I’ve just read two interesting articles about the internet and online passwords worth taking note of.
- The NSA (US government), with a tool called “XKeyscore” collects “nearly everything a user does on the internet.”
They can see the websites you’ve visited, can monitor your messages and activity on social media, and see all your past emails.
- Passwords are apparently really easy to crack with modern password cracking technology. According to crypto experts Silent Circle, my online banking password would take 8 hours to crack (not long enough for my comfort zone, so I’ve strengthened it to one that’ll take centuries to crack).
Click here and enter your password to see how long it will take to crack your passwords. Don’t worry about entering a username or anything else.
Apart from using a highly complex password that’s difficult to remember by using a tool such as Entima random password generator, Simon Black explains what you can do (after the fold):
I was never a crypto specialist while in the intelligence business, so I studied the issue for the last few months to find out about the latest password cracking algorithms.
It turns out that most things we think about password security are completely wrong.
For example, you know how it seems like every website these days has a particular password format they require you to use?
For example, they’ll require at least one upper case character, one lower case, one number, one ‘special character’, and that the password must be at least seven characters.
Most of these web sites are incredibly annoying, and it can take three or four tries to come up with the right password.
iTunes, Facebook… they all do this to cover their own butts in case your account gets hacked, so they can say that they advised you to use the industry ‘best practices’ for a secure password.
It turns out this isn’t very secure at all.
Most password cracking algorithms have adapted, particularly as a lot of people use ‘dictionary’ words in their passwords.
For example, instead of “sunshine”, one may use “5unshinE!”, substituting a 5 for the s, capitalizing the E, and adding an exclamation point.
The first password, “sunshine”, is considered to be highly vulnerable based on industry convention, but “5unshinE!” is considered to be much more secure.
It turns out that both passwords can be cracked by modern algorithms almost instantly. Neither is secure.
Since cracking algorithms succeed by picking up patterns in human behavior, the key to a secure password is randomness and disorder. In the security business, this is known as entropy.
It’s difficult for a human being to fake randomness and disorder. So one easy way to achieve this is to use a password generator tool that incorporates entropy.
Try, for example, going to https://entima.net/random/
On this website, you move your mouse around randomly, and the website’s software incorporates these random mouse movements into its password generation code.
The passwords that it generates are far more secure, taking centuries to crack instead of mere seconds.
It may be a good idea to take a few minutes out of your life to check your own password vulnerability, and come up with an alternative that’s far more secure.
Original article on Sovereign Man is here.