You are currently browsing comments. If you would like to return to the full story, you can read the full entry here: “Many People Uses Simple Passwords on Web!”.
Many People Uses Simple Passwords on Web!
Comments
One response to “Many People Uses Simple Passwords on Web!”
-
“Don’t contain any characters from the user name.”
Bad advice! Seems backwards, but this actually makes the password space smaller. You want the hacker to try as many passwords as possible. That means you don’t want to give the hacker any information they can use to eliminate possibilities.
Here’s a hypothetical. My user name is abc and my company’s policy is that my password cannot contain characters from my user name. Well we just saved the hacker a lot of time then. They can just skip passwords with the letters a, b, or c. They can just skip right over those.
Let’s do an example with your short list. If my user name is abc then look at these passwords.
batman, bond007, cocacola, 12345678, 1234, pussy, 12345, dragon, qwerty, football etc.Let’s take out all the ones with characters from my user name because it CAN’T be any of those right? That’s company policy.
List becomes….
12345678, 1234, pussy, 12345, qwerty.Notice just a three letter user name cuts down the possible list by HALF! You just made the hacker TWICE as fast! Imagine if your user name had 4 or 5 or 10 characters? I won’t tell you what my user name at work is, but if you applied it to that short list it would only leave one password out of the 10 we started with for the hacker to try. That’s not good. How many more would be taken out of a hacker’s trusted dictionary I don’t even want to know.
Better advice is to say, choose your password in such a way that the hacker does not know if your password contains characters from your user name or not. Then they don’t know if they can skip any passwords so they’ll have to try every possibility.
Leave a Reply