Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Great comic about password strength 1

Status
Not open for further replies.
I agree that is a good one. It is unfortunate, but passwords alone are becoming obsolete and are nearly ineffective. The computational power and search capability are making it trivial to brute force guess a password or perform a lookup via a rainbow table which is negating the benefits of hashing too.

Using a combination of words, which dramatically increases the length may help. Adding in some numbers and symbols and multiple case to expand the character set will help too. On the down side would be knowing, or at least suspecting, that a combination of words was used which will reduce the combination set.

It is also important to use methods to slow down a cracking attempt, such as using temporary lockouts after a few failed attempts.

I have also been seeing an increased trend towards a multi factor authentication using a combination of passwords and cryptographic keys, which is significantly more secure and only slightly more complicated for the user.
 
Yeah - it blows peoples minds when I explain how "Mary had a little lamb" is as good a password as "Q2fg!x5"

 
Well, there are still a lot of Unices that only use 8 characters of the password to generate the hash. That is, "supercal" has the same hash as "supercalifragilisticexpialidocious".

I used to give out passwords that long to new users to mess with them. They would get in fine as long as the first eight characters were correct.

Still, 8 lower case alphabetic characters is a pretty small name space (26^8). That's pretty easy to crack with brute force. When you add caps, numeric digits, and punctuation, the name space gets huge (70+^8). That's much harder to crack using brute force.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top