ChatterBank0 min ago
Why are our passwords still getting cracked?
15 Answers
From a computer log on, to a facebook account, many user accounts enforce a password policy where the password being set must comply with its rules in order to continue. These password policies are applied in order to prompt the user to set a strong password so that their account is secure.
However, amongst these policies the passwords are still being broken into. Are the policies not strict enough? Are we just keeping easy passwords? do people not know the risks?
What do you think should be done?
However, amongst these policies the passwords are still being broken into. Are the policies not strict enough? Are we just keeping easy passwords? do people not know the risks?
What do you think should be done?
Answers
Best Answer
No best answer has yet been selected by AutomaticGal. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.A lot of the problems arise because people use the same passwords (sometimes with the same usernames) on many different sites. So, for example, the fact that Sony has just lost over 70 million PSP account details might not be directly important to most of those people but if they log into their bank accounts with the same passwords they could find that they've got problems.
I'm also surprised at how many people have the same username on lots of forums (and other sites) on the internet. I'll sometimes Google an AB member's username, just to see if they're posting elsewhere on the net. (It doesn't work with 'AutomaticGal'. I've just tried!). I've quite often found out loads about people on here, including addresses and phone numbers, simply by following a few links. I'm not a stalker (I'm just naturally curious) but if I can do it so can many other people who know their way around the internet.
Chris
I'm also surprised at how many people have the same username on lots of forums (and other sites) on the internet. I'll sometimes Google an AB member's username, just to see if they're posting elsewhere on the net. (It doesn't work with 'AutomaticGal'. I've just tried!). I've quite often found out loads about people on here, including addresses and phone numbers, simply by following a few links. I'm not a stalker (I'm just naturally curious) but if I can do it so can many other people who know their way around the internet.
Chris
I can only suggest better education. I doubt that any government-funded advertising campaigns about internet security would have much effect. All I can suggest is a voluntary code of conduct, whereby all websites put a message on their registration page advising people to use a UNIQUE username and a UNIQUE password (which they've not used anywhere else on the web).
Tony- Yea, Brute force attacks, ive been studying them. the only flaw is that you need to have (as what ive calculated, based on a gaming rig, quad core 3.2ghz processing power AND access to the machine) two hundred million computers of that power to crack a 12 char password that has special characters, numbers and lowercase letters in two hours.
@maidup - its not hard, its just very expensive. you need to remember that there are plenty of other ways that someone get gain access... just need to be vigilant.
What if we taught everyone from a younger age about the risks? computers are a necessity now. checking facebook and e-mails is as normal as making tea.
What if we taught everyone from a younger age about the risks? computers are a necessity now. checking facebook and e-mails is as normal as making tea.
-- answer removed --
The way many passwords are stolen is from registering with slightly dodgy web sites.
A friend of mine registered with a "job" web site to post his CV. He registered with his normal hotmail userid and password.
The next day his hotmail account was hacked and loads of spam sent out to all his contacts. So probably somone from the "job" web site stole his logon detials.
So it does not matter how complex your password is, if you "give it away" on some web site or other then it does not matter how complex the password is.
So the rule is for your email system (hotmail, google mail etc) use a UNIQUE password that you use on no other web sites.
If possible have more than one email address (they are easy to set up on hotmail or gogle mail).
Keep one email JUST for family and friends and NEVER use it to register with any web sites. NEVER use the same password as this anywhere else.
Have other email addresses to register with web sites and subscribe to forums.
I have about 7 different email addresses for dfifferent things. I have 3 email addresses (called xxxxsub1, xxxxsub2 and xxxxsub3) JUST for all the web sites and forums I am subscribed to.
It does take a bit of managing, but nowadays it is worth the effort.
A friend of mine registered with a "job" web site to post his CV. He registered with his normal hotmail userid and password.
The next day his hotmail account was hacked and loads of spam sent out to all his contacts. So probably somone from the "job" web site stole his logon detials.
So it does not matter how complex your password is, if you "give it away" on some web site or other then it does not matter how complex the password is.
So the rule is for your email system (hotmail, google mail etc) use a UNIQUE password that you use on no other web sites.
If possible have more than one email address (they are easy to set up on hotmail or gogle mail).
Keep one email JUST for family and friends and NEVER use it to register with any web sites. NEVER use the same password as this anywhere else.
Have other email addresses to register with web sites and subscribe to forums.
I have about 7 different email addresses for dfifferent things. I have 3 email addresses (called xxxxsub1, xxxxsub2 and xxxxsub3) JUST for all the web sites and forums I am subscribed to.
It does take a bit of managing, but nowadays it is worth the effort.
@VHG - what you have described there is textbook social engineering. you make a dud site and claim you can simply login with your existing credentials and basically you have handed everything to them on a platter.
This problem, i believe is human error. when it comes to social engineering people need to be more vigilant. but with password hacking its not under your control apart from making sure you have a strong password.
What are your views on this?
This problem, i believe is human error. when it comes to social engineering people need to be more vigilant. but with password hacking its not under your control apart from making sure you have a strong password.
What are your views on this?
Related Questions
Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.