Crack-proof Passwords

Your passwords may not be very secure, even if you think they are. Find out how you can create robust passwords

Everyone has to keep track of dozens of passwords: for network accounts, online services, premium websites, ATMs or credit cards. It’s difficult to remember all of them, so some write their passwords on a piece of paper, leaving their accounts vulnerable to thieves or in-house snoops. Others choose the same password for different applications which makes life easy for intruders of all kinds. According to a recent survey, nearly 50% of users have the same password for all the sites they visit on the Internet. Moreover, almost 90% of them don’t change their password periodically. Imagine what would happen if any of your accounts were to be hacked; the hacker would gain access to all your email, bank and social networking accounts and may even wipe out your presence from the Internet!
Just for a scare, try this: search your email for some of your own passwords. Most probably, you will find a lot of your own passwords, either because you have emailed them to yourself or because some websites email your password when you register or when you click on the ‘I forgot my password’ link. So, if a hacker manages to access your email, he can easily break into your other accounts.

You can prevent this from happening by creating passwords that are difficult to crack. Unfortunately, increasingly sophisticated technology, coupled with our own carelessness, may render even supposedly ‘robust’ passwords vulnerable to attack by an experienced hacker.

So, how can you create a truly secure password? Although no password can be 100% secure, you should use a combination of words, digits and special characters to create a password that will be difficult to crack. It’s also important to be aware of the methods used by hackers to crack a password.

According to Eric Thompson, founder of AccessData (a technology forensics company that helps detect and investigate cases of fraudulent data access), most passwords follow a pattern. (In fact, AccessData has developed a ‘password-guessing’ software). He says that people, typically, choose a readable word as the base for a password—it may be a word that is pronounceable in English but not included in a dictionary. When pressed to add a numeral or symbol to make the password more secure, most people add ‘1’ or ‘!’ to the end of that word.

AccessData’s software, which uses a ‘brute force’ technique that tries thousands of passwords until it guesses yours correctly, can easily figure out such common passwords. When it incorporates your computer’s web history into its algorithm—including all your information on Twitter, Facebook and other such sites—AccessData’s software can come up with a list of passwords that is highly likely to include yours as well.

AccessData’s research found that a typical password consists of a root word plus an appendage. The appendage is a suffix to the root word in 90% of the cases.
The first operation of the AccessData software is to test a dictionary of about 1,000 common passwords, like ‘letmein’, ‘password1’, ‘123456’ and so on. Then, it tests each of these words with about 100 common suffix appendages, like ‘1’, ‘4u’, ‘69’, ‘abc’, ‘!’ and so on. Believe it or not, the software recovers about 24% of all passwords with these 100,000 combinations.

Then, the software scans a series of increasingly complex ‘root dictionaries’ and ‘appendage dictionaries’. The ‘root dictionaries’ include a common word dictionary (5,000 entries); names dictionary (10,000 entries); comprehensive dictionary (100,000 entries); and phonetic pattern dictionary (1/10,000 of an exhaustive character search).{break}

The software runs an exhaustive four-character-string search of each dictionary—the most common lowercase, the second most common initial uppercase, all uppercase and final uppercase. It also runs the dictionaries with common substitutions: ‘$’ for ‘s’, ‘@’ for ‘a’, ‘1’ for ‘l’ and so on. The appendage dictionaries include all two-digit combinations, all dates from 1900 to 2009, all three-digit combinations, all single symbols, all single-digit plus single-symbol and all two-symbol combinations.

This exhaustive process succeeds in cracking even the most ‘foolproof’ passwords. The company’s research indicates that the ‘sweet spot’ of a typical password is a seven- to nine-character root plus a common appendage and that it’s much more likely for someone to choose a hard-to-guess root than an uncommon appendage.

The good news is that you can use certain techniques to create robust passwords that cannot be cracked even by using such sophisticated software programs. Choose a password that doesn’t contain a readable word. Mix upper- and lower–case letters. Use a number or symbol in the middle of the word, not at the end. Don’t just use ‘1’ or ‘!’, and don’t use symbols as replacements for letters, such as ‘@’ for a lowercase ‘a’. And, of course, create unique passwords for different sites.

Confused? Think it will take too much time? It needn’t be that difficult to create a robust password if you follow some simple rules. Rule No. 1 is to start with an original but memorable phrase—for example, ‘Moneylife says know what’s coming’ or ‘My first Maruti was a real lemon so I bought a Toyota’. The phrase can be anything, but make sure it’s something you can remember easily without writing it down.

Next, convert the simple phrase into an acronym. Be sure to use some numbers, symbols and capital letters, too. Thus, ‘Moneylife says know what’s coming’ can become ‘MLskwc’ or [email protected]; and ‘My first Maruti was a real lemon so I bought a Toyota’ can become ‘M1stMwarlsIbaT!’

That’s it! These mnemonic passwords are hard to forget, but they contain no guessable English words. Using the same method, you can also create site-specific passwords; for example, ‘It’s 45 degrees in May, so I use Gmail’ can become ‘i50dgiMsIuG’ (50 is not the real temperature; it’s for the month number multiplied by 10). Based on the phrase, you can change your password almost every month; for November, it becomes ‘i110dgiNsIuG’ and for March, it’s ‘i30dgiMsIuG’ and so on.

