|
You wouldn't leave your car keys in your car, or your house keys under your welcome mat. You wouldn't make copies of your safety deposit box key and share it. Why treat your technology passwords any differently?
Keeping your passwords private, secure, and 'unbreakable' is one of the most important steps you can take for safer computing. If your passwords slip into the wrong hands, your identity, finances, and personal information could be in jeopardy.
Passwords - Gateways to your digital information
Unfortunately most are easy to break
*!Fp3cD0q - Yikes! Ever wonder why we give you such strange and difficult passwords when your network account is created? Why do we require that you use a mix of case and characters? This type of password is considered "strong". Passwords are important components in ensuring privacy and security on the computers you use both here at Fort Lewis College and at home. Unfortunately, many of the passwords people use are simple or have been in use for a long period of time and for mulitple accounts. Creating simple passwords may make it easier for you to remember, but it also makes it easier for others to guess or to crack.
Consider these findings...
- Studies have shown that more than 40 percent of all individually-chosen passwords are readily guessed by someone who knows you.
- In a recent survey of password use, more than 3,000 account passwords were cracked out of a test sample of more than 13,000 with multiple, and fairly accessible, tools.
- Because many people use the same or similar passwords for different computers and multiple accounts, gaining access to one password often provides access to other systems and accounts.
How Passwords are cracked
Dictionary programs are one of many tools frequently used to crack passwords. A hacker will launch a dictionary attack by passing every word through a dictionary, which can contain foreign languages in addition to the entire English language, to a login program hoping that a word will eventually match the correct password. Even worms and viruses will attempt to guess passwords.
Ways in which passwords are vulnerable
- Many people do not change the default password that comes with some computer security systems. Lists of default passwords are available on the Internet.
- A password may be guessable if someone chooses a piece of personal information as their password.
- Such items include a student ID number, boyfriend or girlfriend's name, birth date, telephone number, or license plate number.
- Personal data is now available from various sources, many online, and can often be obtained by someone using social engineering techniques such as posing as an opinion surveyor.
- A password is vulnerable if it can be found in a list of commonly-chosen passwords.
- Dictionaries, often in computer-readable form, are available for many languages, and lists of passwords are easy to obtain. In tests on live systems, dictionary attacks are so routinely successful that software implementing this kind of attack is readily available.
- A password that is too short, perhaps chosen for ease of typing, is vulnerable if an attacker can obtain the cryptographic hash (mathematical function which maps values from a large domain into a smaller range) of the password. For example, computers are now fast enough to try all alphabetic passwords shorter than seven characters.
|
|
did you know?
| Studies have shown that more than 40 percent of all individually-chosen passwords are readily guessed by someone who knows you. |
password tips
Password Stories and Studies
|
