Most Internet fraudsters do not bother with sophisticated password theft methods. Their goal is easily guessed combinations. 1% of all existing passwords are selected from 4 attempts.
How is this possible? Very simple. Here are the magnificent four of the most common combinations in the world: password, 123456, 12345678, qwerty. After sorting through these options, on average 1% of all “doors” open. Brute force is a system that allows you to try all possible versions of a password in order. For a 5-digit password, this is 100 thousand combinations. The program copes with this task in seconds. Decent mail services do not allow infinitely enter incorrect passwords, but such protection is not configured everywhere.
These passwords are harder to guess. However, the pirates will not hesitate to redouble their efforts to find these numbers when they discover a password hint, such as “my social security number.” Out of competition - identical passwords. Obviously, all the errors mentioned above are made for one reason - currently we usually use from 5 to 10 online services, and it is very difficult to remember from 5 to 10 passwords unique and difficult. Fortunately, there is a simple technical solution to this problem.
Use to store all your passwords in encrypted form and do not waste time remembering them all. Thus, you can have extremely strong passwords for each site without risking forgetting them.
- Do not use the same password on multiple sites.
- Use strong passwords.
- Check the reliability of passwords with the help of specialized services.
In addition to the top 5 most primitive passwords, there are common mistakes that careless users make. Using sequential combinations and repeating characters like “222222”, “abcdefg”, or a combination of adjacent letters on the keyboard will not be a strong password. Also, the replacement of similar numbers and symbols resembling letters, for example, @ in the word “p @ p @”, is an obvious move for fraudsters too.
Because some web services are weaker than others, safe, and because no site is ever fully protected against piracy, you cannot expect passwords to be secure ever. However, the most serious sites protect user passwords by “hashing and assigning a unique random value”, mainly using cryptography and adding other information related to each individual password. In the case of data theft, it will make it difficult for hackers to find real passwords.
But using hacked software, hackers can quickly make many attempts to decrypt user hash passwords. For example, Hashkat can make 8 billion attempts per second. One word of order: protect yourself! With the help of hacked software, weak passwords are the first to deliver their secret, because software algorithms easily guess them. A strong password can be used as the last line of defense, and long passwords have proven to be particularly difficult to guess. As Khashkat proves, this is not so difficult.
And finally: do not use as a password your name or the names of your relatives, date of birth, insurance policy number, login or other personal information. This data in the hands of fraudsters will be immediately used against you.
1 voteGood day, dear readers of my blog. Did you know that the simplest passwords list appeared on the web in 2009? Immediately after one hacker managed to massively hack 32 million accounts on Facebook.
To break longer passwords, pirates can add Bible quotes and even online discussions to their dictionaries to increase the chances of finding passwords suggested by common phrases. The latter easily breaks encryption, but first, the beaten passwords are extracted from the hacked website before hacker students can attempt to perform a hacking operation.
Among the recommendations that should be considered, firstly, do not use the same password for all sites, no matter how long or complex the combination of characters. Did you like this article? Share it! The name for the sensation is completely absurd, the indicator of 8 billion tests per second is balanced without taking into account the computing power of the platform and the messages brought to a possible publication of the tool, because it changed the variable from 40 to 55 and enjoys it for free sensationalism, this is doubtful. This is not a power attack, but a combination of different methods, including attacks to help with a dictionary, a rainbow table, a list of the most common X million million passwords, the algorithms are very complete, it goes without saying that the machine is well equipped at the material level to get 8 billion tests can not attack the brute force of 55 characters, it can be criticized for a small lack of accuracy, especially the nature of the target algorithms. Security experts will blame him for their technical inaccuracies, but he deserves to be aware of the weaknesses of "simplified" authentication. In this article, nothing happens in terms of information. Words like adding bible fragments or quotes to a dictionary or whatever type of character? And most importantly, "Khashkat can now crack passwords with 55 characters.": Well, like all of its competitors for a long time, from the moment we don’t say how long it takes or what types of characters it doesn’t have meaning.
- It would be better to write a crack of long words.
- This, of course, is much less sensational.
- The mistake is that if you want to keep a minimum level of trust.
The most surprising is that among the most popular ciphers there were such as Epsilon793 and 8675309. The first appeared in the movie “Star Trek”, and the second in the song Tommy Tutone.
