Be on the Defense of Weak Passwords & Stronger Crackers

Posted by on October 10, 2012

Passwords Have Never Been Weaker & Crackers Have Never Been Stronger Thanks to Real-World Data, Keys to Your Digital Kingdom are Under Assault. In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to

Passwords & HackersPasswords Have Never Been Weaker & Crackers Have Never Been Stronger

Thanks to Real-World Data, Keys to Your Digital Kingdom are Under Assault.

In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren’t typical of mass-produced Phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites’ servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too.

Within hours anonymous hackers penetrating Gawker servers and exposing cryptographically protected passwords for over 1 million users, bot-nets were cracking the passwords and using them to commandeer Twitter accounts and send spam. Over the next few days, the sites advising or requiring their users to change passwords expanded to include Twitter, Amazon, and Yahoo.

The danger of weak password habits is becoming increasingly well-recognized.

The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.

A New World of Hackers & The Weaker Password Users!

Newer hardware and modern techniques also contribute to the rise in password cracking. Cracking programs today can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers.

Hackers running such gear also work in tandem in online forums, which allow them to pool resources and know-how to crack lists of 100,000 or more passwords in just hours.

Most importantly, a series of leaks over the past few years containing more than 100 million real-world passwords have provided crackers with important new insights about how people in different walks of life choose passwords on different sites or in different settings. The growing list of leaked passwords allows programmers to write rules that make cracking algorithms faster and more accurate.

“It has been night and day, the amount of improvement, Rick Redman a penetration tester for security consultants KoreLogic and organizer of the Crack Me, password contest at the past three Defcon hacker conferences. “It’s been an exciting year for password crackers because of the amount of data. Cracking 16-character passwords is something I could not do four or five years ago, and it’s not because I have more computers now.”

My recommendation is to use an application such as RoboForm or Password1 to secure your all passwords on smartphone and  computer. Your passwords will need to look like this one 8Lk7364&95kfokoif8unf**$#@!

I tell you this because I got hit it hurt! But I was lucky to have help!

Good Luck