![]() ![]() To illustrate the difference, I thought I’d run a test on the kind of password strength meters that web developers are likely to include in a website. They know that we use 0s instead of Os and 4s instead of As, and they know that we tend to put our upper case letters, special characters and numbers at the beginning and end of our passwords. They know that some words are used more often than others and they know about the cute tricks and bad habits we use to obfuscate them. Modern password cracking is about making smart guesses in the order that’s most likely to yield the greatest number of cracked passwords for the least effort.Īttackers can feed their cracking software with huge repositories of real words and then create rules to modify those words in the same way we do when we create passwords. The reality is that some guesses are far better than others because our password choices are not random – they’re underpinned by patterns and habits. That helps determine a password’s ability to withstand a brute force attack (an attacker making guesses at random), but being resistant to brute force attacks is only useful if that’s what an attacker is going to do, and it probably isn’t.Ī brute force attack assumes that all guesses are equally good. Simple password meters check the length and entropy of the password and have checklists for the kinds of things that users are advised to include in their passwords mixtures of upper and lower case letters, numbers and special characters, for example. The next best option is to try to work out what characteristics passwords that are difficult to crack share, and to check for those instead. ![]() ![]() The best way to determine how difficult it is to crack a password is to try doing just that.īut attempting to crack passwords requires lots of time and lots and lots of processing power, and it isn’t a practical solution for websites. The trouble is, they don’t quite do that. The meters are designed to help users understand if their password choices will resist attempts to crack them. Website owners can employ a range of measures to help users choose better, stronger passwords and one of the most popular techniques is to include a password strength meter. Passwords are a weak link in the computer security chain because they rely on us being good at something we find extremely difficult.Īnd while we aren’t getting any better at choosing strong passwords, password cracking hardware and software continues to improve relentlessly. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |