The Common, the Pathetic and the Secure Passwords

[piccolomondo]

Top 10 Most Common Passwords

Our life these days is largely dependent on passwords whether shopping online, transferring funds or sending emails passwords have a part to play. With fraudsters more and more turning online to get money and we all hear about security breaches and fraud stories all the time.

The password trends show that the average user cares less about choosing a strong password and more about memorability.
It still amazes us how people think of passwords as a word they can remember easy, it might just be time for a change if your password is listed here:

10. Thomas
09. arsenal
08. monkey
07. charlie
06. qwerty
05. 123456
04. letmein
03. liverpool
02. password
01. 123

(via Digg)

[piccolomondo]

Think putting a "1" on the end of "daisy" is going to stymie crackers intent on breaking your password? Turns out that with a reasonably up-to-date computer, a dedicated hacker should be able to break it, by brute force, in about an hour and a half.

Lockdown.co.uk has a handy document that shows just how secure your password really is, based on its length and the type of characters you use in it (all numbers, letters and numbers, uppercase/lowercase, special symbols, etc.).

Think about your most common passwords, then visit the site. You'll be most interested in the results for a "Class D" attack, which represents somone with a single, very fast PC. (Class E and Class F represent multiple PC attacks and aren't as likely to be involved with someone trying to break into your eBay account.)

As an example, the site notes that a password like "darren" would take all of 30 seconds to break. "Land3rz" would take 4 days. And "B33r&Mug" would take 23 whopping years.

Key to great security isn't just length, but adding in non-traditional characters, too: A great password should be eight characters long (or more), and include at least one number, one uppercase letter, and one special character like an ampersand. To make it easy on yourself, try using the same button on the keyboard in both lower- and uppercase versions. For example: "JjKkIi*8" requires you only hit four different keys (plus Shift), and they're all clustered in a tight group.

[source: Yahoo! TECH]

[piccolomondo]

Bruce Schneier, author of the most influential books on computer security and cryptography ever printed, offers simple rules on how to create a password that cannot be easily cracked.

The trick is to use a "root" that is not in that list that I linked above, and to put your "appendage" (or two of them) in an unusual place: Either in the middle of the root or at both the beginning and the end.

Schneier's example is to use a word that you can pronounce but which is spelled "wrong": armwar or pitchsure or baysball are all examples. Then attach your appendage(s): arm9!9war or 1066pitchsure6601 or bay1776sball. It shouldn't take much effort to commit any of these to memory.


The compound password

Is there a way to create strong, easy to remember passwords that are impervious to most attacks? Yes, thanks to something I called the compound password. It’s very simple, but also incredibly powerful. Essentially, the compound password is a juxtaposition of two simple words, with their letters alternating.

For example, dcoagt is a compound password. Can you see the two words in there?
How about now: dcoagt.

The two words in the compound password are “cat” and “dog”. To generate the password, “cat” is “inserted” into “dog”.

But what of memorability? To the unenlightened, this looks like randomly generated, hard to remember ASCII text. But, remember, this is nothing more than the juxtaposition of two words. A simple entry trick means that all you will need to remember is your two words any time you need to type in that password. Here’s how:

(The | represents the cursor that shows where you are in any text entry field, and should not be typed in):

1. Enter the first keyword cat|

2. Hold down the left arrow to move to the beginning of the line |cat

3. Enter the first letter of the second keyword and press the right arrow once dc|at

4. Enter the next letter of the second keyword and press the right arrow once dcoa|t

5. Repeat step 4 until the second keyword is fully entered. dcoagt|

That’s it!

Compound passwords are not a magical solution to everything. They will not protect from phishing attacks or database compromises. But they are an easy way to generate strong, memorable passwords.

Of course dcoagt is just an example for ease of demonstration! A real password would have longer words and special characters thrown in there, and would be more like edfifgegc!t (digg! effect). Better?


More suggestions:

• Use strong passwords of at least 7 characters long, with a mix lower and uppercase letters and digits. Example: AxV37TtP0.
  
• Never use common words or names in your password. In fact, making up new words is an effective way to keep hackers from guessing your password.
  
• Change your passwords regularly. You can ensure that by the time a hacker gets a hold of your password you've already changed it.
  
• Use different passwords and usernames for all web-based applications.
  
• Be creative with your usernames. Almost everyone uses some combination of first initial/ last name, so a hacker can simply presume that in any database there is a JSmith, a JSmith1, and so on. Make sure that your username isn't something that can be easily guessed.
  
• Not only add a password to your personal profile, but also to any guest accounts. Again, you aren't just concerned with someone maliciously attempting to harm your computer, often the biggest danger is from inexperienced internet users who are just curious.
  
• Use a screen saver with password protection if your computer is left in idle mode for more than a few minutes.

[Cheba_Mami]

mine are smart.... but am i smart enough to remember those complicated ones? but its true, some passwords are too easdy and stupid. (no not mine)

[piccolomondo]

Queen: Magic Mirror, on the wall, who, *now*, is the fairest one of all?
Magic Mirror: Famed is thy beauty, Majesty. But hold, a lovely maid I see.
Rags cannot hide her gentle grace. Alas, she is more fair than thee.
Queen: Alas for her! Reveal her name.
Magic Mirror: Lips red as the rose. Hair black as ebony...

Snow White and the Seven Dwarfs (1937 film)

Snow White by the Brothers Grimm


Mirror, Mirror on the Wall: Women Writers Explore Their Favorite Fairy Tales Paperback)

FaceCode: Use your face as your password

FaceCode is a program that uses the webcam on your computer to make sure it's really you that is trying to log on and can keep other people out of your PC even if they know your username and password.

The program uses an elaborate series of face scans to determine exactly what your face looks like. Once authenticated you can use your face as the password for your computer system as a whole, as well as certain applications on your computer.

[piccolomondo]

Just an average day on the Internet, circa 2006.
Sites and apps referenced in the video are Bloglines, Flickr, more...SquirrelMail, Gmail for Domains, LinkedIn, Digg, WordPress, Geeky Traveller, Capulet, Writely, Google Groups, Remember the Milk, SurveyMonkey, OfficePools, Technorati, Performancing, Hotmail, Hittail, Basecamp, Blinksale, Google Adwords, Magnolia, Delicious, Upcoming.org, YouTube, MetaCafe, Box.net, Filezilla, Laplink, World of Warcraft and Cisco VPN.

User Name And Password