I’m one of the resident “Password Hawks” in our office. Our techs consistently tell people to create stronger passwords because it is still one of the most common ways a hacker is able to infiltrate a network.
However, we live in an age where it’s not just hackers who are trying to steal an organization’s data. There are also a variety of malcontents who simply want to hack into someone’s account in order to embarrass them, confirm something negative about them, or be a nuisance by sending spam.
This is why it is important to create a strong password; one that will not be easily cracked.
Enter password analyzer tools. Sophos’ “Naked Security” blog posted a great article today about the often misleading security policies of popular online social sites. Developer Cameron Morris discovered that if he followed one social site’s policy, he actually created a more easily “crackable” password than the one they deemed weak.
About three years ago, developer Cameron Morris had a personal epiphany about passwords, he recently told ZDNet’s John Fontana: The time it takes to crack a password is the only true measure of its worth.
Read the rest of the article here.
There is a free analyzer you can use and I strongly suggest you test the strength of your passwords with it.
Also, Morris created a tool for administrators that would allow them to configure a password policy based on the time to crack, the possible technology that an attacker might be using (from an everyday computer on up to a $180,000 password attacker), and the password protection technology in use (from Microsoft Windows System security on up to 100,000 rounds of the cryptographic hash function SHA-1/).
OWASP Password Creation Slide-Tool
This is one of the best articles I’ve read on password security, plus it has tools for both the end-user and the administrator. Test them out yourself to see if you have a password that can resist a hacker!
As for me, I think I need to do a little more strengthening…
Have a great Memorial Day weekend (for our U.S. readers) and stay safe out there!
Hooray! An #Open-Source #Password Analyzer Tool! http://t.co/HIVlMTiw #security
Hooray! An Open-Source Password Analyzer Tool!:
I’m one of the resident “P… http://t.co/04PKFjGZ #OWASP #AppSec
Hooray! An Open-Source Password Analyzer Tool!:
I’m one of the resident “Password Hawks” … http://t.co/L1RixWhf
Pingback: Week 21 in Review – 2012 | Infosec Events