Password Protection Pointers

Tuesday, June 12, 2012

Contributed By:
Jayson Wylie

The best password is the one that only you know. An even better one is one that nobody else can find out.

Seems like password crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise.

It is possible to categorize the passwords you use to define the sensitivity of their purpose.

I use a different password pretty much every use but one can utilize a series of say, five levels of complexity.

Do not use information that is related to you such as those that can be discovered in social engineering research to aide in effective birthday guesses.

Simply using a personal birthday date for your debit card PIN may be easy to remember and fits, but it can easily be found out.

Like in Kung Fu, you need to be unpredictable to counter guess against a prolonged attack on your credentials.

Increasing a passwords length exponentially increases the number of guesses or calculations needed.

Do not go with the bare minimum the system uses like a minimum of 8 characters.

Pass-phrases that combine multiple words into memorable combinations like,”Thelazydogrunsoverthemountain” are harder to crack.

In addition to length, complexity can be added to include upper, lower-case characters and symbols.

The symbols can make them really complex and can be used in a logical replacement of the associated characters like ‘E’=’3’ and so on.

You can also pre and suffix the passwords with known combinations unique to you.

Have two different pre or suffix extensions for bonus complexity that can be personalized and remembered easily.

I would also like to suggest what I call ‘ghost’ replacement of characters which means you take a typical character like ‘A’ and replace it with another character or even better, a symbol.

So ‘A’ does not = ‘@’ but a less associated ‘+’ in all passwords created.

Random character passwords are harder for humans to connect, but are also harder to remember. If the passwords are too complex to remember, don't record it on a post-it note under your keyboard, this is ineffective and effects availability for yourself.

Share This! |

Views:	2445
Categories:	Network Access Control
Industries:	Information Security
Tags:	Passwords cracking Authentication Access Control Best Practices Information Security Dictionary Attack Rainbow Tables

Post Rating I Like this!

Comments:

You Must Register or Login to Comment

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked

Latest Member Comments

"The author of this article is answering the wrong question. It appears (he) is writing this article in response to all the attention gi..."

NSA Surveillance Is Legal And Not Targeting ... John Smith on 06-13-2013

"Agreed, good post. There is the ISO standard take on processes and implementing lasting changes then there is the practical operational..."

Vulnerability Management and Root Cause Anal... Ian Tibble on 06-12-2013

"Good post. One of the key elements in Vulnerability Management is having the contact details of the person knowledgeable on why a certa..."

Vulnerability Management and Root Cause Anal... Koen Van Impe on 06-11-2013

"Near-field communication (NFC) technology permits a consumer to wave their mobile phone at a point-of-sale terminal to buy via the use ..."

Google Wallet and PCI Compliance... Casey Erini on 06-07-2013