Home » Reputation Management » Can I hack your password?

Can I hack your password?

by rmsylte on Monday, 19 July 2010 · 1 comment

hacker Can I hack your password?During the past week, I've had a couple of professional colleagues who have been victims of password hacking — and have had a real mess to clean up.
A few years ago, I became aware of an excellent  blog post about hacking passwords by John P. of One Man's Blog, "How I'd hack your weak passwords." In that posting, John gives excellent advice about creating passwords that are difficult to hack.  One of his best pieces of advice is:

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

And here is his chart to prove it.

500x password hacking times 1 Can I hack your password?

So simply by going to 10 characters and mixing upper and lowercase, you can make hackers work for almost two mellennia to break your password! So, if your passwords don't meet this requirement, go read John's original post and get the fear of God/Password hacking into your system.If you heed his words, you will save yourself a lot of misery. Trust me.

Some of his other excellent hints include:

  1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ’0?, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
  2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
  3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
  4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
  5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
  6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.

John recommends 1Password. However, I have used the SplashID program for years — which works on WinOS, MacOS and a variety of smartphone/PDAplatforms — and have been very pleased with it.

Some day you'll thank me for sharing this…

If you're new here, you may want to consider subscribing to the Manitou Heights postings by RSS feed or email. Thank you for visiting!

Related Posts:

I found out I was married on Facebook

1 July 2010

Plenty of people have seen the YouTube video of the couple who updated their relationship status on Facebook at the altar. And then there's the Icelandic comedy sketch of the couple who breaks up on Facebook. I want to share with you a true story that I heard from a colleague of mine. My colleague [...]

1 comment Read the full article →

FoF: Potato slow. Opera fast.

28 May 2010

I've been a big fan of Opera Software's web browser for years. I started using it shortly after it came out in the 1990s. I even had the delight of meeting some of the staff in Oslo during a visit I made to Norway. Opera continues to get better and better. Like any browser, it's [...]

Read the full article →

Why I am ashamed of some social media leaders today

13 January 2010

All day, the world news media has been reporting on the horrendous earthquake that struck Haiti late yesterday afternoon. One of the first organizations to respond was Haitian-born singer Wyclef Jean's foundation, Yéle Haiti, that sent out a tweet within about an hour of reporting the earthquake yesterday. DONATE $5 BY TEXTING THE WORD "YELE" TO [...]

13 comments Read the full article →

How to create/change/update your Facebook URL

7 January 2010

I've found it's almost impossible to find clear information on how to create/change/update an existing Facebook Profile or Page URL into a "pretty" URL. Because Profiles and Pages are now indexed on search engines, many people would prefer to have a URL of their choosing — instead of having the default URLs that involve unwieldy [...]

Read the full article →

The most important way that Intl Ed can use Facebook

5 January 2010

I think I could also have named this posting "The single biggest mistake I see International Education making on Facebook" — but I'd prefer to keep this positive. It's incredibly simple. International education offices and organization should be // Related Posts:Finding a Job in International EducationInternational Education Twitter ListsThe real price of ignoring social mediaFacebook: [...]

7 comments Read the full article →

Best. Ambient. Travel. Video. EVER.

21 December 2009

I love ambient videos. I watch Sunrise International and other programs that just let you sit back and enjoy the beauty of the surroundings that have been filmed. But now I have an ultimate experience to share. The "new media" division of Norway's national broadcasting system, NRKBeta, has produced a video celebrating Bergensbanen's 100th birthday. The video shows every [...]

1 comment Read the full article →

Manitou Heights on TwitterManitou Heights on FacebookManitou Heights RSS FeedManitou Heights Email