.

Password Protection

<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Sat Feb 07, 2009 5:46 am

Password Protection

This guide is aimed at absolute beginners. If you are a pro then you'll not be benefiting much from it. However that shouldn't prevent you from reading it.Perhaps you may get to learn something new.


Password security is one of the main concern of computer users. People use passwords for everything from logging in to the computer, using e-mails, online bank accounts and accessing forums :D

A simple username-password is one of the most common schemes of authentication i.e they help to verify your identity. It's such a simple scheme that every computer user is prone to identity theft i.e if someone gets hold of yor password then they can easily access your accounts.

In this document I'll try to teach you some methods to make strong and secure passwords.
While teaching methods to effectively secure your passwords I'll also try to discuss some(read, not all) methods of how they are cracked/stolen.

Passwords can be of the following types:-
1: All letters
2: All numbers
3: All special characters
4: Combination of letters and numbers
5: Combination of numbers and special characters
6: Combination of letters and special characters
7: Combination of letters, numbers and special characters.
8: Another category which actually is the sub-category of letters and used in this forum is using a combination of uppercase and lowercase letters along with numbers and special characters.

The most common ways in which passwords can be stolen are:-
A: Dictionary attack
B: Brute force attack
C: Hybrid attack
D: Password guessing
E: Keylogging

PASSWORD GUESSING
password guessing is simply when an attacker tries to guess your password. Most of the users make the mistake of using their D.O.B, their family members' name, their phone no. or other personal info. as passwords. Attacker knows all of this and tries to guess your password. It seems easy but is very effective in case of weak passwords.

DICTIONARY ATTACK

Dictionary Attack uses a dictionary. Password Crackers will try every word from the dictionary as a password. A good dictionary (also known as a word list) is more than just a dictionary, e.g. you will not find the word "qwerty" in the ordinary dictionary but it will surely be included into a good word list. Indeed, this combination of characters is commonly used as a password.
(Definition borrowed from lastbit.com)

BRUTE FORCE ATTACK

Brute Force Attack is the most widely known password cracking method. This attack simply tries to use every possible character combination as a password. To recover a one-character password it is enough to try 26 combinations (‘a’ to ‘z’).
(Definition borrowed from lastbit.com)

HYBRID ATTACK
In this case, the password cracker checks all words in the dictionary along with its variations. These can be, for example, the same words with different digits appended to them.
(Definition borrowed from lastbit.com)

KEYLOGGING
Key logger is a software or a hardware that records every keystroke that a user types on his keyboard.

This is a good link if you want to learn about the common password cracking methods.
http://lastbit.com/password-recovery-methods.asp

Now let's discuss some methods of securing your passwords:-
A: Never use personal info. like you name, D.O.B etc as passwords.Attacker knows all of this and password guessing is usually the first step he would perform. Furthermore, a simple name can be easily brute forced.

B: Never use common words like starwars, dexter etc. as your passwords. Dictionaries in the dictionary attack are wiser than you think

C: A good password should be a combination of letters, no. and special characters. You can go ahead with a combination of uppercase and lowercase letters, no. and special characters. This makes it very difficult to bruteforce. To give you an idea of how much time it takes to brute force a password read this:
http://lastbit.com/rm_bruteforce.asp

D:  good password should have at least 8 characters to make it very difficult to brute force as you read above.

E: To protect yourself from keyloggers read my guide on how to protect your computer(I'll be posting it in some days). You can go ahead and use an anti-keyloggers.
ZEMANA ANTILOGGER is a good anti-keylogger

F: Make a policy to change your passwords regularly-like every fortnight or every month. This gives less time to the attacker to crack your passwords.

G: Some people often make the mistake of keeping their passwords written in random papers and leave it on their desk etc. Never do this. Anyone can get hold of your passwords and access your acconts.

There are several tested ways to make secure passwords. I discuss some of them here.
A: Phrase alter rule
I just came up with this name to explain you. So you won't be hearing this rule name anywhere else but you would be stumbling upon this method very often.
Suppose you took the first two lines of the Christmas song or any other sng you want(Enrique's my favorite ;))

Jingle Bell Jingle Bell Jingle All The Way

Carry the first letters of each word and write it in capital

JBJBJATW


Now alter every second letter to small letters.

JbJbJaTw

Now use 6 for every b and @ for a

Therefore your new password is:

J6J6@Tw


Simple isn't it?

B: Phrase alter plus rule
This is just my modified version of phrase alter rule.
Instead of using songs I use a common word and the application name for which I want to use my password.
So suppose I want to make a password for linux. I would use my username(Xen in this case)and Linux and come up with a string:

XEN_LINUX


This string already has a special character( _ ) but that's not enough. I'll again alter every second letter to smaller case.

XeN_lInUx

Now every vowel is changed to @ and any one of the letter converted to a number (In this case I change l to 1)
Therefore the new password is:

XeN_1@n@x


This is nothing but an eg. to give you an idea how you can change the Phrase Alter Rule to suit your own needs.

C:Long phrase rule

It's the easiest rule.No special characters or numbers required. All you have to do is use a very long phrase as your password.
So I choose:
When in rome do as the romans do

The length of the string makes it very difficult to crack and it's very easy to remember.
<<

pibe86

Newbie
Newbie

Posts: 7

Joined: Sun Feb 08, 2009 10:10 pm

Location: Medellín Colombia

Post Sun Feb 08, 2009 10:27 pm

Re: Password Protection

hello, i am new here and new in information security, nice tutorial now i have learnt more about passs protection


thanks a lot

see u
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Feb 09, 2009 1:42 pm

Re: Password Protection

Nice write-up. I like Password Safe
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Feb 09, 2009 6:27 pm

Re: Password Protection


Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software