However, there is no need to use robust passwords for every site you visit. For general sites which don’t affect you personally or financially, use simple phrases to create passwords. Reserve your strongest, most distinct passwords for critical services—like your bank account, your computer and your personal e-mail.
You should also avoid using a public computer because the Windows operating system’s memory management feature retains any data that you input in the normal course of operations. When you type your password into a program, it gets stored in the system memory. When Windows swaps the page out to disk, it becomes the tail-end of some file on your hard drive, and it will sit there forever. Linux and Mac OS are no better in this regard.

There is one more password you will always need to remember—your ATM personal identification number (PIN). Although your bank provides the PIN, it is advisable to change it. Many banks offer the facility to change your PIN by using the ATM. The PIN consists of just four numbers, making it difficult to create another secure PIN; but you can do so by using your imagination. For example, you can use your mobile handset to create a robust and yet easy-to-remember password: your root phrase ‘Moneylife says know what’s coming’ becomes 6592 (using the digits corresponding to the first letter of each word—6 for ‘Moneylife’, 5 for ‘know’, 9 for ‘what’s’ and 2 for ‘coming’); and ‘My first Maruti was a real lemon so I bought a Toyota’ becomes 6758.

So, what are you waiting for? Can you create a robust and safe password using something like “Mahabharat mein Ghatotkach, jo ki Bhima ka putra tha, mara gaya” or “Yudhishthir ne kaha naro wa kunjaro”!

Like this story? Get our top stories by email.

User

Nissan launches its ‘370Z’ sports car in India

Nissan Motor has launched its iconic sports car 'Nissan 370Z’, the sixth generation of the Nissan Z-car line, at Rs53.50 lakh onwards

Nissan Motor India Pvt Ltd has launched its iconic sports car 'Nissan 370Z' in the country, priced between Rs53.50 lakh to Rs54.50 lakh (ex-showroom New Delhi). The 370Z is the sixth-generation of the Nissan Z-car line, succeeding the 350Z.

Kiminobu Tokuyama, managing director and chief executive, Nissan Motor India, said, "The 370Z is an authentic sports car that you don't have to make sacrifices to own—or drive—everyday. We believe that the 370Z will create an aspirational value for the Nissan brand in the country as we gear up for the launch of our first made-in-India car in 2010."

"The luxury car market in India has registered a fair amount of growth in the last few years and is growing at a significant rate every year. The emphasis has shifted from pure price consideration and affordability to design, quality and pleasure. The 370Z provides passionate performance at an excellent value—just what sports car enthusiasts are looking for today," said Abhijit Pandit, vice president for operations, Hover Automotive India Ltd.

The Nissan 370Z is powered by a standard 333 PS and 363 Nm Torque, VQ37VHR 3.7 L double overhead camshaft (DOHC) V6 engine with variable valve event and lift control (VVEL). The 370Z comes with a two-seat layout, built around a deeply scooped instrument panel with a full-length centre console separating the driver and passenger's seat. In the rear is an open cargo area with enhanced storage and accessibility. 

The Nissan 370Z 6-speed M/T with Synchro Rev Match is priced at Rs53.50 lakh and the Nissan 370Z 7-speed A/T with Manual Shift Mode is priced at Rs54.50 lakh, both prices ex-showroom New Delhi.
 

Like this story? Get our top stories by email.

User

COMMENTS

370Zprice sucks

9 years ago

RIDICULOUS DISGUSTING HORRIBLE PRICE FOR THE 370Z. WHY NOT BUY A PORSCHE FOR THE SAME PRICE? IT IS SUPPOSE TO BE 33LAKHS(INCLUDING 110% TAX SINCE IT IS IMPORTED) BECAUSE IT IS ONLY 15LAKHS IN THE USA. NISSAN IS ROBBING PEOPLE. PLEASE DO NOT BUY THIS CAR AT THIS PRICE. THEY ARE OUT OF THEIR MIND. THEY HAVE BECOME GREEDY AND KEPT THE PRICE SO HIGH FOR EXCLUSIVITY GODDAMN IDIOTS

Tech Trek to the Future

A peek at the technologies that changed our lives during 2009 and a preview of what to expect in 2010

The year 2009 dished out quite a few treats for technophiles. We witnessed the launch of arguably the two best operating systems (OS) till date—Windows 7 from Microsoft and the latest Mac OS X (version 10.6) from Apple. The year also saw Google expand its image of an I nternet search giant...

Premium Content
Monthly Digital Access

Subscribe

Already A Subscriber?
Login
Yearly Digital Access

Subscribe

Moneylife Magazine Subscriber or MAS member?
Login

Yearly Subscriber Login

Enter the mail id that you want to use & click on Go. We will send you a link to your email for verficiation

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

online financial advisory
Pathbreakers
Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
online financia advisory
The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Online Magazine
Fiercely independent and pro-consumer information on personal finance
financial magazines online
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
financial magazines in india
MAS: Complete Online Financial Advisory
(Includes Moneylife Online Magazine)