Password Cracking
>> Saturday, February 05, 2011
The problem lies with the ever increasing abilities of computers to process larger amounts of data in a smaller amount of time. A password is just a string of characters, typically only keyboard characters, which a person must remember and type into a computer terminal when required....
Passwords that are too complex for a person to remember easily can be discovered by a cracking tool in a frighteningly short period of time.
Dictionary attacks, brute force attacks, and hybrid attacks are all various methods used to guess or crack passwords.
The only real protection against such threats is to make very long passwords or use multiple factors for authentication.
Requiring ever longer passwords causes a reversing of security due to the human factor.
People simply are not equipped to remember numerous long strings of chaotic characters.
But even with reasonably long passwords that people can remember, such as 12 to 16 characters, there are still other problems facing password only authentication systems.
Which include:
- People who use the same password on multiple accounts, especially when some of those accounts are on public Internet sites with little to no security.
- People who write their passwords down and store them in obvious places.
- Writing down passwords is often encouraged by the need to frequently change passwords.
- The continued use of insecure protocols that transfer passwords in clear text, such as those used for Web surfing, e-mail, chat, file transfer, etc.
- The threat of software and hardware keystroke loggers
- The problem of shoulder surfing or video surveillance.
- Password theft, password cracking, and even password guessing are still serious threats to IT environments. The best protection against these threats is to deploy multifactor authentication systems and to train personnel regarding safe password habits.