Posts Tagged ‘passwords’

Usable Sec: Making secure passwords that are useable

To make usable passwords we need to look at them differently. First of all what you need is to use words you can remember, something simple and something you can type fast.

Like these:

Image1

your password increases you security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password.

Using more than one simple word a

It takes:

  • 1,163,859 years using a brute-force method
  • 2,537 years using a common word attack
  • 39,637,240 years using a dictionary attack

It is 10 times more secure to use “this is fun” as your password, than “J4fS<2”.

If you want to be insanely secure; simply choose uncommon words as your password – like:

Image2

A usable and secure password is then not a complex one. It is one that you can remember – a simple password using 3+ words.

Usable Sec: Comparison of PW Cracking Time

Image

Source: https://www.baekdal.com/insights/password-security-usability

Usable Sec: 5 Simple PW Hacks

  1. Asking: Amazingly the most common way to gain access to someone’s password is simply to ask for it (often in relation with something else). People often tell their passwords to colleagues, friends and family. Having a complex password policy isn’t going to change this.
  2. Guessing: This is the second most common method to access a person’s account. It turns out that most people choose a password that is easy to remember, and the easiest ones are those that are related to you as a person. Passwords like: your last name, your wife’s name, the name of your cat, the date of birth, your favorite flower etc. are all pretty common. This problem can only be solved by choosing a password with no relation to you as a person.
  3. Brute force attack: Very simple to do. A hacker simply attempts to sign-in using different passwords one at the time. If you password is “sun”, he will attempt to sign-in using “aaa, aab, aac, aad …sul, sum, sun (MATCH)“. The only thing that stops a brute force attack is higher complexity and longer passwords (which is why IT people want you to use just that).
  4. Common word attacks: A simple form of brute-force attacks, where the hacker attempt to sign-in using a list of common words. Instead of trying different combination of letters, the hacker tries different words e.g. “sum, summer, summit, sump, sun (MATCH)“.
  5. Dictionary attacks: Same concept as common word attacks – the only difference is that the hacker now uses the full dictionary of words (there are about 500,000 words in the English language).

it takes the following time to hack a simple password like “sun“:

  • Brute-force: 3 minutes
  • Common Word: 3 minutes
  • Dictionary: 1 hour 20 minutes
https://www.baekdal.com/insights/password-security-usability

Protected: 2 Ways to Avoid Storing DB Passwords in R Scripts

This content is password protected. To view it please enter your password below: