| |
 |
Keeping your personal passwords private, secure,
and unbreakable is one of the most important steps you can take
for safer computing. If your passwords slip into the wrong hands,
your identity, finances, and personal information could be in jeopardy.
Find out more about how to choose strong passwords, how often
to change them, why should have more than just one, and other
important password tips and tricks on this web page. |
Strong passwords vital key to security and privacy
Unfortunately most
are easy to break
Using passwords are important steps in ensuring privacy and security
on the computers you use everyday, at home and at work. Unfortunately,
many of the passwords people use are simple or have been in use for a
long period of time and for a lot of accounts. Simple passwords can be
easily guessed by people who know you, or can readily be cracked by people
with experience.
Consider these findings...
- Studies have shown that more than 40 percent of all individually-chosen
passwords are readily guessed by someone who knows you.
- In a recent survey of password use, more than 3,000 account passwords
were cracked out of a test sample of more than 13,000 with multiple,
and fairly accessible, tools.
- Because many people use the same or similar passwords for different
computers and multiple accounts, gaining access to one password often
provides access to other systems and accounts.
How passwords are cracked
Dictionary programs are one of many tools frequently used to crack passwords.
A hacker will launch a dictionary attack by passing every word through
a dictionary, which can contain foreign languages in addition to the
entire English language, to a login program hoping that a word will eventually
match the correct password. Even worms and viruses will attempt to guess
passwords.
Ways in which passwords are vulnerable
- Many people do not change the default password that comes with some
computer security systems. Lists of default passwords are available
on the Internet.
- A password may be guessable if someone chooses a piece of personal
information as their password. Such items include a student ID number,
boyfriend or girlfriend's name, birth date, telephone number, or
license plate number. Personal data is now available from various sources,
many online, and can often be obtained by someone using social engineering
techniques such as posing as an opinion surveyor.
- A password is vulnerable if it can be found in a list of commonly-chosen
passwords. Dictionaries, often in computer-readable form, are available
for many languages, and lists of passwords are easy to get a hold
of. In tests on live systems, dictionary attacks are so routinely successful
that software implementing this kind of attack is readily available.
- A password that is too short, perhaps chosen for ease of typing,
is vulnerable if an attacker can obtain the cryptographic hash (mathematical
function which maps values from a large domain into a smaller range)
of the password. For example, computers are now fast enough to try
all alphabetic passwords shorter than seven characters.
Learn More
Get Help
IT Service Center
303-735-4357 (5-HELP)
security@colorado.edu
|
|
|
