Before we get started on how to create a hard-to-crack password, let's look at the type of weak passwords that are overused and easy to break. How easy you ask? Well, there is a free and easy-to-obtain program called Crack that can be used to systematically attempt to guess your password, trying out millions of passwords in a matter of hours through the use of an internal dictionary. This dictionary checks against every known word, in just about every language, with all standard manipulations, including character replacements, common misspellings, and letter reorderings. It also checks against names in every language (including the Chinese phone book). If that were not bad enough, it also checks against common character patterns, fictional characters and places, and every real place in the galaxy that has a name. In addition it also checks every date in every format. In other words, if it is a person, a time, an event, a place, a thing, or even a thing's place, or a person's thing, it is a bad idea to use it as a password. Hackers use programs such as this to conduct what are known as brute-force password attacks, meaning they use a program to keep trying password after password until they get a hit. Weak passwords make it much easier for such attacks. Table 8-1 shows some specific examples of weak passwords.
These are just a few examples of weak and easily cracked passwords. In general, if you use something familiar to you, Crack and other programs like it will figure it out. Also, you should never use personal information such as dates, login names, Social Security numbers, or any other number associated with you for your password. Now that we have probably convinced you to change all your passwords, let's look at what it takes for a password to be considered strong. |