Universal Supplies Co.

How strong is your password? Jul. 24, 2005

There had been many articles about choosing passwords. It is said that weak password will not be safe and experts suggest using strong password.

Weak password includes your name, your birthday, your partner's name or those related to personal matters. It is easy for anyone who knows your name or your personalities to guess. The next set of weak password is those that can be found in dictionary, the normal and hackers' dictionary.

There is a case. A son cracked the password of his father because he was sure of what his father like and easily guessed what would be the password. If his father was a fan of basketball, the password would most likely be the names of his favorite players.

Strong password can be in many forms and we summarize them as follow:

1. Without any meaning
2. Mixing upper case, lower case and numbers
3. Better to be at least seven characters long if not more

There are suggestions to use extended ASCII characters, but for many reasons, signs etc. will not be accepted by most systems because many of these signs are used for other controls.

According to a report, if we use 7 characters password, with 100,000 encryption operations per second, it takes 1.67 minutes to crack the password with numbers, 22.3 hours to crack the password with lower case and 9.07 days for letters and digits.

If we use 8 characters password, with 100,000 encryption operations per second, it takes 16.7 minutes to crack the password with numbers, 24.2 days to crack the password with lower case and 10.7 months for letters and digits.

That is why it is always better to use 8 characters of digits and letters, upper and lower case.

The stronger the password will be, the harder for us to remember too. So it depends on how important that password is. For anything related to finance like bank accounts, credit card etc., we ought to make it as strong as possible. For those just for visiting a website or without any valuable things at all, we can use weak passwords that easy to remember, to make a better day.

It is certain that no matter how strong our passwords would have been there is always a chance to be cracked if we are the targets for the crackers. We have to depend on the authentication process of the banks etc. to safeguard against crackers. Do they allow crackers for unlimited trials? Normally, with repeated wrong password input, the system should be alerted and stopped to accept any further trials.

We can use some programs to generate passwords. In fact, it is easy to design a password. For example, if we think of using ABC and xyz, by mixing them with digits, we can have 4Az8C0xB7z or z9C3y5Bx etc. Any mixture would have the same strength for the same length.

Many years ago, when people had ATM card for the first time some even marked down their passwords in paper and kept them together. So it is so easy to lose the card and the password together. Therefore, it is important to find a safe way to keep the passwords if we cannot remember them all.

Storing Our Passwords Jul. 23, 2005

Most of us would use online to handle our bank accounts or subscriptions etc. All these require password.

In a busy life today, to keep record of many login and passwords is quite difficult. Besides those related to web sites, there are many other things including credit cards etc. also require passwords. Usually we shall not use one password for all due to various reasons.

Keeping all such sensitive information, passwords, in the PC is a natural choice, but due to the threats from spyware etc., there is a security problem. For big corporations, there are specialists taking care of the networks, it should be quite safe. However, the recent cases of stolen personal information were not happened in small offices and that has shaken anyone's confidence.

Individual or SME may not have anyone to look after safety matter, the risk should be much higher. This is certainly very difficult to handle our passwords.

Of course, if the hackers are specialists, who can break in computers of corporations or even government, they do not need our passwords at all because our defense means nothing to them.

About keeping passwords, some methods may use very difficult formats. In fact, to keep our password records is to avoid immediate use only. Frankly speaking, those who can invade our PC must have the knowledge of security software, how can we feel safe? We are not saying that methods were useless, just to say making a system hard to use would create trouble for users only, but not those intelligent hackers.

So we are working for a system that is simple to use, yet with the appropriate security for such type of application.