someone uncover.

Like my writing? Give me one of those sweet upvotes!
Have any suggestions for improvement? Leave them down below.

#passwords #hacking #passphrases #security
7 years ago in #cybersecurity by
$3.06
  • Past Payouts $3.06, 0.00 TRX
  • - Author $2.38, 0.00 TRX
  • - Curators $0.68, 0.00 TRX
42 votes
Reply 12
Sort:  
  • Trending
    • [-]
     7 years ago 

    Very neat little comic you posted! Also very informative.
    Is 1000 guesses/sec a logical estimate though, seems like you would need a very fast computer!
    Maybe one of those super computers can pull it off tho? I know they can do calculations insanely fast,
    so I don't see why they wouldn't be able to do it.
    Running through the probabilty math tho, pass phrases do seem to make more sense.
    They make for longer passwords and are easy to remember, much more logical than some spam.
    I'll have to start using this tatic, but still with numbers other stuff to throw off potential crackeds using a word bank.
    Thanks for helping keep everyones passwords safe :)
    Wouldn't want to see anyone get hacked D:

    Looking forward to ur next post
    -Nico

    $0.41
    • Past Payouts $0.41, 0.00 TRX
    • - Author $0.41, 0.00 TRX
    • - Curators $0.00, 0.00 TRX
    9 votes
    Reply
    [-]
     7 years ago 

    Thanks Nico! One thing to remember about cryptography: if your information is intercepted, even if it's encrypted, it can eventually be cracked. Longer pass phrases take much longer to crack, but given enough time they can be figured out (granted this could take years). I'd recommend a pass phrase, but I'd also recommend changing your passwords every so often.

    $0.00
      Reply
      [-]
       7 years ago 

      I just leave the password blank

      [-]
       7 years ago 

      They'd never suspect that! :-P

      $0.00
        Reply
        [-]
         7 years ago 

        Unfortunately most people just don't take their online security seriously enough. Kudos for this write-up, it's something that's never really occured to me for some reason.

        [-]
         7 years ago 

        That's a top-notch article, mate. Upvoted and resteemed. I should actually take some advice out of it, since I was almost hacked at least once.

        [-]
         7 years ago 

        Yeah. If it's some trash account you've created that isn't linked to any of your personal info (like pandora or slack or whatever), I don't see an issue in playing it fast and loose. Once you start online banking or anything like that, though, it's smart to make a long passphrase to cover your keister. Some banks don't even do 2FA - it's a joke.

        $0.00
          Reply
          [-]
           7 years ago 

          password is password123 but 2fa keeps me safe

          [-]
           7 years ago 

          You'd be surprised at how some groups have been able to get around 2fa. If you use SMS, check this article for more info.

          $0.00
            Reply
            [-]
             7 years ago 

            Congratulations @bobfromsales! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

            Award for the number of upvotes received

            Click on any badge to view your own Board of Honor on SteemitBoard.
            For more information about SteemitBoard, click here

            If you no longer want to receive notifications, reply to this comment with the word STOP

            By upvoting this notification, you can help all Steemit users. Learn how here!

            $0.00
              Reply
              [-]
               7 years ago 

              CORRECT HORSE BATTERY STAPLE returned a result of INSTANTLY

              $0.00
                Reply

                Coin Marketplace

                STEEM 0.17
                TRX 0.13
                JST 0.027
                BTC 59007.49
                ETH 2658.92
                USDT 1.00
                SBD 2.44