Password Protection Pointers

Tuesday, June 12, 2012

Jayson Wylie


The best password is the one that only you know.  An even better one is one that nobody else can find out.

Seems like password crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. 

It is possible to categorize the passwords you use to define the sensitivity of their purpose.

I use a different password pretty much every use but one can utilize a series of say, five levels of complexity.

Do not use information that is related to you such as those that can be discovered in social engineering research to aide in effective birthday guesses.

Simply using a personal birthday date for your debit card PIN may be easy to remember and fits, but it can easily be found out.

Like in Kung Fu, you need to be unpredictable to counter guess against a prolonged attack on your credentials.

Increasing a passwords length exponentially increases the number of guesses or calculations needed.

Do not go with the bare minimum the system uses like a minimum of 8 characters.

Pass-phrases that combine multiple words into memorable combinations like,”Thelazydogrunsoverthemountain” are harder to crack.

In addition to length, complexity can be added to include upper, lower-case characters and symbols. 

The symbols can make them really complex and can be used in a logical replacement of the associated characters like ‘E’=’3’ and so on.

You can also pre and suffix the passwords with known combinations unique to you.  

Have two different pre or suffix extensions for bonus complexity that can be personalized and remembered easily.

I would also like to suggest what I call ‘ghost’ replacement of characters which means you take a typical character like ‘A’ and replace it with another character or even better, a symbol. 

So ‘A’ does not = ‘@’ but a less associated ‘+’ in all passwords created.

Random character passwords are harder for humans to connect, but are also harder to remember.  If the passwords are too complex to remember, don't record it on a post-it note under your keyboard, this is ineffective and effects availability for yourself.

Possibly Related Articles:
Network Access Control
Information Security
Passwords cracking Authentication Access Control Best Practices Information Security Dictionary Attack Rainbow Tables
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.