Log in

Hackers Explore New Territories for Cracking Your Password

Hackers Explore New Territories for Cracking Your Password

  • Comments 2
  • There are alternatives to passwords with random gibberish that are still virtually uncrackable but very easy to remember: Pick a nonsensical "passphrase" of 4-5 words or so.  XKCD (a webcomic) explains it pretty eloquently at: http://xkcd.com/936/

    The short version is -- as long as your nonsensical phrase (e.g. "correct horse battery staple") doesn't exist as a common saying anywhere (e.g. don't use the one I just provided, it's pretty common) -- it's going to be a lot harder for a computer to try guess it.  Even if the computer was trying words in a dictionary instead of individual combinations of letters, there are a LOT of words in the dictionary, and it has to get the right combination.

    The drawback is most websites won't let you supply a password that only has letters in it -- a few even impose length limits on your password.  (Though I have seen one site that allowed either a minimum of ~8 characters of gibberish or 20 characters of just letters).  

    Also, if you're using the same username and password everywhere it only takes one site to be compromised to potentially leak out your password to other sites.  If your Techsoup password is the same as your email password and a hacker get a hold of it somehow, they now have access to your email.  And how many sites have you used where you could get a password reset email sent to your email?  The hacker might now have access to them as well.

    This is one of the most compelling reasons to use a password manager.  If you use the above-mentioned LastPass or similar (I use KeePass personally), you can use a good passphrase to protect your password database, and then use truly random passwords on every site you visit.  Thus, if something happens at one site, the damage is limited only to that site.  I make a few exceptions -- I rely on a memorized Google password (but I have 2-factor authentication on the account), as well as a small handful of things where I can't always rely on having my password manager available.

  • Thanks so much for your comment, Dewin! Some really great advice here. Also, I love XKCD -- going to share that comic with our community on Twitter.