Password Recommendations
 

Password Cracks
 

Unix systems keep the passwords to their accounts in a file in an encrypted form -- but on many simple systems this file is publicly available. The encryption on these passwords is virtually unbreakable. However, the crack program (which is available on the internet and can be run "in the background" for weeks on end on any Unix system) takes each encrypted password and, using a special key (also provided with each password) encrypts every word in an electronic dictionary, and compares them to the encrypted password to see if they match. It also tries the words backwards, with digits in front or behind, capitalized, as well as all the numbers between, say, 1 and a million. It will use any dictionary supplied to it -- whatever the language.

This painstaking process can take a lot of time, but crack has a lot of time, and eventually it will wind up with all the weak passwords on a system.

Large systems like WAM, Glue, and (recently) the Cluster, no longer keep the vast majority of their passwords in public files. This greatly increases their safety from cracking (though not from intelligent guessing). But choosing a strong password still makes sense.

Strong Passwords

 ▪ A combination of several words that aren't themselves a word
(e.g., itsnotfair)
▪ A heavy mixture of upper and lower case
(e.g., DeLuSiOn)
▪ An "acronym" made from a phrase, maybe capitalizing significant words -- that isn't itself a word
(e.g., tmCjotbM -- from "the mad Cow jumped over the b$
▪ A word with digits sprinkled inside it
(e.g., banana -> b2anan3a)

Weak Passwords
▪ Dictionary words, places, or names -- frontwards or backwards, in ANY LANGUAGE. This includes -- always a popular choice -- the names of spouses, friends, children, pets.
▪ The same, first letter capitalized,
▪ The same, with a digit at the beginning and/or end
▪ A pure number less than a million (particularly a PIN number -- if crack decodes a 4-digit number, the person running it will assume it is a PIN number potentially usable for access to other assets)
▪ Your login-id
▪ Your social security number, birth date, or license plate (these aren't so much susceptible to cracking as they are to guessing by those who know you.)

 Why is a good password necessary?

 "I have nothing to hide -- why should I worry about my password?" Anyone who gets unauthorized access to an account can (and frequently does) use it to run illegal software (such as crack or network "sniffing" programs that try to spot passwords as they pass by on the network), or to break into other computers, or engage in e-mail or transactions that can destroy the reputation or finances of the legitimate account holder.
 

Source: OIT Helpdesk
 

 

 

 
Servicios en español:  

Servidores Dedicados | Servidores Dns | Servidores Backup | Servidores Linux | Servidores Web Registro de dominios | Aplicaciones Web | Housing | Servicios SMS | Alta en buscadores | Helpdesk Software | Soporte Helpdesk de Software | Servidores de correo | Desarrollo Web | Soporte VoIP | Soluciones PLC | Redes PLC | Tecnología PLC | Regalos exclusivos | Extintores tipos | Alquiler de Barcos en Galicia | Alquiler de Yates en Galicia | alarmas incendio Vigo | Señal obligación | camilla Nido | maniquí de enseñanza | mochila botiquin
English Services:   Domains Registration | DNS Servers Support | Helpdesk Software | Linux Support | Webmasters Support | Scripts Support | Backup Support | Application Installation | SYS Admin Outtasking | 24x7 Web Hosting Support | Development Support | Security Outtasking | Backup Outtasking | Monitoring & Reporting Outtasking | SMS Support | Live Support solution | Hosting automation solution | VoIP Support | PLC Solutions | Boats Hire

Developed by  Bankoi (c) 2010 - All rights reserved Helpdesk-Software  -  Webmaster