Free call

How to remember passwords?

26. June 2017

The best security measures are useless if weak credentials are chosen. This raises two essential questions, which I would like to explain below.

What is a bad password, anyway?
How can I create and remember strong passwords?

There are two main ways of attack to guess into credentials.

  1. BruteForce
    All combinations are tried through. Depending on the choice of characters and length of the password, there is a finite number of combinations.(formal, power laptop, example
    Z = character pool

    L = Password length

    X = number of combinations

    ZL = X

    		 Explanation character pool:

    Alphabet (a-z): 26 characters

    Upper and lower case (a-Z): 2 times alphabet

    Numbers 8 (0-9): 10 characters

    Special characters (#!…): 10 characters

    In addition, of course, it depends on the hardware equipment of the attacker. The following is an example to illustrate this.

    Alphabet (a-z): 26 charactersCapitalization (a-Z): 2 times alphabetNumbers 8 (0-9): 10 charactersSpecial characters (#!…): 10 characters

    Z (a-Z) = 52

    L = 8

    528 = 53 *1012

    		 Gaming laptop:
    Combinations per second = 350 *106
    Time needed: 6 days

    GPU compute cluster:
    Combinations per second = 180 *109
    Time needed: 5 seconds

    Here is the additional hint that statically, the password is guessed after half the time.
  2. Dictionary
    List of possible passwords(public lists, own list, default credentials, company, Facebook and co) or mutate (+year or special characters)

After that passwords would be bad, which

  • are short
  • are in password lists
  • contain unchanged words
  • old are
  • Be used multiple times

The latter does not enable a direct attack, but still has significant impact if the same password is used on multiple services. Just because Amazon protects customers’ access data quite well, this does not necessarily apply to the “InSecure-HerzHund-forum.de” or the “trustworthy” fitness app from Paraguay that constantly activates my camera.

There are two possible solutions to this dilemma

  • A password manager (post to follow)
  • Creativity

I would like to explain the latter briefly. Let’s assume that you need a password for eBay. Think about a sentence in the context of eBay.

I am the auctioneer

Changes the spaces to any special character and adds a number in any position.

I&am&the7&uctionator

With this you have created a password which

  • Long is
  • Not in a password list
  • Does not consist of an unchanged word
  • was not used more than once
  • And easy to remember is

This leaves only the password age factor, which is influenced by you. It is recommended to change passwords every 90 days. I consider this to be excessive for private individuals and for passwords created in this way. Here I would do the password change once a year.

You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information
Unblock content Accept required service and unblock content

Similar posts

30 minutes to a secure WordPress blog

WordPress is still the tool of choice, especially for newbies, to quickly create a respectable website. All nice KlickiBunti, so [...]

Read more

26. June 2017

Deceptive security: antivirus and firewall

We are safe because we have a virus scanner and a firewall! This statement is often the first to fall [...]

Weiterlesen

11. July 2017

Detect phishing emails

Almost every day, users become victims of so-called phishing emails. Therefore, in this short post, I would like to point [...]

Read more

14. July 2017

Mini basic protection for home

Every day, millions of people become victims of cybercrime. These are usually not targeted by professional hackers, but fall victim [...]

Weiterlesen

3. October 2017