Saturday, September 1, 2007

Strong Passwords - Your First Line Of Defense

The strength of your password has an enormous effect on the ability for others to crack it. To understand why, we need to look at how most password cracking programs work.

The most common method is what is known as ‘brute force’ cracking. This involves continuously trying to log in (using automated software) with combinations of usernames and passwords in the hope of finding the correct combination. You would be surprised how many people don’t update or change default usernames and passwords when installing scripts or setting up servers. With brute force, the potential intruder will usually use a list of ‘well known’ passwords. These are generally common english words that people often use for their admin passwords. Words such as ‘password’, ’secure’,'admin’ and a whole host of other common words. These lists that a cracker uses often contain thousands of possible passwords.

The best way to combat brute force attacks is to include capital letters as well as small letters, numbers, special characters and punctuation in the password. Your password should be at least 8 characters, but I’m inclined to make most of mine 12 characters long. This doesn’t provide 100% protection but it does change the time it would take to crack the password from hours or days .. to years. A password like wEo3;(Mk5u+ is going to take an awful long time to crack!

It also makes a lot of sense to change the username. Default usernames such as ‘admin’, ‘administrator’ and ’superuser’ are very common. By changing this to something like ‘mikey201′ you are adding major improvement in the security of your server or application.

And remember that by using weak passwords that are easy to crack, you may not only be putting yourself at risk, but also many others. This is particularly true if you have a shared web hosting account. By allowing someone to gain unauthorised access to your account you are putting hundreds of other websites at risk on that same server.

By Gary R Smith

Gary Smith has been managing internet servers since the mid 90's. He also provides security and general maintenance services to dedicated server owners at The Dedicated Server Doctor

Article Source: http://EzineArticles.com/?expert=Gary_R_Smith

No comments: