How to remember passwords?

26. June 2017

The best security measures are useless if weak credentials are chosen. This raises two essential questions, which I would like to explain below.

What is a bad password, anyway?
How can I create and remember strong passwords?

There are two main ways of attack to guess into credentials.

  1. BruteForce
    All combinations are tried through. Depending on the choice of characters and length of the password, there is a finite number of combinations.(formal, power laptop, example
    Z = character pool

    L = Password length

    X = number of combinations

    ZL = X

    Explanation character pool:

    Alphabet (a-z): 26 characters

    Upper and lower case (a-Z): 2 times alphabet

    Numbers 8 (0-9): 10 characters

    Special characters (#!…): 10 characters

    In addition, of course, it depends on the hardware equipment of the attacker. The following is an example to illustrate this.

    Alphabet (a-z): 26 charactersCapitalization (a-Z): 2 times alphabetNumbers 8 (0-9): 10 charactersSpecial characters (#!…): 10 characters

    Z (a-Z) = 52

    L = 8

    528 = 53 *1012

    Gaming laptop:
    Combinations per second = 350 *106
    Time needed: 6 days

    GPU compute cluster:
    Combinations per second = 180 *109
    Time needed: 5 seconds

    Here is the additional hint that statically, the password is guessed after half the time.

  2. Dictionary
    List of possible passwords(public lists, own list, default credentials, company, Facebook and co) or mutate (+year or special characters)

After that passwords would be bad, which

  • are short
  • are in password lists
  • contain unchanged words
  • old are
  • Be used multiple times

The latter does not enable a direct attack, but still has significant impact if the same password is used on multiple services. Just because Amazon protects customers’ access data quite well, this does not necessarily apply to the “InSecure-HerzHund-forum.de” or the “trustworthy” fitness app from Paraguay that constantly activates my camera.

There are two possible solutions to this dilemma

  • A password manager (post to follow)
  • Creativity

I would like to explain the latter briefly. Let’s assume that you need a password for eBay. Think about a sentence in the context of eBay.

I am the auctioneer

Changes the spaces to any special character and adds a number in any position.

I&am&the7&uctionator

With this you have created a password which

  • Long is
  • Not in a password list
  • Does not consist of an unchanged word
  • was not used more than once
  • And easy to remember is

This leaves only the password age factor, which is influenced by you. It is recommended to change passwords every 90 days. I consider this to be excessive for private individuals and for passwords created in this way. Here I would do the password change once a year.

Ähnliche Beiträge

WordPress is still the tool of choice, especially for newbies, to quickly create a respectable website. All nice KlickiBunti, so [...]

26. June 2017

We are safe because we have a virus scanner and a firewall! This statement is often the first to fall [...]

11. July 2017

Almost every day, users become victims of so-called phishing emails. Therefore, in this short post, I would like to point [...]

14. July 2017

Every day, millions of people become victims of cybercrime. These are usually not targeted by professional hackers, but fall victim [...]

3. October 2017