Passwords and How They are Stolen

August 4, 2007 at 3:48 pm 6 comments

I posted a comment on  Angry 365 Days a Year about passwords.  The entry was entitled Passwords suck.  Most people don’t know a lot about passwords and password stealing.  My comment on the post was on how the passwords can be stolen:


Here are some of the ways people get passwords:
1) The downloading of keyloggers.
2) Hackers (if they have a known target) can port scan (check the open ports on a computer), find ports with vulnerabilities, and transfer data (such as a keylogger or R[emote]A[ccess]T[rojan]) through to the computer.
3) Hackers connect to a server of an email service, messenger service, etc., and run a brute force/dictionary attack. This is done by writing a program to continually try and rearrange letter combinations (brute force), or test all the words in the dictionary.

I forgot to mention shoulder surfing. Shoulder surfing might be the most common of all. People looking over your shoulder while you type your password is a serious security risk.  Another method is social engineering, which is someone tricking you into giving away your password (usually by pretending to be tech support).  A very similar way of getting passwords is phishing, by asking for passwords or personal information in email (or connecting you to a false site that will look authentic). Here”s a little guide to making strong passwords:

 1)  Do not use words, known phrases, names, numbers, or personal information as passwords.
2) Use random letters and numbers in your password.
3) Use a mixture of uppercase and lowercase letters in your password.
4) If possible use special symbols such as $%.! in your password.
5) If you write your password down, do not put it out in the open. Shred the paper if you throw the password away.
6) Never trust anyone who wants your password.
7) Never put your password in plaintext on your computer (unencrypted text).

Here are some examples of weak passwords (in red) and strong passwords (in blue):

jimmy
girlfriend
11684
472385
mydoggie
1337

fo25vPEvMg42
dUI1OhanLINd5Ay
tym81MPty64
qmJ50cX85

Hopefully you can apply these tips to your passwords.

Cheers,

Ivan

Advertisements

Entry filed under: Computers, Hacking, Internet, Security, Technology, Tips.

MyPodcast.com, Free Podcasting Service Shrink Your File Format

6 Comments Add your own

  • 1. -kf  |  August 5, 2007 at 1:41 am

    On UNIX and UNIX-like operating systems, a lot of admins are nagged by users for the root password to do some task. A good admin will refuse and simply change permissions to the files the user needs to carry out their desired task, add them to the sudoers file, or set up a chroot jail. A lazy or dumb one will just give up the root password without a second thought.

    Reply
  • 2. shadow81dan  |  August 5, 2007 at 4:05 am

    What are you thoughts about using commons words, except backwards? drowssap instead of password for an example.

    Reply
  • 3. Stephen  |  August 8, 2007 at 1:17 pm

    I have to juggle 10 diff PWs at the day job. They have a lifetime of 3 months, and you can’t reuse parts of them within 9 months.

    Remembering dUI1OhanLINd5Ay 10 different ways is a RPITA.

    If you only had to remember it one time it would be easier, and useful. instead a few people i work with have a password text file on their computer that is password protected. They have 11 pws to remember I guess.

    Reply
  • 4. Tara  |  August 13, 2007 at 2:02 am

    Hi Ivan,
    Good tips. A month (or two?) ago I came across an article for a password cracking contest. The results are neat actually, they found that “S10wDr1v3r” was cracked six months before “myengagingwives“ – so length is definitely a factor.

    I posted to our company blog about it here.

    Cheers,
    Tara

    Reply
  • 5. Tara  |  August 13, 2007 at 2:03 am

    Oh, and yes, shoulder surfing is a major problem.
    Completely agree.

    Reply
  • 6. Privacy Screens  |  June 12, 2008 at 11:50 pm

    Good Tips. Shoulder surfing is one of the most common as you say, but its also one of the most overlooked. Some people do it out of pure interest, whilst others do it with malice. Thats where new privacy screen filter products make the difference.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


August 2007
M T W T F S S
« Jul   Sep »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Contact

vainentree@gmail.com

%d bloggers like this: