Passwords Are a Piece of Cake -- for Cybercrooks

Released: 7/17/2007 1:00 PM EDT
Source Newsroom: Indiana University
Contact Information

Available for logged-in reporters only

Newswise — Choosing a good password is one of the many choices students make as they head to college, and it's a decision that should not be taken lightly, says David Ripley, researcher at the Pervasive Technology Labs' Advanced Network Management Lab at Indiana University Bloomington.

What really makes a password difficult -- or easy -- for someone else to figure out? A computer cracker or identity thief will never know the name of your favorite great-aunt's cousin's dog -- so that's a good password, right?

"Sadly, that's not true," said Ripley. "Modern-day bad guys don't bother trying to guess your password themselves; they have computers do it for them."

Using special programs and huge lists of words, these cybercrooks try millions of different words -- long words, short words and foreign words. They can try every word in every dictionary, in every language on Earth; every dog's and cat's and goldfish's name imaginable. They try all those words with dIffErenT cApITaLiZation, and all kinds of oth3r vArati0ns! They'll keep guessing for hours, or even days -- the program doing the guessing never gets tired or bored.

"A random string of numbers and letters makes the best password," says Ripley, "Unfortunately those are very difficult passwords for most people to remember."

Ripley offers these tips on choosing and protecting a password:

* Long and complicated isn't so hard. Think of a phrase that will be easy for you to remember; use the first letter of each word to make a new word, leaving in the punctuation, capitalization and any numbers. Here's an example: "My first cat was named Fluffy. He was orange, with stripes. He only had 3 legs!" Taking the first letter of each word makes "MfcwnF.Hwo,ws.Hoh3l!""¦which would be a really good password. Much better than just using the word "Fluffy."

* Longer the better. In general, choose a longer password, rather than a shorter one.

* Since you might forget ... Don't write passwords on a sticky note and leave them on your monitor or near your computer. And definitely don't keep your password in a text file on your computer as crackers can potentially access them. However, keeping a list of your passwords in an envelope in a safety deposit box, home safe, or other secure location away from the computer can be a good idea, just in case of an emergency.


Comment/Share