SIGN UP

Why are our passwords still getting cracked?

Avatar Image
AutomaticGal | 20:58 Sun 01st May 2011 | Technology
15 Answers
From a computer log on, to a facebook account, many user accounts enforce a password policy where the password being set must comply with its rules in order to continue. These password policies are applied in order to prompt the user to set a strong password so that their account is secure.

However, amongst these policies the passwords are still being broken into. Are the policies not strict enough? Are we just keeping easy passwords? do people not know the risks?

What do you think should be done?

Answers

1 to 15 of 15rss feed

Best Answer

No best answer has yet been selected by AutomaticGal. Once a best answer has been selected, it will be shown here.

For more on marking an answer as the "Best Answer", please visit our FAQ.
A lot of the problems arise because people use the same passwords (sometimes with the same usernames) on many different sites. So, for example, the fact that Sony has just lost over 70 million PSP account details might not be directly important to most of those people but if they log into their bank accounts with the same passwords they could find that they've got problems.

I'm also surprised at how many people have the same username on lots of forums (and other sites) on the internet. I'll sometimes Google an AB member's username, just to see if they're posting elsewhere on the net. (It doesn't work with 'AutomaticGal'. I've just tried!). I've quite often found out loads about people on here, including addresses and phone numbers, simply by following a few links. I'm not a stalker (I'm just naturally curious) but if I can do it so can many other people who know their way around the internet.

Chris
Question Author
lol, i don't use AutomaticGal apart from AB but i admit i do have usernames i have re-used in different places. Particularly slight variations of Kiwi and Kitty_cat2097. I do agree with a lot of the thing you have said, what do you think should be done?
I can only suggest better education. I doubt that any government-funded advertising campaigns about internet security would have much effect. All I can suggest is a voluntary code of conduct, whereby all websites put a message on their registration page advising people to use a UNIQUE username and a UNIQUE password (which they've not used anywhere else on the web).
I would have terrible trouble with that - I know my username is a bad one (I dint think of the ramifications at the time) but if I used a different username and password on different sites I would never remember them. (Although I do have a tricky password for anything involving bank details.)
Somebody once showed me a programme that you download and it creates gobbledegook passwords for you and when you need to enter a password it does it for you.
Question Author
@soph - do you remember what it was called?
Auto - If anyone wanted to crack a system they will do - you can just get a machine to to keep putting out random codes - untill one fits.
Sony seemed to have upset some people - so (who ever they upset) they forced them to take their website down - coinciding with the launch of a new product
Question Author
Tony- Yea, Brute force attacks, ive been studying them. the only flaw is that you need to have (as what ive calculated, based on a gaming rig, quad core 3.2ghz processing power AND access to the machine) two hundred million computers of that power to crack a 12 char password that has special characters, numbers and lowercase letters in two hours.
Auto - China is managing it quite well it seems
Thank goodness for that - sounds like its still quite difficult to crack then.
Question Author
@maidup - its not hard, its just very expensive. you need to remember that there are plenty of other ways that someone get gain access... just need to be vigilant.

What if we taught everyone from a younger age about the risks? computers are a necessity now. checking facebook and e-mails is as normal as making tea.
Your'e right AG, the kids should learn from a young age to use complex passwords and not to share them. They are probably more at risk as they willdo absolutely everything online eventually.
-- answer removed --
The way many passwords are stolen is from registering with slightly dodgy web sites.

A friend of mine registered with a "job" web site to post his CV. He registered with his normal hotmail userid and password.

The next day his hotmail account was hacked and loads of spam sent out to all his contacts. So probably somone from the "job" web site stole his logon detials.

So it does not matter how complex your password is, if you "give it away" on some web site or other then it does not matter how complex the password is.

So the rule is for your email system (hotmail, google mail etc) use a UNIQUE password that you use on no other web sites.

If possible have more than one email address (they are easy to set up on hotmail or gogle mail).

Keep one email JUST for family and friends and NEVER use it to register with any web sites. NEVER use the same password as this anywhere else.

Have other email addresses to register with web sites and subscribe to forums.

I have about 7 different email addresses for dfifferent things. I have 3 email addresses (called xxxxsub1, xxxxsub2 and xxxxsub3) JUST for all the web sites and forums I am subscribed to.

It does take a bit of managing, but nowadays it is worth the effort.
Question Author
@VHG - what you have described there is textbook social engineering. you make a dud site and claim you can simply login with your existing credentials and basically you have handed everything to them on a platter.
This problem, i believe is human error. when it comes to social engineering people need to be more vigilant. but with password hacking its not under your control apart from making sure you have a strong password.

What are your views on this?

1 to 15 of 15rss feed

Do you know the answer?

Why are our passwords still getting cracked?

Answer Question >>

Related Questions

Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.