{"id":36540,"date":"2013-05-28T10:24:19","date_gmt":"2013-05-28T16:24:19","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/2013\/05\/28\/the-password-is-crackable.html"},"modified":"2013-05-29T10:17:24","modified_gmt":"2013-05-29T16:17:24","slug":"the-password-is-crackable","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2013\/05\/28\/the-password-is-crackable.html","title":{"rendered":"The Password Is: "CRACKABLE""},"content":{"rendered":"
Yikes.<\/p>\n

I think a lot of people consider password security about being:<\/p>\n

1. Something they can easily remember.
2. Protection against their colleagues guessing their password, or an ex, or maybe some kid down the street.\u00a0
3. Protection against someone who's logging into a site and trying to log in, one ID\/password at a time.<\/p>\n

The problem is, that's just insufficient, because that's not what that's protecting against isn't really what's going on. \u00a0And the risk is that someone will be able to get into parts of your life, into accounts you have money associated with, etc., and Do Stuff with them. \u00a0Not stuff you would like.<\/p>\n

This article is interesting because it notes ways that folks actually break into the encrypted files that have passwords. It's not just about brute force attacks (though those are a first part of it), but about patterns (capital letters at the beginning; numbers at the end; substituting "@" for "a", etc., as well as pattern on a given site). \u00a0The obscurity of the password as related to your life isn't as key (for these sorts of attacks) as not showing any particular pattern that can be figured out.<\/p>\n

It's not your "enemy" that's likely to be hacking into your account this way. It's not anyone who even knows you, or wants to know you, and they're going to be selling the information to people who don't know you, either, but who do<\/i> want your money (or access to what you have access to). And while they would prefer that you were a billionaire, they'll take whatever they get.\u00a0<\/p>\n

The bottom line (again) is:<\/p>\n

1. Randomized \/ generated passwords. Which implies using a password generator \/ manager.
2. Different passwords at each site. \u00a0Which implies using a password generator \/ manager.
3. Oh, yeah, using a password generator \/ manager. With a really long (but, in this case, easy to remember) password.
4. Two-factor authentication where possible.<\/p>\n

I am not as diligent about any of the above as I would like, but I keep trying to be better.<\/p>\n

Reshared post from +Les Jenkins<\/a><\/strong><\/p>\n

An illuminating look at how even the hardest to crack passwords aren't all that hard to crack. Bonus: A future article will be looking at password managers to see which ones offer the best passwords.\u00a0<\/p><\/blockquote>\n<\/div>\n

\n

\n \n <\/div>\n

Anatomy of a hack: How crackers ransack passwords like \u201cqeadzcwrsfxv1331\u201d<\/a>
\n For Ars, three crackers have at 16,000+ hashed passcodes\u2014with 90 percent success.\n <\/p>\n

