Happy New Year: your password sucks

The tale, as retold by an IT support mate of mine over one too many beers recently, of the user who swore her password was ******** as that’s what the login screen said is about as likely to be true as any other IT support shaggy dog story, it did get me to thinking about the true cost of password insecurity.

While wondering how long it would take, any password to crack rule can be reused analyzes how long is a piece of string, it is possible, some kind of vaguely meaningful response by you the math (the number of friends make it possible signs of power of calculations per second password literally ability of the computer) subdivided with an average desktop PC.

At the very least it serves to illustrate how just a few characters can make all the difference when it comes to password security, and that size and complexity do have a direct impact upon the resources required to break through the basic defences. So, and please excuse the very broad brush strokes I am using to paint this particular picture, a password of ‘dumbo’ would take about a second for a brute force application to crack using the processing power of an average PC. Changing that to ‘dumbo123′ would extend the time required to approximately 3 days, and ‘dumbo12345678′ jumps into half a million years territory. Start throwing in non-alphanumeric stuff such as pound signs and exclamation marks and things get really ridiculous: dumbo12345678£ = 19 million years, dumbo12345678£! = 71 billion years and dumbo12345678£!£ = about 3 trillion years according to the online password security calculator at howsecureismypassword for example.

Course is not to use your serious hacker your average desktop PC and once you start the investigation of the hardware and software arsenal of your professional password thief things start a bit more concerned. By using commercially available off-the-shelf “forensic password recovery” software and a couple of desktops to beefed with some high end is possible graphics cards of all linked together in supercomputer hacking area for a relatively modest layout a couple retained or 3,000 £ And supercomputers can be faster than a typical desktop PC to crack a lot of passwords. Instructed to passwords either crack of course (part two), your serious hacker not only to software. Social engineering in the game comes, in passing password details either deceive deception of users by blatant person-to-person or using malware.

So, bottom line: size does matter “Thickness” or complexity of a password. The longer and more complex that better indeed, provided that you can’t it forget that is. And there lies the rub after Rajapaksa company password management specialists HTK that as the staff, after a seasonal job Pradeep expects the head, so IT help desk launches drowning in requests for password reset how long and complex combinations were forgotten in the complex xmas festivities. Who cares? After all IT bods can quickly enough a new running it cannot? Well, but as Rajapaksa points out, “typical password reset cost from around £ 30 it is also an unwelcome burden on early 2011 helpdesk budgets.”

About the only thing I with problem if it had the line Rajapaksa take that somehow after Christmas again things work worse makes. My experience shows that forgotten passwords problematic and costly all year round, up and as long as no proper password management strategy through an effective software solution supports is demanded. I visited a German SME in 2010 really frightening statistics had to show me: over the course of just one month 10 percent of the passwords have been changed, but this majority required administrator reset. This indicates that the user password is forgotten, rather than to change they desire more secure. Start multiplying the reset numbers the costs arising from the application passwords are reset and suddenly more than just a safety issue.

Leave a Comment

6 + = seven

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>