Passwords - Are Your Personal Accounts Exposed Without You Even Knowing?

by G.L. Bailey

It is human nature to regard any imposed rules that are forced upon us as a hassle that wed rather not have or that we could nicely do without. Even when we know that such rules are for “our own good”. Passwords tend to be regarded this way. When demanded for another password, most of us groan, grit our teeth and reluctantly comply, adding yet another password to our collection. Yet we are told that passwords are for our own protection. So is there a REALLY good reason for taking passwords seriously?

If you view the use of passwords as the keys that unlock your belongings and assets, especially banking and financial accounts, the need for very good security becomes very clear. But what does that really mean? And what makes for good security? And how is one supposed to achieve good security?

To answer these questions, it is important to understand what makes for poor security. Poor passwords are can easily undermine even the best of security systems. To assist in improving security systems, professional security analysts commonly use password testing software. This testing software is designed to exploit the weaknesses of the security systems as well as the users that utilize them.

Not only does this weakness testing software help improve security, but if used for alternative purposes, it can be used to exploit the weaknesses as well. Just as any other tool can be used for good or bad purposes, so can these tools be used for good and bad.

Many users, in their frustration, tend to use very common words as passwords - names of pets, relatives, street names, places and other common terms in the belief that they could not easily be guessed. But the reality is that password testing systems can easily “guess” such passwords - often in a matter of minutes or even seconds.

Users that believe that the use of foreign language words and other seemingly obscure words will result in hard to guess passwords are no better off. Again, the same systems can easily “guess” these passwords in as easy a manner as more commonly used words.

Even misspelled words are no more secure than common words. All of these words, names, languages, misspelled words and more are commonly available in the form of electronic dictionaries. These dictionaries are extremely thorough and are being added to constantly. To illustrate the thoroughness and size of the available passwords dictionaries, consider the following description of one available dictionary of words and phrases designed for this purpose.

“…Included in this collection are wordlists for 20+ human languages and lists of common passwords. The included languages are: Afrikaans, Croatian, Czech, Danish, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese, Latin, Norwegian, Polish, Russian, Spanish, Swahili, Swedish, Turkish, and Yiddish. Theres also a list of all the common passwords and words from all the languages with word mangling rules applied (to form other likely passwords, such as by adding capitalization or digits to words) … has over 40 million entries.” (source: Openwall Project, “Bringing security into open environments”, http://www.openwall.com/)

Notice that the range of languages available in this particular dictionary alone makes it very simple for software to guess what most people might consider to be an obscure password. And it makes what might seem to be a bizarre foreign word indifferent from a simple common words. Notice too that even common misspellings and other “mangled” words are included. The specialized software that utilizes these dictionaries can ultimately be used to gain entry to protected systems. And that includes the protected systems that you use.

The message then, is that even if a password “seems” secure and hard to guess, that in all likelihood is not the case. Unless special measures are taken.

What then is one to do? You cannot rely on common words and simple misspellings and other languages for your passwords. Instead, you need to create passwords that are highly unlikely to be in these dictionaries. There are a number of techniques that can be used to ensure resulting passwords are independent of these lists, some of which can result in quite unmanageable and unmemorable passwords. And, unless the passwords are manageable and memorable, they can result in a number of other security difficulties as well. What is really needed is the best of all techniques for secure, memorable, manageable passwords to be assembled into a simple, easy to use system.

At www.perfectpassword.com we have created simple and easy methods to create secure passwords that can avoid being compromised by these or other methods, and at the same time can easily be remembered. Visit the Easy Create and Remember Secure Passwords web site at www.perfectpassword.com to learn how easy it really is and breathe easier knowing you have secured your accounts the RIGHT way!

G.L. Bailey is an Electronics Engineer with over 30 years experience. Visit the Easy Create and Remember Secure Passwords web site at http://www.perfectpassword.com.

Here's A Few More Related Posts:
  1. Passwords
  2. How to choose (and remember) great passwords (Part II)
  3. Best Passwords
  4. Password Generators

No Responses to “Passwords - Are Your Personal Accounts Exposed Without You Even Knowing?”  

  1. No Comments

Leave a Reply