Increase your password security

Discussion in 'Computer Security' started by JK2447, Jul 15, 2009.

Page 1 of 2
  1. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,200
    951
    318
    Jul 15, 2009 #1
    Remove Advertisement - Premium Membership
    Hi All,

    Just learned something interesting I'd like to share. If your Windows password is 14 characters or less, Windows stores it as two 7-character hashes, which makes them easy to crack :eek:

    Using a password which is 15 characters or more forces Windows to store it in the more secured NTLM hash format, which is a LOT harder to crack :twisted:

    That is all 8)

    Jim
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  2. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Jul 15, 2009 #2
    Remove Advertisement - Premium Membership
    Nice tip from our budding security expert ! :biggrin

    Rep given
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  3. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,200
    951
    318
    Jul 15, 2009 #3
    Aw shucks :lol: thanks mate
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  4. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Jul 15, 2009 #4
    my password is only 8 characters long but contains numbers aswell as letters. Do you suggest I change it then?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  5. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,200
    951
    318
    Jul 15, 2009 #5
    Its good that you are mixing it up with caps, numbers and symbols. That is enough for most people but if you want to make Windows give you the max security I'd change it. In today's world the amount of nefarious users is growing exponentially. I find its easier if you think of a song or a place so ImagineBeatles1 etc. Thats almost never getting cracked by anyone :biggrin

    **Edit: I also think that as IT professionals we should set the example by having more security awareness than your average user
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  6. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Jul 15, 2009 #6
    What happens if the word you have used is a made up word you used to say as kid which sounds like a proper word but is spelled how you would say it when you were a kid? :D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  7. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,200
    951
    318
    Jul 15, 2009 #7
    Yeah thats going to be hard to crack so I'm sure you are fine to keep it as it is. I more wanted to highlight how differently Windows handles 14 or less characters and 15 or more.
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  8. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Jul 15, 2009 #8
    I do have 15 character one for hotmail which includes numbers and letters but not fo login just the word I used to say as kid.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  9. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,200
    951
    318
    Jul 15, 2009 #9
    Thats wise mate, any web based email accounts should be 15 for sure. Glad to see your covered, A+ :D
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  10. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Jul 15, 2009 #10
    I guess I should stop using "password" as my password, then eh? :p

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  11. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,200
    951
    318
    Jul 15, 2009 #11
    :lol: yeah thats just silly, you should just leave it blank like all mine . . . .:p
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  12. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Jul 15, 2009 #12
    I know lots of people who do that :D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  13. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,200
    951
    318
    Jul 15, 2009 #13
    Seriously???! Hope they don't do online banking or they might find they have bought a plasma TV in Bejing! ha ha
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  14. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    Jul 15, 2009 #14
    bugger that. I have enough issues changing my password every 45 days, to a 9 character password, not used in the past 12 passwords, to worry about trying to come up with a password greater than 14 characters as well.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  15. dazza786

    dazza786 Megabyte Poster

    758
    30
    67
    Jul 15, 2009 #15
    Hmm, GBL will have to brush up on his social engineering defence now though..:p
    I would suggest changing it with a few CapiTals and include some numb3rs\symbols in there if you can
     
    Certifications: MCP (271, 272, 270, 290, 291, 621, 681, 685), MCDST, MCTS, MCITP, MCSA, Security+, CCA(XA6.5)
  16. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Jul 15, 2009 #16
    ...except most online places don't accept passwords that long... and some will truncate them without you knowing it. Older Windows OSes simply disregard the trailing characters in passwords that long.

    Plus, using passwords that long are more likely to include dictionary words in order to help you remember them, which makes them far, FAR easier to crack than a more complex string of 8 characters. Thus, in my opinion, 15-character passwords are often LESS secure than shorter, more complex passwords.

    EDIT: For those who think it's enough to add in capitals and "leetspeak" characters, you need to do a little research on how easy it is to add those combinations into dictionary attacks.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  17. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Jul 15, 2009 #17
    What you mean my password, which is password, is not secure!

    Damn you, I shall think of another one, maybe Password
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  18. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Jul 15, 2009 #18
    Been there, done that, check Page 1 :p

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  19. delorean

    delorean Megabyte Poster

    959
    15
    64
    Jul 15, 2009 #19
    I make it a personal goal to learn at least 1 new fact/thing/misc every single day. Today this was it. Thanks!

    Repped!
     
    Certifications: A+, MCP 70-270, 70-290, 70-291
    WIP: 70-680, S+, MCSA, MCSE, CCNA
  20. dazza786

    dazza786 Megabyte Poster

    758
    30
    67
    Jul 15, 2009 #20
    You fail to mention its advantages with regards to brute force attacks... it'd take longer to attempt
    reservoir, r3servoir, r3s3rvo... etcetc
    so it's still increased its security in comparison to a plaintext lowercase string.
     
    Certifications: MCP (271, 272, 270, 290, 291, 621, 681, 685), MCDST, MCTS, MCITP, MCSA, Security+, CCA(XA6.5)
Page 1 of 2

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...