As part of our forensics practice, we sometimes have to break or “crack” passwords. Password cracking is much more difficult and can, perhaps, foil hackers when a few simple rules are followed. Here are some tips to help keep our client's data safe:
Three good rules for passwords:
1) Stay away from the dictionary! Standard words in a dictionary are far to easy to crack. There are many software products that will simply start with “a” and go to “Zythum” trying to find the password that will open the protected information. This type of Password Cracking is called a Dictionary Attack. And it is quite effective.
2) Use a Passphrase. A Passphrase is a longer password, perhaps a sentence or some other set of words that are strung together. This dramatically increases the time required to crack a password. Generally a Passphrase is going to be upwards of 15 characters in length. Use song titles, lyrics, favorite quotes, etc. to make the Passphrase memorable. Another technique related to the Passphrase is the Partial Passphrase. This involves using only a portion of the words in the Passphrase. For instance, use only the first or the first and second letter of each word of the Passphrase. Add numbers and symbols and you have increased the complexity dramatically. Place those numbers and symbols in the middle of the Passphrase and "crackability" drops dramatically.
3) Never use the same password twice. It is easy for us to fall into the habit of re-using passwords. The problem with that, however, is that once the bad guys have your password they have access to everything that particular password can open. So the hacker can move from a Facebook account into someone’s bank accounts.