|
 Much has been said on the theory of
password protection for files, computer login, and other
network access. In the past we used a combination of
letters, special characters, and other techniques to try
and prevent unwanted or unauthorized access to our
computers, resources, and networks. A new theory on
passwords is emerging that may help us remember our access
codes, be more secure, and generally keep hackers and
thieves out of our networks.
A password is a combination of words, letters, and special
characters that only the user knows, allowing access to a
computer or other information resources. As humans we have
a large number of codes and numbers we need to remember
every day – such as the key lock on our apartment
entries, national identification numbers, automobile
license or tag numbers, telephone numbers – it is a
large and confusing suite of items we need to memorize.
When selecting a new password or pass code for access to a
computer system, most of us understand how difficult it is
to remember complex codes, and thus we select something
already known to us, such as names, birthdays, national
identifiers, or other known items, and then place a number
or character in front of the name or number thinking it is
secure. This is easy to understand, as most of us simply
do not have an ability to instantly recall large numbers
of complex codes.
In a worst case we simply write down the complex code on a
piece of paper, and leave it in a desk, our pocketbook, or
in many cases taped to the front of our computer monitor.
However, to a hacker this makes access to your network or
computer much easier, at they generally only have to learn
a couple things about you, and add a few numbers to the
front or ending of your personal data – you would be
surprised how often this grants access to computers and
networks. Ad some good “cracking utilities” to the
hacker’s suite of tools, and you can understand the
threat.
PassPhrases are a concept that will
help us create more secure, easy to remember safeguards
for our computer and network resource protection. A
passphrase is a selection of words and/or numbers that are
15 characters or more in length, and are easy for us to
remember. A couple examples of a good pass phrases are:
•igotodalaieejdaily
•shehasbeautifulhair
•surfinginhawaiiisgreat
According to Mark Minasi, a noted security consultant, a
15 character pass phrase will require a cracking program
the following number of computations to try and break a 15
character pass phrase:
•15 lowercase letters = 1,677,259,342,285,725,925,376
possibilities
•Try a million a second, it’ll take 531,855
centuries/years to break the code
As you can see, this is a pretty good level of security
for your resource.
Another concern with passwords is if you forget or lose
the password, and are using a utility like Microsoft’s
Encrypting File System (EFS), you run the risk of losing
all access to your important files if you require a
hardware reset of your password. All EFS encrypted files
are linked to your login profile, meaning if you encrypt a
directory or file with EFS, and you do a hardware reset on
your computer, those files and directories are lost
FOREVER.
For Microsoft Windows users you can now also use spaces
within your pass phrase, however we would not recommend
embedding spaces in your pass phrase, as that actually
does allow a cracker better access to getting your code
– it may help them crack it in 100,000 years rather than
250,000!
|
