Choose Your Password

by | May 10, 2019 | Guides, Habib O

Choose Your Password

There are a bunch of articles here on internets that speaks about the choice of a password. What stroke me in these is the lack of example.Authors usually say “Use a password of a minimal length of 8 characters”, without explaining. This kind of article never made me change my password, neither did to all of you.
So I tried to find my password with bruteforce, and I was impressed. In less than 3 hours, the bruteforce software did found my password.
In this article, I’ll show you how works the bruteforce, to help you pick a strong password.

Bruteforce attack

I chose to present you the bruteforce, who really explains why a strong password is necessary : let me show you how easy it is to get a simple password. A bruteforce attack works this way : It tries every password from a list until it find the good one. These are the 3 kind of bruteforce attacks that exists :

  • Generation of every combinations existing;
  • dictionnary ;
  • hybrid dictionnary.

Generation of every combinations existing :

As the title says, this way consits in trying every combinations that exists. Let’s imagine we only have a password with lowercase and uppercase alphabet, and numbers.

That’s the con of bruteforce ; this kind of attack can become veeerrrrryyyyyy long.
Now you begin to understand why choosing a long password is important.

Let’s imagine that a malicious attacker tries to bruteforce your password on some random website.

With his connection and his processor, let’s imagine that his computer needs 0.05 second to test one password. Well then, do the maths : the attacker will need 4436 years to test every password of 8 charachters with lowercase alphabet+digits, against 6 hours for a 4 characters lowercase-only password.

To speed up the process and avoid testing useless passwords, the attacker may establish its list from existing words. So that it will not have to test weird password such as xW4JJKZR, but only password that a normal human use, or hybrid dictionnary, which is a mix of both. Bascically, what it does is that it tests every entries in its list plus some additional digits or random letters.
What you’ll have to remeber from that :

Password must have a correct length (this is considered correct from 8 characters)
Password must contain a mix of different kind of characters :
uppercase,lowercase,numbers,special characters like &#*$

And finally, password shouldn’t be easy to guess. They should be a mix of your name/your cat’s name/your crush’s name and some random digit, NEITHER be in the list of the most used passwords :

Final advise :

Do NOT write down your password (somebody will see it)

Often change your password

And use a different password on each website. (So that a hacker that got your password from mypony.org won’t be able to connect into your paypal)

Habib O

Self proclaimed tech enthusiast looking to expand my personal portfolio. Click my profile to find out more. PS. If you give me something i will break it.