How to Crack a Password in 3 Easy Steps
How to Crack a Password in 3 Easy Steps
With news that 1.6 billion internet username/password combinations have been stolen by a gang in Russia, it goes without saying that updating your passwords and ensuring that you use strong passwords is as important and as urgent as ever!
We often hear about the need for stronger passwords and tips for creating secure passwords, but we don't often hear why.
Cracking a password is as easy as:
- Downloading a password cracking application
- Enter in the password length, and the combinations to try (numbers, lower-case letters, upper-case letters, symbols/special characters)
- Press Go.
Basically, the program will use what is called a Brute Force method to go through every possible combination of letters, numbers and special characters within a defined set until it gets a match.
The stronger the password you use, the longer it will take for this method to match the combination that is your password.
For example: Your password is simply 12345.
Using the Brute Force method, the software will try 0, all the way to 9. Then it will try 00, 01, 02, etc. Then move to 000, 001, 002, etc. Until it finally tries 12345, and BINGO! It's cracked it. A smart program might even start at 1, then try 12, then 123; cracking your 12345 even faster.
Now compare this to a password that is also 5 characters, but has capital letters, lower case letters, numbers and special characters - 1tWo# for example. Now the program has to go through significantly more combinations to find a match. Make the password longer, and the number of possible combinations jumps even higher.
This is why it is highly recommended that you create and use passwords that are at least 8 characters long, and use a combination of numbers, lower-case letters, upper-case letters AND symbols / special characters.
Change your passwords regularly (at least every 6 months), and don't use a password elsewhere if you are using it for something sensitive like on-line banking.
The reason for changing every 6 months is keep your password fresh. If someone does manage to obtain your password, by the time they try to use it, you have already changed it.
HCD Tactic: Use a short, memorable phrase or word combination as your password. Make it something that is difficult for others to guess, swapping some characters for capital letters, and adding some numbers and symbols at the start and at the end (or anywhere in between). For example: $24ILikeCoffee68$.
There are many websites that help you to test the strength of your passwords, and can show you how quickly your password would be cracked by hackers. There are even websites that show how predictable your password is - that is, if you use words to make up your password, software can predict what the next character is more likely to be based on character combinations seen in words.
A list of on-line password strength calculators and testers:
- How Secure is my Password is a great website to test the strength of a password before using it, and the website will show you how long it would take a normal desktop computer using Brute Force software to crack your password.
- Telepathwords is also good to test how predictable your password will be for more advanced password cracking software.
- This password strength tester by rumkin.com also explains the logic behind chosing a strong password a litte better, and is worth reading.
- And the interactive brute force search space calculator provided by the Gibson Research Corporation explains everything even further.
What are your thoughts? Share on the iASP Central Facebook Page, or Get in Touch.
