Friday, December 22, 2000 Choosing a Safe Password Good secure passwords are one of the most important tools you have at your disposal for protecting your hosting account and the data that you keep there. One of the most commonly used hacking attempts is what is known as password cracking. In this attack, a hacker gains access to a list of user names and encrypted passwords on a web server. Because the passwords are encrypted, the hacker can't gain access to a web site by directly using the encrypted password, but what they can do is attempt to use a list of encrypted dictionary words to match against the encrypted passwords in their posession. You may be asking yourself, "How long could that take?". The answer is not as long as you might think. A hacker using a computer and an automated "dictionary guessing" tool can find matches to common dictionary words in a matter of minutes. To combat this attack, you should not use common dictionary words as passwords. In addition, do not use words spelled backwords or combinations of common dictionary words when creating your passwords as these are common permutations a hacker may try when guessing passwords. Characteristics of good passwords include sufficient length (traditional UNIX systems recognize and use the first eight characters of the password so plan on choosing passwords seven to eight characters in length), sufficient complexity (UNIX passwords are case sensitive, meaning that uppercase and lowercase letters are not the same, and they may also contain unusual characters such as punctuation characters, so plan on using strange or unusual capitalization and characters), and sufficient obscurity (never use a password that incorporates personal information about yourself that could be easily obtained). In the book Practical Unix Security, Simson Garfinkel and Gene Spafford offer the following checklist of things to consider when choosing password. To be secure, a password should NOT be any of the following: Your name Your spouse's name Your parent's name Your pet's name Your child's name Names of close friends or coworkers Names of your favorite fantasy characters Your boss's name Anybody's name The name of the operating system you're using The hostname of your computer Your phone number Your license plate number Any part of your social security number (or equivalent) Anybody's birth date Other information that is easily obtained about you Words such as "wizard", "guru", "gandalf", and so on Any username on the computer in any form (as is, capitalized, doubled, etc) A word in the English dictionary A word in a foreign dictionary A place A proper noun Passwords of all the same letter Simple patterns of letters on the keyboard, like "qwerty" Any of the above spelled backwards Any of the above followed or prepended by a single digit The authors continue and state that good passwords are passwords that are difficult to guess. In general, good passwords: Have both uppercase and lowercase letters Have digits and/or punctuation characters as well as letters Are easy to remember, so they do not have to be written down Are seven or eight characters long Can be typed quickly, so somebody cannot follow what you type by looking over your shoulder Using good passwords is not just good practice, it is essential. A secure password will help you keep your hosting account and the data you store there as secure as it should be.

December 2000 Sun Mon Tue Wed Thu Fri Sat   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31   Nov   Jan

BIGSEA
A metaphor. A philosophy. A way of doing business.

Copyright 1997-2001 - Last update: Thursday, February 1, 2001 at 2:00:32 PM