Is your online password strong?

[ShadowSoldier]

Passwords for online, forums, facebook/myspace/twitter and other sites are important to people. Especially if that site holds personal information. And more often than not, the user has a crap password thinking it's strong. It could be anything like [first pets name]01 or your birth year, or someone you know and some random numbers. Or your password, happens to be password. If your password is anything that anybody would be able to solve just by giving a good thinking over you, then you have a shit password.

After the evens that happened with the hacking over at Gawker Media, LifeHacker posted an article to help aid you in selecting passwords.


LifeHacker.com - "How I'd Hack Your Weak Passwords"

1. Your partner, child, or pet's name, possibly followed by a 0 or 1 (because they're always making you use a number, aren't they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. "password"
5. Your city, or college, football team name.
6. Date of birth – yours, your partner's or your child's.
7. "god"
8. "letmein"
9. "money"
10. "love"

Statistically speaking that should probably cover about 20% of you. But don't worry. If I didn't get it yet it will probably only take a few more minutes before I do…

While you may think your password for sites like GBAtemp or your hotmail/yahoo/gmail is strong, if your password has anything to do with those 10, then you have a crap password.

One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.

So, how would one use this process to actually breach your personal security? Simple. Follow my logic:

• You probably use the same password for lots of stuff right?
• Some sites you access such as your Bank or work VPN probably have pretty decent security, so I'm not going to attack them.
• However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you've shopped at might not be as well prepared. So those are the ones I'd work on.
• So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
• Once we've got several login+password pairings we can then go back and test them on targeted sites.
• But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser's cache. (Read this post to remedy that problem.)

Never noticed how easy it was to hack your stuff, did you?

QUOTE

Here are some password tips:

1. Randomly substitute numbers for letters that look similar. The letter ‘o' becomes the number ‘0?, or even better an ‘@' or ‘*'. (i.e. – m0d3ltf0rd… like modelTford)
2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
3. Think of something you were attached to when you were younger, but DON'T CHOOSE A PERSON'S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn't work if you don't use the same password everywhere.
6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you'd like to download it without having to navigate their web site here is the direct download link. (Ed. note: Lifehacker readers love the free, open-source KeePass for this duty, while others swear by the cross-platform, browser-based LastPass.)
7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
8. Once you've thought of a password, try Microsoft's password strength tester to find out how secure it is.

I've recently been following these tips, and my passwords have drastically changed. I've been using RoboForm as the article suggests, and I've been using Password Checker.

Microsoft Password Checker

And if you're too lazy to read, RoboForm is something that you can download for free, it stores all your passwords, encrypts them, and there's an autofill button. So say if I'm logging into Hotmail, I click on the Logins tab, click "Live" and my email and password automatically fill in. There's a master tool that gets installed on your computer where you can see all of your passwords as well. Or you can also see them in your Internet Browser. There's also a "Generate" button which will generate random passwords for you, that are only a couple letters long. Not enough to protect you, but combine that with whatever crazy fucked up password you come up with, and you'll get a strong password. It takes a little getting used to, but in the long run, it could protect your ass before it's too late.

And lets be honest, if other sites can get hacked, what makes you think GBAtemp is stronger? PROTECT YOUR ASSES PEOPLE!

Roboform Download

 

[431unknown]

Nice tips thanks for the thread.

 

[ShadowSoldier]

I gotta convince my parents to do this. They do online banking and all that fancy new age crap, and they have extremely weak passwords. Hell, I went to my parents computer, typed in the first thing that came to mind, I was able to get into her email and facebook.

 

[nryn99]

haha, wheneve i create a password i just think of random stuff. even i myself forget what my password is. so i keep a list. but that's good for other people.

 

[ShadowSoldier]

If you ever forget your password for a site in case you want to change it, RoboForm allows you to either show your password as stars, or the actual password, in the control panel of roboform.

And crap, I can't remember my password for GBAtemp...

 

[431unknown]

I'm going to have to do this when I get time I know my passwords are kinda weak.

 

[nryn99]

And crap, I can't remember my password for GBAtemp...

that's why it's always good to have a backup

 

[ShadowSoldier]

And crap, I can't remember my password for GBAtemp...

that's why it's always good to have a backup

Nah I just signed out and did the reset password thing.

 

[Stephapanda]

I am confident that no one would be able to guess my passwords.

 

[ThatDudeWithTheFood]

i have the greatest passwords of all time like chairsarecool thats one of them but you won't know to what site and even if u did it wouldnt matter

 

[Sop]

I am confident that no one would be able to guess my passwords.

Me too.

 

[trumpet-205]

I always use a password generator to generate a password, use it for a year, then generate another password.

 

[Vigilante]

My password is really strong
I bet no one can easily hack it except with extrem luck

 

[ShadowSoldier]

A lot of confident people here.. apparently they know how programs hack and sort out codes...

 

[Vigilante]

A lot of confident people here.. apparently they know how programs hack and sort out codes...

IF passwords are easy to hack then why is it that costellos acount was never hacked

 

[ShadowSoldier]

A lot of confident people here.. apparently they know how programs hack and sort out codes...

IF passwords are easy to hack then why is it that costellos acount was never hacked

You ever consider he has a good password? Or maybe that nobody decided to hack GBAtemp at all?

Also, "chairsarecool" is a weak password.

 

[nryn99]

hmm, what about llumierre, scoutsgameplay, arcadia, roux, famitsu? are those weak? those are what i use for offline files. and they last for only 1-3 months then i change password again.

 

[Stephapanda]

Those are pretty weak IMO.

 

[ShadowSoldier]

llumierre = weak
scoutsgameplay = strong
arcadia = weak
roux = weak
famitsu = weak

And that's on a scale of 4.

1=weak
2=medium
3=strong
4=best.

 

[nryn99]

ehh really? well it's okay, it's just to prevent my younger sisters to open what i've hidden.