But those who used these combinations seemed to have invented the most difficult passwords. By the way, we will talk about such today.
Fourteen years ago, researcher William Burr founded a guide to an “ideal” password that is more complex and therefore less easy to decipher. Repeatedly updated guidelines indicate that a good password must contain at least one upper case letter, one lower case letter, one number, and a special character that should be secure. It serves as reference material for many computer security experts.
Burr himself admits that his recommendations were based on consolidated and incomplete knowledge and that he was not a security expert when he compiled them. Password phrases consist of several words in a dictionary, placed one after the other, without the need to include a special character, number or capital letter. For example, “arids count their fuzzy guards” is a phrase that is almost impossible to guess for a pirate, despite his simplified move. The more words a word contains, the fewer errors there will be.
2009 was not the best for large companies. While one hacker cracked 32 million accounts on Facebook, another worked on just one. From the Twitter admin panel, which later led to the hijacking of accounts with Barack Obama and Britney Spears.
That's because someone guessed in the admin to use an incredibly complex combination, namely the word: “Happiness”. Probably, it seemed to the administrator that no one would try to hack Twitter.
We recommend using at least five words, but using more for free. 
The advantage of pass phrases is that they are easy to remember, being extremely difficult to detect. However, it is not enough to choose the first words that you think of in order for this method to work. The security secret of the phrase is entropy.
A chance for your security service
If you are not a computer expert, just remember that entropy is a measure of probability and that a password is safer if it is randomly generated. Hackers typically use software that can check thousands of unique passwords per second when they try to insert them into a secure system. To do this, they rely on some of the most common words and permutations. Among the most common permutations is the use of an exclamation mark at the end of a common word or the replacement of some letters with the same numbers.
Do not be naive. Do not think that no one needs. Some people break into accounts in batches and sell this information, while others can do it just like that, while others still get really important information.
If someone succeeds in breaking the password that you use for classmates, then even a bank card data can be recovered further. And still, that you have never used it on this site.
These permutations, although they slightly increase the time required by a hacker to detect them, do not significantly improve security, since they are based on the predictable behavior of people. The same applies to the choice of words for a phrase. It makes no sense to choose five words if they can be found in the famous quotation or song of a popular artist. It is equally useless to choose words that are logically connected. Unfortunately, a person does not create a chance very well.
What can I say about the cases when the same ciphers are used on several resources? Some hackers specifically choose weak resources with a frivolous account protection and quickly find out the necessary data. All other information is obtained by chain, one after the other. When they are identical, you are much easier and faster.
Each word in this list is associated with a 5-digit code. By rolling a dice five times for each word and noting the numbers you get, you can create a strong entropy password that will be almost impossible to detect for a pirate, but it will be easy to remember. 
The next time the website requires you to enter a password that contains a capital letter, a lowercase letter, a number and a special character, you can say that you know more about the subject than the one who defined these rules.
By the way, in free access there are programs that theoretically help to recover the password, and actually crack it. By the way, the most advanced versions store huge lists of standardized passwords, per second they select more than 2 billion options for a single login or email.
Penalty, but irreplaceable passwords are an important part of our digital life. Some practical tips to improve their management and their safety. I still forgot my password! If you regularly use this phrase, this article is for you. You undoubtedly know that you will never have the same password. Yet you failed and gave way to relief.
After years of intensive use of the Internet, you have created accounts. What is personal information? And, above all, what vulnerability? At the time when mass operations cause headlines, you say that, since good resolution is constantly rejected, that at the household, zero, this time with good computer hygiene, they promised, swore, spat, we will no longer be accepted. This is good: at home we wanted to do the same.
- The more comfortable the password to remember, the easier it is for hackers. If the cipher does not cause you any associations, it will be harder to crack. Even the most seemingly sophisticated train of thought can be foreseen.
- Never use the same or very simple passwords if you are worried about your own security.
- Always think about protecting your data, even insignificant information can lead to sensitive and meaningful information.
- Well, the last thing I haven’t mentioned yet is that you don’t store your passwords in a normal Word file on your computer or in messages on your phone. With a targeted attack, and with specialized equipment, it will not be difficult to get full access to all the data on these devices. Stoned to someone, and then you will suffer.
How to come up with a strong password
There are many ways to come up with a very strong password. But, as I said, it is best not to try to find any algorithms, but to create everything at random. It is clear that in this case there will be many problems.
