So writes Simon Black (sovereignman.com) in edited excerpts from his original article* entitled Think Your Password Is Secure From The NSA? Try This.
[The following article is presented by Lorimer Wilson, editor of www.munKNEE.com and the FREE Market Intelligence Report newsletter (sample here) and may have been edited ([ ]), abridged (…) and/or reformatted (some sub-titles and bold/italics emphases) for the sake of clarity and brevity to ensure a fast and easy read. This paragraph must be included in any article re-posting to avoid copyright infringement.]
Black goes on to say in further edited, and paraphrased in some instances, excerpts:
Think Again – Your Probably Password Is NOT Secure
Let’s be honest. A lot of people use the same password over and over again across multiple websites, like email, bank accounts, and social media. Sometimes these passwords can be a bit elementary – the dog’s name; a daughter’s nickname plus her birth year; a favorite chocolate syrup – but these types of passwords won’t typically thwart government agencies that are keen to spy on their citizens. They can easily be cracked in a matter of minutes. [Think yours is particularly secure? Check it out by going here. (You don’t have to sign up, you can just type in a password and see for yourself.)
I was never a crypto specialist while in the intelligence business, so I studied the issue for the last few months to find out about the latest password cracking algorithms.
It turns out that most things we think about password security are completely wrong. [While] it seems like every website these days has a particular password format they require you to use…[such as perhaps] at least one upper case character, one lower case, one number, one ‘special character’, and at least seven characters…it turns out [the resultant password]…isn’t very secure at all. [The only point of their specific requirements is] to cover their own butts in case your account gets hacked, so they can say that they advised you to use the industry ‘best practices’ for a secure password.
Most password cracking algorithms have adapted, particularly as a lot of people use ‘dictionary’ words in their passwords. For example, instead of “sunshine”, one may use “5unshinE!”, substituting a 5 for the s, capitalizing the E, and adding an exclamation point. The first password, “sunshine”, is considered to be highly vulnerable based on industry convention, but “5unshinE!” is considered to be much more secure. It turns out that both passwords can be cracked by modern algorithms almost instantly. Neither is secure.
Enrophy – Randomness & Disorder
Since cracking algorithms succeed by picking up patterns in human behavior, the key to a secure password is randomness and disorder. In the security business, this is known as entropy.
It’s difficult for a human being to fake randomness and disorder so one easy way to achieve this is to use a password generator tool that incorporates entropy. Go here and give it a try. On this website, you move your mouse around randomly, and the website’s software incorporates these random mouse movements into its password generation code. The passwords that it generates are far more secure, taking centuries to crack instead of mere seconds.
Take a few minutes out of your life to check your own password vulnerability, and come up with an alternative that’s far more secure.
*http://www.sovereignman.com/personal-privacy/think-your-password-is-secure-from-the-nsa-try-this-12467/ (© Copyright 2012 Sovereign Man, All rights reserved)
Related Articles from the munKNEE Vault:
In this article I explain why you should seriously consider internationalizing your domain name, teach you some basic terms so that you can understand how to choose the jurisdiction of your domain name (as well as make sure that your personal or business information is not leaked out into the public domain) and tell you how to do it. Read on!
The overreach of the “War on Terror” and heavy-handed copyright laws lend the cover for any US agency to monitor and control your Internet activity. These, and myriad other laws, mean that your personal/business website can be seized at the drop of a hat under the flimsiest of pretexts. Fortunately, it is relatively easy and cheap to move your digital presence across borders where it can dwell in friendlier jurisdictions. Read More »
Online privacy is becoming more important…Below are five different tools and services that…you can set up…in 5 minutes. Each of them will go a long way in securing your privacy online. Words: 460 Read More »
With password leaks and dumps becoming common occurrences our lives are simply becoming too easy to crack. That string of characters you use as a password can’t protect you any more. What’s being done about improving the situation? What’s being done about making our lives more secure? This infographic attempts to answer those questions and more. Read More »
To answer the question “How much can people learn about me by simply Googling me?” just Google yourself, or as some people say, complete your own “vanity search”. You may be amazed – and perhaps even dismayed – at what is out there about you! Why should you care? Because friends, relatives, employers, recruiters, hiring managers, and even strangers may be searching for information about you on the web so shouldn’t you better control what people can learn about you online? Read More »
As our lives become increasingly digital it is easy to share more and more information online and with our phones. Some of these sites and apps that you use, however, may not be as trustworthy as you think. This extremely informative infographic shows quite clearly what is going on and what you can do to stop apps from either tracking you altogether or to the extent that they currently are.