Why Better Passwords Can Keep Your Data Safe

Major transitions in IT inevitably lead to increased opportunities for cyber criminals. With the explosion of mobile computing, the consumerization of IT and related technologies, such as cloud and virtualization, more opportunities have appeared. Witness the latest outbreak of Distributed Denial of Service Attacks (DDoS) that are often automated and bot driven. When it comes to passwords, the important thing to remember is that any password can be cracked, usually by much more than a thief trying to think up combinations.

When it comes to an encrypted password data file that’s been hacked, such as that of a retail company or bank, thieves generally apply powerful tools to decode the password and obtain account information once it’s in their hands. Password crackers have many different techniques for trying to decode passwords. These range from pre-compiled lists of possible terms to random combinations of numbers, letters, and symbols. Most cyber criminals use automated password cracking. This is effective because they can run at all hours for as long as necessary applying every word in the dictionary and more, until a password is decoded.

To their advantage, thieves also have the knowledge that most users rely upon easy-to-remember terms. These could include birthdays, addresses, and names of friends and family. Users need to remember that making a password obscure is not necessarily making it more secure. For example, the most widely used term, ‘password’ which most users by now realize is ineffective, shifted up one row on an English-style keyboard, becomes ‘0qww294e.’ However, this would be a feeble way to outwit a determined hacker.

Most hackers spread their attacks across a broad range of accounts. This circumvents the standard authentication security of more sophisticated systems. Add to this the ability of criminals to use thousands of hijacked PCs to do the processing, elaborate heuristics, and powerful graphics processors, and users are up against quite an array of sophisticated password-cracking methods.

Alternative options for creating passwords abound. For example, instead of using a common name, such as tortoise, which is easy to remember for sure, realize that it’s also easy to figure out. On the other hand, a password which uses symbols, numbers, and letters (Y&$89hk), is much more challenging to crack, though it is hard to remember. Users are recommended to use eight or more character passwords using the above combinations because these require nearly a quadrillion possible combinations to figure out.

It’s become even more clear that 16-character passwords increase the level of difficulty exponentially. Long passwords can also be made from phrases or song lyrics, for example, and then using only the first letter of each word to make up the password. This technique can be helpful with systems that place limits on the number of symbols that make up a password. It’s important to remember that data hacking is not just going to go away. End-users have to use their own creativity and ingenuity to outwit persistent cyber thieves and protect their data because studies show the problem is not simply going away.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO East 2012, taking place Jan. 31-Feb. 3 2012, in Miami, FL. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO registration, click here.

Stay in touch with everything happening at ITEXPO. Follow us on Twitter.