Passwords, What's the Latest?

Preview:

Password cracking tools are getting better and better. They are progressing right along with other computer and Internet technology. Many passwords that were safe, are insecure now. Here's how they are cracking your passwords and what you need to do about it.

How are Hackers Attacking Us?

We can all see how fast computers and phones have progressed over the last 40 years. Sadly, hackers, who will use these machines and take advantage of users who don't adapt have also progressed. A criminal who wants to hack one of your accounts has tools unimaginable even 10 years ago.

They have one of many databases of already compromised passwords with over 3 billion entries.
They have databases of names, including pet names and dictionary words.
They have databases of words and phrases from themes like Star Trek or football.
They have algorithms that substitute for leetspeak. That is when you substitute @ for "a" or zero for "O" and so forth.
They will check your password for any of their 3 billion. They will take names or themes. They will start with a base and add numbers and symbols to it.
They check for any two words with numbers or symbols between them and possibly at the end.

If you repeat a password, and a site gets hacked and loses your username and password, any other site where you used that password or a variant of it, is in danger of being hacked.

What this Means to You

This means you cannot repeat passwords or just change them a little bit. This means you cannot remember your passwords and cannot type them. You also won't be able to write them all down, there are too many. You have to have a password manager. I recommend Keepass for Windows users. It is simple and keeps the passwords on your computer so they never leave your control. For Keepass on Android, I recommend Keepass2Android at the Play Store.

Brain surgery cartoon. Removing passwords

Brain surgery cartoon. Removing passwords

If you need to maintain the your passwords on multiple devices, keeping them in sync, then I recommend Bitwarden. You gain the convenience of having your password database in the cloud and on your computers, phones and tablets. However, you lose control of your passwords as you have put them in the cloud. Bitwarden is open source and is audited. The safe is encrypted on your computer before being synced to the cloud. If you have a good master password for your Bitwarden safe, then even if they were to lose it, your passwords should still be safe as the encryption is uncrackable.

I hear only good things about 1Password, so assume it is a fine option as well. Like Bitwarden, it will do cloud syncing.

There is no alternative to a password safe.

How do I Make an Excellent Master Password?

Here are some rules:

They’re long
They avoid common names, places and dictionary words family names, birthdays, anniversaries, or common phrases from literature
They use a random mixture of uppercase and lowercase letters along with numbers and symbols

Here is a good method to create your master password. Choose

A character or characters
Doing something very weird, odd and memorable.
Fill in with numerals and symbols and repeat them to increase the length.
The first letter of each word becomes your password to the password safe. The safe remembers all the other passwords.

For example, do not use this as it just appeared on the Internet.
"Tom and Jerry were cooking breakfast while flying to Mars for their vacation."

Now, take the first letter of each word.
Stick --- after Tom and Jerry.
Stick 999 after "flying"
Stick ... after Mars.

We get: TaJ---wcbwf999tM...ftv

This should be good enough to protect your password safe for the next five or ten years. But of course, now that it's been written, it is no longer safe.

I also like the system of combining two phrases and more from two languages again with characters and numerals interspersed. The two phrases and a word should be somewhat unrelated and something no one has seen before.

Something like this:

Patanjali's Abhyasa and Vairagya333.Pingpong.///and Tractors.

That's too Hard to Open the Password Safe

I'd go further. I'd say it is way too hard. Fortunately, both BitWarden, Keepass (with the Quick Unlock plugin), and Keepass2Android allow you to re-open your database quickly. They provide some combination of biometrics (like a fingerprint I use with Keepass2Android), or pin. This allows you to open the database quickly until the program is closed. They close the safe, but leave the program running.

With Keepass I use the last 4 characters of my regular password, and if I get it right in one try, it opens; otherwise I have to enter the full password. So, I only need to type the full password when I re-start the program, and I leave it running minimized, but with the database closed. So, I only enter the full password when I restart my computer. From then on, I get in with just 4 characters. On my phone, my thumb print gets me in.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Passwords, What's the Latest? Preview: Password cracking tools are getting better and better. They are progressing right along with other computer and Internet technology. Many passwords that were safe, are insecure now. Here's how they are cracking your passwords and what you need to do about it. How are Hackers Attacking Us? We can all see how fast computers and phones have progressed over the last 40 years. Sadly, hackers, who will use these machines and take advantage of users who don't adapt have also progressed. A criminal who wants to hack one of your accounts has tools unimaginable even 10 years ago. They have one of many databases of already compromised passwords with over 3 billion entries. They have databases of names, including pet names and dictionary words. They have databases of words and phrases from themes like Star Trek or football. They have algorithms that substitute for leetspeak. That is when you substitute @ for "a" or zero for "O" and so forth. They will check your password for any of their 3 billion. They will take names or themes. They will start with a base and add numbers and symbols to it. They check for any two words with numbers or symbols between them and possibly at the end. If you repeat a password, and a site gets hacked and loses your username and password, any other site where you used that password or a variant of it, is in danger of being hacked. What this Means to You This means you cannot repeat passwords or just change them a little bit. This means you cannot remember your passwords and cannot type them. You also won't be able to write them all down, there are too many. You have to have a password manager. I recommend Keepass for Windows users. It is simple and keeps the passwords on your computer so they never leave your control. For Keepass on Android, I recommend Keepass2Android at the Play Store. If you need to maintain the your passwords on multiple devices, keeping them in sync, then I recommend Bitwarden. You gain the convenience of having your password database in the cloud and on your computers, phones and tablets. However, you lose control of your passwords as you have put them in the cloud. Bitwarden is open source and is audited. The safe is encrypted on your computer before being synced to the cloud. If you have a good master password for your Bitwarden safe, then even if they were to lose it, your passwords should still be safe as the encryption is uncrackable. I hear only good things about 1Password, so assume it is a fine option as well. Like Bitwarden, it will do cloud syncing. There is no alternative to a password safe. How do I Make an Excellent Master Password? Here are some rules: They’re long They avoid common names, places and dictionary words family names, birthdays, anniversaries, or common phrases from literature They use a random mixture of uppercase and lowercase letters along with numbers and symbols Here is a good method to create your master password. Choose A character or characters Doing something very weird, odd and memorable. Fill in with numerals and symbols and repeat them to increase the length. The first letter of each word becomes your password to the password safe. The safe remembers all the other passwords. For example, do not use this as it just appeared on the Internet. "Tom and Jerry were cooking breakfast while flying to Mars for their vacation." Now, take the first letter of each word. Stick --- after Tom and Jerry. Stick 999 after "flying" Stick ... after Mars. We get: TaJ---wcbwf999tM...ftv This should be good enough to protect your password safe for the next five or ten years. But of course, now that it's been written, it is no longer safe. I also like the system of combining two phrases and more from two languages again with characters and numerals interspersed. The two phrases and a word should be somewhat unrelated and something no one has seen before. Something like this: Patanjali's Abhyasa and Vairagya333.Pingpong.///and Tractors. That's too Hard to Open the Password Safe I'd go further. I'd say it is way too hard. Fortunately, both BitWarden, Keepass (with the Quick Unlock plugin), and Keepass2Android allow you to re-open your database quickly. They provide some combination of biometrics (like a fingerprint I use with Keepass2Android), or pin. This allows you to open the database quickly until the program is closed. They close the safe, but leave the program running. With Keepass I use the last 4 characters of my regular password, and if I get it right in one try, it opens; otherwise I have to enter the full password. So, I only need to type the full password when I re-start the program, and I leave it running minimized, but with the database closed. So, I only enter the full password when I restart my computer. From then on, I get in with just 4 characters. On my phone, my thumb print gets me in. Further Reading A Bleeping computer article about passwords being much less secure than we thought as cracking tech has improved. Specopsoft's original research that this article was based on. Date: June 2023 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk

Keeping clients' computers safe and profitable for over 30 years