Article by Mary Rose Maguire
I’m one of the resident “Password Hawks” in our office.
Our techs consistently tell people to create stronger passwords because it is still one of the most common ways a hacker is able to infiltrate a network.
However, we live in an age where it’s not just hackers who are trying to steal an organization’s data.
There are also a variety of malcontents who simply want to hack into someone’s account in order to embarrass them, confirm something negative about them, or be a nuisance by sending spam.
This is why it is important to create a strong password; one that will not be easily cracked.
Enter password analyzer tools. Sophos’ “Naked Security” blog posted a great article about the often misleading security policies of popular online social sites.
Developer Cameron Morris discovered that if he followed one social site’s policy, he actually created a more easily “crackable” password than the one they deemed weak.
"About three years ago, developer Cameron Morris had a personal epiphany about passwords, he recently told ZDNet’s John Fontana: The time it takes to crack a password is the only true measure of its worth."
Read the rest of the article here.
There is a free analyzer you can use and I strongly suggest you test the strength of your passwords with it.
Also, Morris created a tool for administrators that would allow them to configure a password policy based on the time to crack, the possible technology that an attacker might be using (from an everyday computer on up to a $180,000 password attacker), and the password protection technology in use (from Microsoft Windows System security on up to 100,000 rounds of the cryptographic hash function SHA-1/).
This is one of the best articles I’ve read on password security, plus it has tools for both the end-user and the administrator. Test them out yourself to see if you have a password that can resist a hacker!
As for me, I think I need to do a little more strengthening…
Cross-posted from State of Security