How to Choose a Password? - GoTechTalk


Sunday, August 12, 2018

How to Choose a Password?

When you really stop and think about it we live in a depressingly insecure un-secure both of them probably world chances are the only thing standing between your stuff and a bad guy are some very shatter able windows you're only a few feet from hitting another car head-on when you drive down the street and your private conversations and finances are kept safe online by a short string of characters, I mean I'm not trying to make you feel afraid or paranoid or anything, but what I am trying to do is highlight the importance of password security.

Many people are unaware that simply putting a password on something does not make it all that safe, especially as lots of commonly used passwords, are about as secure as a screen door in a hurricane, I mean obviously passwords like QWERTY one-two-three-four and the name of your favorite sports team are horrible choices because they're incredibly easy to guess, but if you pick something that's obscure and difficult for someone who doesn't know you. Does that necessarily even mean that safe well that all depends on the way passwords are stored secure websites hash your password meaning that it is passed through an algorithm that is extremely difficult to reverse with the output being what's stored on the server, the problem though is that because many sites use the same algorithm such as the one in the commonly used SHA (Secure Hash Algorithm) series an attacker can run lots of common and or short passwords through the hash quickly and then compare that to hashed passwords stored on a server to see if any of them match and even though this can be prevented using a technique called salting which adds a random numerical string to your password before running it through a hash many secure websites don't bother salting meaning it can actually be quite easy for an attacker to guess your password with brute force which means simply try as many passwords as they can until one works, in fact, most eight character passwords can be cracked in only a couple of days using this method with a reasonably powerful modern PC.

Fortunately though the solution is actually quite simple, use longer passwords having a pseudo-random password with just twelve characters instead of eight means it could take thousands of years for someone to brute-force your password instead of a couple days and if they eventually do succeed you'll probably be too dead to care of course you also want to make sure that your longer password doesn't incorporate other common password mistakes even a long password made up of shorter dictionary words or containing repeated strings of characters can be vulnerable due to those individual elements being easier to guess so while length is probably the most important variable the best thing to do is to use long passwords made up of random characters including symbols, but how am I going to remember a huge password with a bunch of pound signs and colons in it, well there are quite a few password managers out there that not only store and autofill your passwords but also generate pseudo random passwords quickly so you can use a different one for every site just make sure that whichever password manager that you're using stores all your passwords with heavy encryption including salting and yes there is a reason I keep saying pseudo-random by the way instead of random software random number generators that pump out random passwords can never be truly random as they work by performing operations on a small initial number called a seed which introduces slight bias for certain characters of course for the purposes of creating a secure password this bias is negligible for most users so don't worry about that too much because after all in a universe where every action has some kind of a consequence can anything be truly random.

Alright, guys, that's the end of the blog, thanks for reading the whole way through if you enjoyed this blog please share it with someone who would be interested and leave a comment, Thanks for reading guys.

No comments:

Post a Comment