The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password for each website. If the website doesn’t support really long passwords, you can still use the password manager to create truly random passwords, so it isn’t a total setback. But it’s not, thanks to password reuse (also called password recycling), and passwords created with common words, phrases and patterns. You can only really get true random, as well as long and unique passwords for each website you access with a password manager. After compromising a website where your password is stored, a criminal will attempt to crack the hash representing your password using a set of words (dictionaries) and rules (educated guesses). However, if the password this pattern is used against was truly random, it wouldn’t crack anything. In fact, attempting to guess a 12-character truly random password can take 54 days or so on SHA1, even longer on SHA3. At the end of the day, a password manager means no more password recycling, and no more easily guessed words or phrases. Given most websites require passwords with a minimum length of eight (8) characters, consisting of upper and lowercase letters, numbers and symbols, you’d think cracking or guessing passwords would be difficult. The only thing that will protect your accounts on other websites is your use of unique, long passwords without common words or phrases. Second, adding an exclamation mark (!) to the start of a password and the current year to the end of the password are both common patterns and easily guessed. It is, but the point of that rule is twofold; first, it’s to get you thinking about password length and its importance, and second, it’s to get you to think about password managers. True, it has 12 characters, uses upper and lowercase letters, numbers, and even symbols, but here are two reasons why you should never use such a password. Because of that, if your password has already been leaked or it can be easily guessed, then no amount of hashing will protect it, or the accounts associated with it. These are root words found among the 100,000 most common passwords, they’re an example of easily guessed words used to create passwords. But if that password were hashed with bcrypt (lots of websites use this), it could take millions of years to crack (164 to be exact). Two, the longer a password is, the more unique it is, then the safer and more secure it is, so long as it isn’t reused across multiple websites. What that pattern means, and why two different hashing options were tested — remember, hashing is how passwords are stored on a website — isn’t really important. If your password is AprilMarry95, and you were married to April in 1995 — details that are public record — your password could be easily guessed or cracked. This way, a compromised password on one website doesn’t lead to all your accounts being compromised. Essentially, if you can find the word in a dictionary, it likely isn’t going to make a good password. While !RubyRed2024 might look like a good password, it isn’t. On that note, if your password contains any of the following words, you need to change it as soon as possible. So then, what password manager should you be using? That’s the best part, you can use whatever one you’d like. For now, if your password manager offers to enable this option of defense (most do), you should take advantage and enable it.
This Cyber News was published on feedpress.me. Publication date: Tue, 01 Oct 2024 07:43:05 +0000