Linux Today: Linux News On Internet Time.

Practical password security

Feb 10, 2009, 17:32 (1 Talkback[s])

[ Thanks to jhansonxi for this link. ]

"First, security is like a chain - it's only as strong as the weakest link. Even with a secure computer that is connecting to a secure web site using a secure network connection a weak password pretty much defeats the security. There are three ways intruders can get your password without your direct assistance. By "direct assistance" I mean you telling them (in other words, lying still works) or by writing it on a sticky note and pasting it on your computer where everyone in the room or those looking through a window can see it. The remote methods include installing spyware on your computer or the web server your are connecting to, guessing your password based on what they know about you (pet names, phone numbers, favorite foods, favorite cars, etc.), or using another computer to try every possible password (called a brute force attack).

"The last one is often used with a method known as a dictionary attack which uses dictionaries of known words to check against. This works faster because most passwords are words instead of random characters since they are easier to remember. There are dictionaries for every language. There are also dictionaries for special categories like scientific fields, entertainment, or industries. For example, a biology dictionary may contain scientific names of plants, animals, and fungi. An attacker could include it if they knew you were a biologist in case you used the name of a bacteria for part of your password."

Complete Story

Related Stories: