Pretty much every name and every dictionary word is in this dictionary as well. And remember that it does not need to be on this top 25 list to be a “no-no”. Using something like this is the equivalent of not using any password at all. For your amusement, here is just one list of the 25 worst passwords in use. And any word found in a real dictionary (for some reason “monkey” is very popular) is fair game. A password like “password” will be in every dictionary. Entropy is essentially randomness, and it means choosing passwords that are very unlikely to appear in hacker’s dictionary. Add to the Entropyīut for sites that are important, Entropy is a good thing in choosing passwords. If some site requires a 17-character password that includes upper case and lower case letters, numbers, and Sanskrit hieroglyphs just so you can post a customer support question on their forums, they are idiots, but I don’t see any problem with having a standard password you use for all such sites. This gets you most of the security you need without unduly taxing you. Then for PayPal, for your bank, and other sites where it really matters, use a highly secure password that is unique to each such site. Recognize that you are accepting the risk that someone can easily get in there, and when they get in they can do whatever you can do. An approach that is a reasonable compromise is to pick sites where you don’t particularly care (for me, that would include Twitter and most online forums) and use the same insecure password for all of them. So don’t do it! Now, it might be reasonable to assess just how important the security is on a site-by-site basis. And hackers really do try this kind of attack. The password can then be tried at other sites, and no matter how good the other sites’ security is, they cannot stop someone who already knows your password. The reason for this is that if you use the same password on many sites, a hacker can crack a database at a site that does not follow best practices, and then they have it. Don’t use the same password on many sites This is a threat you can significantly reduce by following sound practices. So the threat you should really be targeting is a criminal organization that wants to get your password and use it take your money. Passwords are a somewhat simpler problem. This is a simpler problem than cracking a good PGP encryption key, which right now is considered computationally infeasible even for the NSA and GCHQ. If you are a “person of interest” to a determined government agency the odds are they can devote enough computing power to getting your password that their odds are pretty good. The thing to keep in mind as we discuss password safety is that the objective is not to make your password ultimately uncrackable. There are things you can do to make it less likely that your password will be cracked and used against you. And as we saw in the last tutorial, such passwords are quickly discovered in a dictionary attack. Because it is a simple sequence, there is no real randomness at all, and would be quickly guessed. Sometimes it is very easy to assess, such as a password of “1234”, which all too many people use. So what is entropy, and how does it affect our passwords?Įntropy is in general the degree of randomness or disorder in any given system. Right now for most of us the key to any security in our online life is the degree of entropy in our passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |