Your Passwords Suck

Good article.

I’ve seen way too many people with passwords as simple as one basic word with no variation to something familiar to them.

Mine as of late are changing for every new sign I sign up by using something about the website in the password, keeps it different and easy to remember.

Your Passwords Suck

The only person you can rely on to keep your password secure is yourself. And let me tell you, you’re probably not doing enough to keep number one safe. The reason: Your special lump of letters, numbers, and symbols are likely spread over too many sites, are not long enough, and are probably too personal. Most of our passwords suck. And it’s kind of a big problem.
The thing to understand is that the biggest threat to your security isn’t some creep sitting in front of your email login screen, randomly bruteforcing his way into your account. Nope, you’re up against computers that can run thousands of encrypted passwords by dictionaries of several languages, everything in the World Fact Book, and Wikipedia in a matter of minutes.

And the setup that makes cracking weak passwords a cinch is seriously nothing special. A journalist at the Tech Herald named Steve Ragan was able to crack over 80,000 encrypted passwords the AntiSec movement published on the Internet in just five hours with a $300 off-the-shelf computer and free downloadable software. One of the most surprising things he found from his password-cracking experiment: “Someone used a period. It just blew my mind.”

Oh, and note: Leetspeak will not keep your password safe. “Numbers substituted for letters is really, really bad. Most password applications will try that before they do plain English,” says Chester Wisniewski, a senior security advisor at Sophos. Patterns on a keyboard are bad news, too. “You think you’re being clever, but you have to remember: The criminal’s a part of us.” It doesn’t require much to fell some 6-character entry made from your dog’s name with some digits tacked on. “People will use their birth year. If there are four digits at the end, it’s not a remarkable coincidence that most start with 19,” says Wisniewski.

Once your password has been compromised, it isn’t just bad news for your Zappos account. If you’ve used the same login for other services, you’ve given a hacker access to more that just your shoe size and sneaker preference-you’ve opened yourself up to breaches of your Facebook, Twitter or email. Details gleaned from one can open up the next account.

Ok, so all of this sucks. What can you do about it? The most important thing you can do to a single password is to make it long. “Adding one more character makes it exponentially more difficult to break-even if you don’t use silly characters,” says Wisniewski. “The password, Apple, is bad. But focusing on length, Appppppppppple with 11 ‘P’s,’ is actually really good. So size does matter.” Experts suggest a password 12-14 characters long.

The problem, of course, is remembering that many characters. (Storing your passwords in a spreadsheet or email, by the way, is very much frowned upon. One breach means access to your whole life.)

“I’m a big fan of pass phrases,” says Ragan. “It’s something that’s personal—that’s easy to remember. The longer and more random, the less chance of a dictionary crack being successful.”

Wisniewski’s personal trick is to start with a line from a favorite song. He’ll pull the first letter of each word in the line and stick them together for something that’s easy to recall but very difficult to crack. The trick gives him length—which stifles brute force attempts—and randomness—keeping him clear of anything that would pop up in a dictionary. (Actually, when many words are glommed together, the password becomes incredibly hard for computers to crack, but a long string of seemingly random characters is even more secure.) Et voila, a password that is easy enough to remember and secure enough to use.

Stephen Bono, a principal security analyst at Security Evaluators, also suggests using every tool you can on your keyboard. “Most people don’t know you can use parentheses in your password,” he says. Letters, numbers, special characters, and upper case—if you’re allowed to, you should use them all.

Even with mnemonic devices and personal tricks, keeping track of the dozens of passwords we’re required to remember is pretty taxing. There are just so many other things we have to keep straight. (Rent, btw. It’s now passed due). The best thing to do? Get yourself a password manager service. These will allow you to create crazy-secure 14-character, dictionary-search proof, symbol-using passwords for every site you visit, without relying on your brain to remember all the gibberish. Here’s a rundown of a few right here.

And if you haven’t already done what Mat suggested (ahem, change your passwords!), now’s a really good time to do it.

Image: CC licensed, Guillaume/Flickr

Change Your Password Day is February 1 and we hope you’ll join us in the most boring-but safest!-celebration ever.

http://gizmodo.com/5880448/giz-explains-your-passwords-suck

dude i gotta change my password for Shift to like Binary now!

Change it to something like that. Hopefully you can’t remember it either so you can’t log on and post stupid shit like this anymore.

You must spread some Reputation around before giving it to JRubino again

why dont you go play in the sandbox with murrdouche, he’ll enjoy your company in hell.

Thank you for another stupid post

Don’t worry, I repped him twice. Once from you, once from me.

Why don’t you think a little bit before you post? It’d prolly stop most of the shit you get from everyone.

no it won’t, the impression of a retard has been made, and now it can’t be changed. I could make a well thought out, lengthy, KK-esque post, and the next few comments would still say “retard” or “dumbass” or something equally douchey.

The impression of “retard” simply came about once you signed up with your user name. Then make dumb posts.

+rep

Thank you Captain Obvious.

dumbass

So just admit the only reason you’re getting shit from people is because you make dumb posts with a “special” user name… You’re the only one to blame here.

THIS THIS THIS THIS

:rofl

my passwords on forums are easy to remember cause i could care less if someone hacks onto them…important shit gets passwords that i usually have to type in two or three times before i remember the right one.