Posts Tagged ‘password’
Password, password: keep me safe.
I forgot my damn SacLink password last Monday on campus.
It was kind of sad; I just sort of sat there looking glum. I finally reset my password with the ever-helpful “forget your password?” link.
Though it was a quick fix, it made me think: this is way too common. I can’t tell you how many times I have had to change my own passwords so they weren’t too difficult. And some programs force you to have at least one capital letter and number in your password for the sake of its proposed infallibility.
I decided to look into password security, because I often feel most people don’t take it seriously. In fact, I found that much of what has been created around so-called “fool-proof” passwords is something of a farce. For years now people have ascribed to the belief that more complicated is better. This just doesn’t seem to be true.
A common example of a “fool-proof” password is a normal word that contains minute changes to make it more randomized (think of changing an “o” to a “0” or a “b” to a “6”). The more people were told about these ambitious passcodes the more they accepted them as safe.
The age of human hackers is over. In fact, it was never really around. Computer hacking is a detailed skill that requires readily available software which uses options such as “dictionary” or “brute force attack” to trick your computer into giving up your password.
The program feeds hundreds upon thousands of permutations per second into the account being hacked to figure out precisely what the word or words are. Many passwords, regardless of how many letters or numbers you swap, can be figured out from a matter of hours to a matter of weeks, according to author Rob Shimoski, a lead network and security engineer who works with Cisco and Nortel.
It’s not even bad enough to have a password found out by advanced logarithms. The programs usually check for the most obvious words first.
But how can we prevent this? If a computer can go through thousands of combinations of letters, numerals and symbols in seconds, how can I possibly trust my password?
Computer programmer and former NASA roboticist Randall Munroe, known for his quirky stick figure webcomic xkcd, had an interesting observation in his August 10, 2011 panel:
“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
His solution? Instead of using cryptic pastiches of words that make you forget which piece goes where like an ill conceived game of Perfection (remember that, 90s kids?), you can use a simple randomized series of words to make a nearly unbreakable and at the same time easily memorized password.
Take words like “candle,” “fabric,” “shuttle” and “doggie.” Say them out loud and think of them all together in a picture. Candle fabric shuttle doggie. It’s rather easy to remember a series of random words, and it makes it virtually impossible for a computer to solve your password. Well, at least in your lifetime.
To solve a password that had four disassociated words, a program that could run at a thousand guesses per second could take more than 500 years to solve it, according to Munroe.
While it takes a couple more seconds to type in my password, I know that what I have on the Internet is safe. As a journalist and student, I have to be on my toes about anything suspicious. And nowadays a huge part of society’s security deals with the Internet.
Think of all the different things people use passwords to protect: their mail, purchasing, finances, social presence, school accounts and much, much more. As a transfer student, I am now fully aware for the first time how much college really costs, and I am resolute in keeping my online security.
I only hope everyone can avoid the robots with me.
For more on secure passwords visit Microsoft’s password checker.
