A Note on Passwords

How many of us have watched some film where the future of the planet is down to cracking a user password. The person trying to break in to the system will try a persons name, their wife’s name, their birthday, their son’s birthday etc until they eventually crack the password and get into the system and save mankind. Needless to say it just isn’t like that. You might think that most systems give you say 3 attempts and then you are locked out – so why is the hero in our film allowed to have so many attempts?

Of course all of this is a load of banana’s as systems do not work like this, but it makes for a good film.

You might not be surprised if I told you that ‘hacking’ someone’s password is far more sophisticated than the method I’ve described above and much quicker to.

You might think you are safe as a hacker is allowed 3 attempts to get into the system. After 3 attempts he will be locked out. Well news for you – the hacker gets in on the first attempt.

The password you create and enter into the system is not stored as a text file but as a hash file. This is a coded file. Hackers DO NOT try to hack your password – they hack the hash file instead. Relatively simple techniques such as look-up tables and dictionary’s are used to hack the hash tables. Millions / billions of calculations etc are carried out every second to crack the hash file.

I’ll give you one example.

You use your name or some other word as the first part of your password. This could be Fred or saucer etc.

Obviously these words are part of the English syntax and will be in a standard dictionary along with the hash code for that word.

The system checks the hash code for your password with the hash codes in it’s dictionary until it finds a match.

Once the hash codes are matched it has the first part of your password.

It then carries on to find the rest of the password.

Using this technique together with other methods the hacker can crack these relatively simple passwords.

To make it really easy for the hacker some people even use the word  ‘Password’ for their password. Or Password123 etc

I won’t bore you with this subject any longer but remind you of the following

1 – Do not use passwords like, ‘Password’, ‘12345’, ‘QWERTY’ etc. You are asking for trouble.

2 – Use a different password for every system that you use. DO NOT use the same password.

3 – The longer the password, the longer it will take to crack.

4 – Use a combination of upper and lower case letters perhaps with a few non standard characters (@ $ £ ^ & ) thrown in for good measure.

5 – Try not to use words that could be found in a standard dictionary. Use obscure words.

6 – Consider using a password manager.

7 – An example of a good password might be   bz%PTdX_6g5!Nb0dZh(xV