A selection of good, easy-to-remember passwords.
Not necessarily - especially since the task seems almost impossible. Using special characters is especially a panacea, because there is a much more effective factor for a password: make it longer! The ideal is to even use the missing phrase: a real sequence of words is much easier to remember. Be careful not to select items directly related to you. Ideal is the choice of words at random, but the real sentence with punctuation, for example, is also very effective.
Accepting this healthy reflex encounters a raging and difficult obstacle to circumvent: online sites and services are still too many to make it impossible to use a phrase that prohibits accents, spaces, or restriction of the accepted length. In the latter case, to keep the password strong, adding special characters can be palliative. This is good: often these same sites continue to require it.
Starting with how to remember all this information (you can not store in Yandex browser or Google) and ending with endless repetitions due to typing errors.
And nevertheless, to our aid, as always, always comes two ways. One is free, the other is simple. Let's start with the first. How to come up with a password that will be difficult to crack? There is nothing impossible on the Internet, only the more complicated the cipher is, the less people can crack it and will generally try to do it.
It is very important to use a unique password for each site. A very popular technique of hackers is when a website is pirated and its databases are published to identify passwords and reuse them on other sites. passwords allow damage to the hacker.
Often change the password? . Internet users are often encouraged to regularly change their password. This advice, dubious, is contained in the recommendations of the French computer security authority regarding passwords. In fact, scholars who study the behavior of Internet users are increasingly numerous, because this restriction leads users to resort to simpler, more predictable passwords and to them in an insecure manner.
By the way, one of my friends works in a cool pharmaceutical company. To access her laptop, she must enter a special USB flash drive in a specific slot (out of five available), then within three minutes, set her password, which automatically changes every 15 minutes, and at the time the USB flash drive is inserted into the slot, it is sent to her phone.
If the girl three times does not have time to finish the input after the time has expired, you have to call the technical support of your own company.
This is the kind of protection you say. How to act you?
- Take any saying, a nursery rhyme or couplet from a famous song and write it in the Russian layout, while typing on the English keyboard. Replace some letters by analogy with numbers, and instead of spaces between words, use capital letters.
Suppose: U0ke, 0qDfg0n. On the Russian layout, it will look like this: “G0lub0yVag0n.” Unfortunately, it is possible that somewhere I was wrong. By the way, in my case this is just a short example. Your strong cipher should consist of a much larger number of lines of the song.
The method is pretty good, but note that if they start to use it often, a program will appear rather quickly with a list of the most popular songs, aphorisms and nursery rhymes. Automatic replacement of letters in numbers does not take much time.
- You can only use the first letters of each word of an unknown song.
For example, Mmmalyi0i0i0vt ("Million Scarlet Roses"). Here I also replaced one of the letters with a number. By the way, you can complicate and come up with your replacement. It is not necessary to write a zero instead of O, you can replace all the letters "T" with "8." But again, do not use the same scheme for different sites so that you will not be hacked along the chain.
- Take a look at the keyboard and draw some pattern with the keys. The main thing is to remember it.
Suppose o90pli or i9olkju8 - circles. You can make it easier to remember.
How to create the most difficult password
I have repeatedly talked about this program, but the theme requires it. To fill out forms on different sites, inventing and remembering passwords, I use Roboform .
A very useful service that can be installed on all browsers and devices. I already told you how to work with him in one of my articles and even mentioned a case that happened to me because of a delay in installation and carelessness. You can read in my blog.
Roboform - This is a great generator, with which it is impossible to forget any of the ciphers. They are created automatically, without any algorithm. Something from the “hit your head on the keyboard” series. Then securely encrypted. That is, your password is stored not only under the password, but also in encrypted form.
You can install the program on all devices: phone, tablet, computers and you will always find the password for the desired site, wherever you are. Very convenient, especially if you are doing.
The customer who you have not seen for 15 years is calling (this is a frequent phenomenon) and requires that you immediately send him a login from the admin area. You will not be difficult to do it in the shortest possible time and forget about the bad customer. You will not spend a single nerve on it, not a single negative emotion.
Well that's all. Now you know how to create complex passwords for VC, your sites, any services, do it quickly and never lose the necessary data.
If you like this article - subscribe to the newsletter and find out the most reliable and relevant information. See you soon and wish you good luck.
