Welcome to Our Blog

Undefeatable Password

Nov 20, 2012
White Papers

You and Your Password

You might have heard the term “Strong Password” and may have wondered what it meant. Strong implies that it is more difficult to compromise and making it a stronger password is fairly easy to do. First we would like to lay out a few background facts and then we will show you an easy way to create a strong password.

Facts:

  • People are the weakest link in the security chain, and the easiest way to get a user’s login details is by asking him/her for it (see our related article on Social Engineering techniques to see how this is done).
  • Breaking Alpha Numeric (numbers and letters only) passwords will only take few minutes for a skilled hacker, even if it is up to 14 characters long.
  • Most passwords are combination of a name plus few numbers and 8 characters long (jack1234).
  • Most people will write down their passwords and store them in an obvious place like under the keyboard or pasted to the monitor.

Strong Passwords

The real goal here is to make a password that is not only strong but one that is easy enough for you to remember without writing it down.
We recommend creating a password with two distinct parts: part one is the password’s first 3 characters combined with the last 3 characters, and part two is the characters between those two sections.
Part one can be a constant and part 2 will need to change every time you change your password. We recommend password changed every 30-60 days – I know this sounds tedious but reassembling your credit ratings and trying to recover your stolen house are far more troublesome!

Part One

Part one contains the first and the last characters of the password and we recommend that it contain symbols and/or special characters and/or numbers. By using the special characters you are making a Brute Force attack a much more challenging exercise for a hacker. A Brute Force attack is when someone uses software to attempt every possible combination until one works. For every character you add to the sample set the job gets much larger for the attacker. Eventually if enough different characters/symbols are used it becomes impossible to use Brute Force unless they have few months to wait for the password.

A key concept of part one is to build it in a way that you will remember it.
For example: !@# )(* seems rather random but its actually (looking at the keyboard) 123 and 098. You can now see that you can leverage extra symbols in a meaningful way that is meaningful only to you.

Part Two

Part two needs to have at least 8 characters using lower and uppercase letters and also numbers (same rules as you typically use now when renewing your passwords).

For example: Lior1234

So my Strong Password could be:!@#Lior1234)(*

Remember the goal of using as broad a symbol set as possible and still making it easy for you to remember.

Phase 5 – Implementation

The software is now ready and functioning as it supposed to. Now is the time to install the application on the computers/servers and run further testing and inspections.

Accreditation and certification (confirmation of the software characteristics defined in phases 1-3) are initiated and completed.

Phase 6 – Maintenance

The last phase of the software life cycle includes software updates and bug fixes. Customer requests are integrated during this phase and not the previous phases which minimize the customer interruptions during the software development (any project management dream).

Another important aspect to phase 6, is that software auditing and constant security tests are being performed to ensure that the software performs as designed and specified.

Need More Info? Call Us (888) 834-8932

Contact Us

© 2012 Toronto Professional services LTD. All rights reserved