© Pawas 2005 

 Pawas Articles


Shoes at Pawas

Guess My P@55w0rd


Be creative in devising your password!


In this digital age, information is a vital asset and an average user's protection is in the form of passwords. This weapon has taken on a degree of sophistication with the introduction of identity management solutions and multifactor authentication systems. With biometric technologies, for instance, users can sign-in to their computers by their thumbprint impression. Yet a number of network administrators and individual users rely on passwords as the only security tool.

In principle, every user wants perfect passwords, difficult to guess and easy to remember. Ironically in practice, users do not choose their passwords with care hence their entire password-protected life remains susceptible to risk of different kinds.

If users were as creative and original in investing passwords, as young people are imaginative in churning out nicks for chatting, half of the worlds passwords problems would be solved. But they are not. Users at any level tend to prefer easy to remember and obvious passwords, What is more, most believe that their passwords are secure, nobody is coming after the information they have or think that they have nothing to protect or hide. Some new Net users do not even bother changing a password assigned to them by their ISP when they open an account. Like users, ISP employees have a limited number of passwords and they keep repeating them for different customers. Guessing passwords for hackers is thus fairly easy.

Reading personal mails, or worst still, sending mails on your behalf or hijacking your profile in online chats using MSN messengers is bad enough. It could result in a scandalous situation. Some one may do it for fun, as a challenge, with malicious intent or as an adolescent obsession.

Countless people working on computers and on the Web use the same passwords for each e-mail account, website or online service and click "Remember on this computer" by habit. This is carelessness mistake, one which can cost your access to your email account. The ex-US Present Bill Clinton selected the name of his pet dog Buddy as a password while signing the Digital bill; a fairly easy guess for any one who knows how dear his dog is to him. Such conspicuous passwords may be easy to remember, but they do not require any cracking expertise to gain access.

Easy to remember passwords are intrinsically weak. your name, login name, date of birth, roll number, phone number or vehicle registration number, a word straight from the dictionary, figures like 12345678 or 87654321, or alphabets like 'abcdef' or 'fedcba' and surprisingly the word 'password' itself are commonly used passwords. Such passwords are even easy for other surfers to see when are punching them on the keyboard, especially if you surf from a cyber café. Tech savvy surfers tend to pick obscure passwords, suffixes or prefixes, some of the 95 ASC11 characters to make them stronger in the process.

In case of all the stereotypes, any determined person can successfully make an educated guess. Professional hackers who use dictionary attacks are able to crack such passwords in a jiffy. As per the glossary, "The term dictionary attack initially referred to finding passwords in a specific list, such as an English dictionary. Today, a brute-force approach can compute likely passwords, such as all five-letter combinations, "on-the-fly" instead of using a pre-built list. Since these threats are roughly equivalent, we use the term in the broader sense to include all brute-force attacks." Similarly, password management services like "MyPasswords" and "Figaro's Password Manager" and other cracker software and serves are available on the Web, which are not very popular and affordable locally.

When it comes to password strength, the key is uniqueness. Disguising words by mixing them, using combination of upper and lower case letters, numbers, symbols and punctuation make any password stronger. Experts say that passwords greater than eight characters, including different keyboard signs are usually strong. Remember "passwords for Microsoft Windows 2000 and Windows XP can be up to 128 characters long."

Anyone working on computers and the Web needs a wide range of usernames and passwords these days. Users should teach themselves to devise their own technique to choose a strong password and to remember them making it a game of lowest probability when it comes to guessing for professionals cracking. There simply cannot be one universal formula appropriate for every application for all the users.

Writing passwords on chits, pasting them near a workstation or writing them on the back of the keyboard may also compromise the exercise of choosing unique passwords. Changing your password frequently is a good practice. it is easy to recover a saved password if it is there on a screen masked behind those asterisk (******) by using a tiny program called DiscoverIt. but what if one forgets their Hotmail or Yahoo account password? Recovery is possible through a secret question but who cares to remember the answers to secret questions for so many accounts unless one has written 'Tinko' in response to "What is your pet's name" in all Hotmail accounts.

So what to do? The best thing is to create unique passwords and use, protect and manage them efficiently. After all, commuting on Information Superhighway is not as safe as most people think.

Written by Nabeel Khalid.



Home About us Discussion Forums Contact Us

Copyright ©Pawas, Inc 2005. All Rights Reserved.