Cybersecurity 101: Passwords

      No Comments on Cybersecurity 101: Passwords

Let’s start with the first and often most painful part of security. Your password.

Click the link to go to the original at XKCD

This is a security measure dreamed up in the late 60s when computer scientists wanted to keep other computer scientists from messing with projects or generally pranking them by screwing up their account settings.

Possibly borrowed from spy movies, passwords provided authentication and from there we pretty much stayed put with this cumbersome system for user-level authentication.

Let’s start with making our passwords better. Remember the usual recommendation of 8 to 12 characters with a capital, number and special character?

This usually results in hard to remember passwords that are easy enough to crack through brute force (the most common means that also works on encrypted databases). There is a way that you can really strengthen your password by changing from a password to a passPHRASE.

Password strength is determined through entropy which is simply the size and complexity of a password. If you have a password size of 4 characters for example made up of only numbers then you have search space of 11,110 possible combinations. Add lowercase letters and the search space blows out to just over 1.7 million combinations, an uppercase letter drives it up to just over 15 million combinations and a special character pushes that 4 character password to over 82 million combinations.

Sadly the power of some computers allowing up to one hundred billion guesses per second would tear through to a solution in less than a millisecond.

You can greatly increase the search space by making the password longer. Going back to the 4 character password, if we increase it to an 8 character password (upper,lower, numbers and special characters) then the search space is 6.7 x 10^15 (6.7 thousand million!). Now it takes around 18 hours for an average cracking system to find the password.

Another 4 characters to go to 12 characters long yields a search space of 5.46 x 10^23 combinations which takes 1.7 thousand centuries to crack.

So complex passwords are one thing but long passwords are an entirely different beast. We should be considering long passPHRASES when it comes to securing services at work and at home. Take a look at the XKCD cartoon on this page to get a good idea on how long passwords can keep things secure.

If you want to try out the same simulator I use take a look at GRC Password Haystacks to see how your favourite password measures up.

Click the cover to view it on Amazon.

If you want to learn more about how to protect yourself from hackers you can check out my review of Hacked Again.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.