Your easy passwords make hacking easy

I recently acquired some files containing over 78,000 username/password combinations. I won’t say where or how I got them, but I broke no laws in the process and simply possessing these files are perfectly legal. After all, they’re nothing but lists of words and numbers. Sadly, there is no additional information. I don’t know the source of this data. Facebook’s servers? Yahoo’s? Google’s? I have no clue. I loaded them into a mySQL server and have been having some fun looking them over.

Unfortunately, most people who connect to the internet still haven’t gotten the memo about good username/password selection. So without further ado:

A good password does NOT contain words that can be found in dictionaries (of any language), nor should they contain proper nouns (i.e. Steve, Wyoming, Korea, Google, etc.). This is because the first technique used by password-cracking software is a dictionary check. What language are you using? English? Great. English language dictionary loaded. Now, let’s guess every word in the dictionary in combination with some random numbers. This method is called brute-forcing and is very effective because people use passwords such as these (from the actual database):

carlyle
didius1
spirit
minime02
cookie
dewey34
avonlady57
mark0318
Kiera1
aquick
eureka13ak
3433748
rochelle
dasani69
Faith01
snack
ginger19
benjamin
melissa marie
chic50
dennis
dat11715
j05211520
cjn0906
CHANCE
3li2he1h

This is a random sampling of 26 passwords people have actually used on the internet. I literally copied/pasted this form my database. Only ONE is relatively secure. Did you see it? Go look at the list again, the answer is given in the next paragraph.

It’s the last one. But even it sucks because it contains no upper-case characters. This is important because it all comes down to mathematics. The more potential characters that have to be tried, the longer it takes and the harder it is to crack your password. If you use only lower-case letters, I only need to guess with 26 characters. If you use both lower and upper-case, I need to guess with 52 characters. Simply mixing lower and upper-case letters makes our passwords twice as hard to crack.

The most staunch password enforcer will insist upon your use of the special character, such as punctuation ($, %, &, *, !, @, etc.). This is indeed harder to crack. However, their use makes them difficult to remember.

A method I developed over 10 years ago creates a secure password that obeys the above rules AND is easy to use. This method works because it’s based on memorizing a phrase, rather than random letters and numbers.

Most web-based services such as Yahoo!, eBay, Hotmail, etc. require your password be at least 6-8 characters in length. Most everyone recommends at least one or more numbers and some letters should be capitalized. Don’t go over 10 characters for most services. These are the key ingredients to keep in mind.

Next, I come up with an 8-word phrase that consists of at least one capital letter and one or more numbers. A very old example that I’m willing to share publicly is the phrase “my daughter Alex is 12 years old”. Take the first letter of each word to make up the password. This translates to mdAi12yo. There you have it: a more secure password that contains letters, numbers, and no words from any dictionary. It contains no proper nouns. It can be strengthened by inserting punctuation and/or making it longer. I have one such password that is 32 characters long. I can remember it because it’s a longer phrase I memorized.

And of course, never forget, change the password every so often.

The moral of the story is this: If you don’t want your email, bank account, or other services hacked, quit using easy-to-guess passwords! As I have stated previously, my method is not perfect. However, I’ve found it to be quite effective. I’ve been using the internet since its (public) birth in 1995 and have been hacked only twice: on Twitter and Hotmail. I have no idea who or how they got in, but when I was made aware of those hacks, I closed those accounts and changed my passwords everywhere else, immediately. So far, so good.

Google pairs with Ford to throw away investors’ money on self-driving cars

From the Original Article on Yahoo! News

Here’s another fine example of Google wasting its investors’ money on worthless technology that almost nobody wants. Remember Google Glass? They STILL haven’t given up on that failure. Now Ford wants to throw away their money too. What joy!

So Google wants their computers to drive cars. I think they should get navigation down first. Google would be better served putting its money into something actually useful like its buggy Maps application.

Self-driving cars won’t work because cars need drivers with intuition, something computers just don’t have. Autopilot in the air is relatively easy when the nearest traffic is several thousand feet, if not a few miles, away. It’s a whole ‘nother story on the road.

Autopilot in a car may be more palatable so long as the driver can take over complete control whenever they want. But no, not with arrogant Google. They want to remove the steering wheel, gas, and brake pedals. You are completely and utterly at the mercy of their buggy software. The pilot in the air can take control of his/her plane whenever they want. Unless the same is true for cars, FORGET IT.

But even still, if I got my wish and they DID wise up and leave the steering and other controls in place, there will be people who rely TOO MUCH on the autopilot and they quit paying attention to the road. Hell, some will take naps. Again, that may be acceptable for a few minutes at 40,000 ft., but certainly NOT when I’m routinely coming within a few yards of other vehicles moving just as fast as I. And even at 40k feet, do you really want your pilot to be napping?

 

Welcome to my homepage

C64-screen

Welcome to the new scottbomb.com. While this site has been operational since 1999, it’s currently undergoing some changes.

Computers and electronics have been hobbies of mine since I was a boy. I learned to program in BASIC on a Timex-Sinclair 1000 and then a Commodore 64 in the mid-1980s. I was taking apart everything electronic to satisfy my curiosity about how things worked.

As an adult, my thirst for knowledge has grown. I got my ham radio license in 1993 and finally reached the highest-level license in 2006. I also attend college on a half-time basis, working on a degree in Information Systems at Regis University. I’m pursuing my passion, hoping to eventually make a career change from sales to something computer-related. I mostly enjoy learning to program in Java and C. I’ve spent a few years learning a lot about Linux systems as well. All of my computers run Kubuntu Linux, except for one which runs Windows 7, strictly for Media Center.

In the coming weeks, this site will take on new features and content. I intend to keep most subject matter technology-related. As it’s been since the beginning, politics will most definitely have its place here as well. Hopefully, it will become a place people might want to visit once in a while. If not, it will at least give me some practice in honing some new (and some old) skills.