View this post on Google+<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Yikes. I think a lot of people consider password security about being: 1. Something they can easily remember.2. Protection against their colleagues guessing their password, or an ex, or maybe some kid down the street.\u00a03. Protection against someone who's logging into a site and trying to log in, one ID\/password at a time. The problem … Continue reading “The Password Is: "CRACKABLE"”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_robots_follow":"","_seopress_robots_imageindex":"","_seopress_robots_snippet":"","_seopress_robots_primary_cat":"","_seopress_robots_breadcrumbs":"","_seopress_robots_freeze_modified_date":"","_seopress_robots_custom_modified_date":"","_seopress_robots_canonical":"","_seopress_social_fb_title":"","_seopress_social_fb_desc":"","_seopress_social_fb_img":"","_seopress_social_fb_img_attachment_id":0,"_seopress_social_fb_img_width":0,"_seopress_social_fb_img_height":0,"_seopress_social_twitter_title":"","_seopress_social_twitter_desc":"","_seopress_social_twitter_img":"","_seopress_social_twitter_img_attachment_id":0,"_seopress_social_twitter_img_width":0,"_seopress_social_twitter_img_height":0,"_seopress_redirections_value":"","_seopress_redirections_enabled":"","_seopress_redirections_enabled_regex":"","_seopress_redirections_logged_status":"","_seopress_redirections_param":"","_seopress_redirections_type":0,"_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[106,55],"tags":[],"class_list":["post-36540","post","type-post","status-publish","format-standard","hentry","category-plusposts","category-blogging-technical"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":26808,"url":"https:\/\/hill-kleerup.org\/blog\/2012\/03\/03\/the-password-is.html","url_meta":{"origin":36540,"position":0},"title":""The Password is …"","author":"***Dave","date":"Sat 3-Mar-12 4:23am","format":false,"excerpt":"The old security manager in me is facepalming ...Not that this is new news; previous reports have painted a similar dismal picture. I remain convinced that the most important password protection in most systems is not the password itself, but the \"if you enter an incorrect password 3 times your\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":24602,"url":"https:\/\/hill-kleerup.org\/blog\/2011\/12\/16\/microsoft-tries-to-corner-the-password-manager-market-with-win8.html","url_meta":{"origin":36540,"position":1},"title":"Microsoft tries to corner the password manager market with Win8","author":"***Dave","date":"Fri 16-Dec-11 1:46pm","format":false,"excerpt":"I actually don't usually mind these efforts by MS to come up with well-running utility programs that obsolete or bankrupt their competitors (as long as they don't exclude someone from using something else). So, yeah, I use MS Security Essentials on my home machine, rather than someone else's competing-free or\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":23505,"url":"https:\/\/hill-kleerup.org\/blog\/2011\/11\/06\/i-like-password-but.html","url_meta":{"origin":36540,"position":2},"title":"I like Password, but","author":"***Dave","date":"Sun 6-Nov-11 3:20pm","format":false,"excerpt":"I love Password, the classic and the home game. Caught reruns of this show on Game Show Network the other night and ... yuck. It's all Bright Lights Thrilling Music Millionaire-Style, with Escalating Prizes (again, Millionaire-Style) ... but, worse, it's all about timed competitions. In Password terms, it's all Lightning\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":37135,"url":"https:\/\/hill-kleerup.org\/blog\/2013\/06\/04\/password-management.html","url_meta":{"origin":36540,"position":3},"title":"Password Management","author":"***Dave","date":"Tue 4-Jun-13 2:36pm","format":false,"excerpt":"Good article at Ars on using password managers (and using them securely). I've been a LastPass user for years, but I am also aware that there are some things I can do to beef up the security of how I use it\u00a0(notes topic of conversation with +Margie Kleerup). The secret\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":41651,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/04\/09\/so-its-time-to-reset-your-password-but-maybe-not-yet.html","url_meta":{"origin":36540,"position":4},"title":"So it's time to reset your password … but maybe not yet","author":"***Dave","date":"Wed 9-Apr-14 3:46pm","format":false,"excerpt":"The Heartbeat bug seems be making a password reset on important websites pretty necessary ... but until the site you're going to actually updates its security, there's not much point in doing so.So stand by for email notifications from your Internet vendors if you need to do something. Though, honestly,\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":130451,"url":"https:\/\/hill-kleerup.org\/blog\/2016\/04\/18\/forcing-frequent-password-changes-is-a-bad-idea.html","url_meta":{"origin":36540,"position":5},"title":"Forcing frequent password changes is a bad idea","author":"***Dave","date":"Mon 18-Apr-16 10:44am","format":false,"excerpt":"If for no other reason than that people then end up using weaker passwords that they can memorize, and to click those \"stay logged in\" boxes even when it's not safe to do so. Password managers like LastPass can help -- but they aren't always accessible. Coming up with better\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/36540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=36540"}],"version-history":[{"count":1,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/36540\/revisions"}],"predecessor-version":[{"id":36603,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/36540\/revisions\/36603"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=36540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=36540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=36540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}