Make good password choices, use more numbers and more special characters, make it over eight, twelve or sixteen characters long!
While you’ve probably been told some incarnation of the above advice throughout your career, you might never have been told exactly why this was. Presumably to stop hackers from getting your password and misusing it for nefarious ends?
While that explanation isn’t incorrect, its brevity offers little in the way of motivation for the average user, particularly in the face of ever more demanding password policy requirements. So how is it done? How did I figure out your password?
The answer varies depending on the system or application. If we take the most common, a generic Windows system for example, passwords are in fact put through a cryptographic process known as hashing which is then stored in the system and used to authenticate to different services over the network.
A hash cannot be de-hashed in the same way something can be decrypted. Once a password has gone through the process for being hashed, the process cannot be reversed.
Sadly not. Once a hacker has your hash he cannot reverse it, but he can try and reproduce it. This is more commonly known as password cracking. While the methods for cracking a password are varied, the hacker’s first port of call will invariably be a Dictionary based attack wherein the hacker automates the process of reproducing a hash and comparing it with yours to try and find a match.
This of course would only be successful if your password was in a dictionary. Given a reasonable password policy, the hacker’s attempt would fall short missing out on the numbers, uppercase letters and the special character you used to strengthen your password.
The hacker isn’t done just yet. Next they would modify their dictionary with a set of rules – placing special characters, mixing case and adding numbers at different locations. This is usually where the human brain trips up, using familiar patterns making the hacker’s job far easier.
Take a look at the passwords below and if the positioning of uppercase, numeric and special characters looks familiar, consider changing your password for something more unique.
Note that the word “dictionary” is used as a placeholder for any dictionary word and any of the above would be cracked within the space of a few seconds to a few hours.
Did I guess your password? Perhaps I was close? If so consider switching up your password for a more secure passphrase.
If you want to give yourself the very best protection against cyber security threats then try our CyberScore software for free now.
CyberScore™ is a software tool that helps organisations of all sizes improve their cybersecurity by scanning their network and highlighting vulnerabilities including weak passwords.
Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com and if you want to give yourself the very best protection against cybersecurity threats try our CyberScore™ software for free now.