The choice and management of passwords has been a recurring and controversial issue for many years. While the simple users of networks and online services are mostly annoyed by the topic of password protection – and just as often overwhelmed – system administrators try to close security gaps in user behavior – and are still confronted again and again with the consequences of careless handling of password security. But what exactly is a secure password? In order to be able to answer this question better, one should first take a look at the methods with which attackers usually take possession of someone else’s password.
The obvious method of guessing a password is also the less likely one: Repeatedly entering passwords directly, even if it is automated, is inefficient and time-consuming. Since the server that is the target of the attack always needs a certain amount of time to check the password and for its answer, only a very limited number of attempts can be made within a certain period of time. The attack would also be noticed and prevented by administrators after a short time. Such an approach makes most sense if a password was previously spied out in a different way (e.g. through social engineering) or if it can be easily guessed from other sources.
Attacks on entire password files are much more common: Most server systems store the identities of their users together with the passwords in password files. The password is encrypted by a hash function into a random sequence of characters from which it can no longer be derived. If attackers get hold of such a password file, they can calmly encrypt millions of possible passwords using the hash function and compare the results with the entries in the password file. Each match then corresponds to a “cracked” password.
There are essentially two methods for guessing passwords. One is to try any character string below a certain length. This method, known as brute force, checks all character combinations without gaps and is therefore comparatively complex. A more elegant approach is the dictionary attack: The attacker goes through lists of possible passwords one after the other. Such lists can be found on the Internet and have grown to many millions of entries over the years.
So what makes a high quality password out? Everyone knows the instructions given to newcomers on websites when choosing a password: it should have at least 8 characters and contain upper and lower case letters as well as numbers and special characters. The creation of a password is always a question of weighing up security versus forgetfulness, password protection versus convenience. As important as password security is, a password that is repeatedly forgotten is useless. This is one of the reasons why the objection is repeatedly raised that it makes more sense to allow (or require) longer passwords. In other words, passwords consisting of several easy-to-remember words, connected by special characters, for example, instead of a jumble of characters that its owner forgets far too quickly. Another problem is the increased need for passwords per person.
So there is no silver bullet to a secure password. But there are a number of criteria and rules of conduct that increase the quality of passwords, make them more secure and thus protect sensitive information.
Also Read: Why Is Password Security So Important?
Let's imagine a world where your ideas and information are freed from the monotony of…
Managing a big data environment is challenging, especially when you have sensitive, high-risk information to…
For surfing at maximum speed, not only the Internet connection is important. The router is…
In an increasingly digital and fast-paced world, the need for convenient and secure payment solutions…
Who doesn't know it by now, the most well-known little AI helper in everyday working…
Are you ready to embark on the entrepreneurial adventure of the communication sector? Congratulations! Before…