The Populist Press Weblog

Orlando's Underground Media

Pump Up Your Password

with 3 comments

Jack O’Spades

The first, and too often the last, line of security for a computer network is a user name and password. However, many people and organizations (who shall remain nameless!) neglect using strong passwords. In this, the first Populist Geek Information Technology Security column, I will show you how to make your home or organization’s network more secure.

 

 So what exactly is a weak password? A weak password comes in many different forms, in many cases overlapping each other. Weak passwords are usually short, easy to guess with little or no background information, and consist of a limited variety of characters. Things like the name of a child or a family pet, a term of ideological significance to a person/organization (for example, peace, justice, unity, etc.), or a birthdate, should be avoided.

 

 

When designing a password it’s useful to know the type of tools a cracker (read: malicious hacker) uses to break passwords. There are two types of code breaking software commonly used by crackers, dictionary attacks and brute force attacks. In a dictionary attack, a program attempts to break into a computer by passing word by word from a dictionary until it finds one that matches the system’s password. This is why passwords that are simply words or number sequences are particularly vulnerable passwords.

 

 

A more powerful, but far slower tool used by crackers is the brute force attack. Whereas the dictionary passes words until it finds a match, the brute force attack systematically creates a sequence of characters until it finds one that matches the system password. This is very much like dialing 111-1111, 111-1112, 111-1113, etc, on a telephone until you find the person you want to call. Brute force attacks are particularly devastating against small passwords, or passwords that use a limited character set.

 

 

Strong passwords are longer and made up of a variety of characters. A good example of a strong password is: “J@c57!$2cR@cK9uN4”. Note the use of both uppercase and lowercase letters, numbers, and symbols.

 

 

Granted, such passwords are difficult to remember, but there is a good solution to this, a password database. There is a program known as KeePass (go to http://keepass.info/download.html and click on the link under “latest stable release”), which helps create and store strong passwords. A particularly helpful feature of this program is its ability to create randomly generated passwords and show the relative strength of a password.

 

 

The program stores the passwords in a .kdb file. This database is accessed by a password and/or an encoded .key file. I would recommend using both a strong password and a .key file encoded onto a USB flash drive or CD. Be sure to have one backup key tucked safely away so that you can access the file if you lose your original key! All you need to do is right-click on the .key file, select the “copy” option, open up the place you want to put the back up, and right-click on an empty part of the window and select the “paste” option.

I hope this has been helpful to you guys. Until next time, stay safe, and remember to use protection when surfing “questionable” websites!

******************

Mr. O’Spades is a programmer and student of Computer Science at Valencia Community College. He plans on transferring to the University of Central Florida to further his study of the dork arts.

Advertisements

Written by jackofspades83

March 4, 2008 at 10:12 pm

3 Responses

Subscribe to comments with RSS.

  1. […] passwords for the rest of us Recently, the Jack O’Spades wrote an interesting article about passwords and how NOT to create them. He’s, of […]

  2. Fantastic! I love the way you explained how the brute force attack works. Very often people mention it without fully understanding it. I myself only learned about it since I started working at PassPack – an online password manager.
    Keepass is an excellent product, many PassPack users like to use the two together.
    More info on PassPack security, if you’re interested:

    http://www.passpack.com/info/security/

    dani

    dani

    March 5, 2008 at 12:47 pm

  3. […] thank you, “Louise”! But you see, even the poor Jack O’Spades has already had this information spammed mentioned on his blog by […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: