Monday, May 24, 2010

How You Can Be Hacked

You never gave much thought to having a strong password. I admit I never did too. For every site we register we need to remember yet another username-password combination. But did you know how easy it is to hack your every account?





















Image courtesy http://www.mxmcreation.com/images/internet-security/hacking-ym.gif


You have the Same Username-Password for Everything
Your email address, facebook account, twitter probably has the same username password. Now what about your banking, school site or numerous other websites you registered?

You've also probably never thought about the idea of being hacked. I know I never did. Well, until in some bizarre way my 1st email address (one I still use today) sent numerous emails to my contacts and gave links to virus sites. So I wondered how the hell did that happen since I never gave my username/password to anyone except for registering for numerous websites.

Viewing a forum, placing a comment, even just viewing an article in sites requires a registration. You never gave much thought about it but what if I had you register to this site. You'd probably use your facebook username/password and then read this.

Now, let's say I had nothing to do. Being the administrator I tried your username/password in facebook. Oh think of all the things I could do.

Access to All Your Accounts
Scared yet? What if I tried this in yahoo, gmail, hotmail and got in? Now I can see some of the sites you registered for even that bank account.


Here are some easy basic tips on how not to get hacked:

Create a Dummy account
Don't have one account for everything. Create 2 new email addresses. Create the first one for business/school/personal things. Use this ONLY for those purposes. Yes that's in all caps as in I'm screaming that word right now. What would be the benefits? The biggest benefit is convenience. When your expecting an email from a friend sending that important project you need to print and you can't find it since you have a thousand unread emails in your inbox what do you do?

Those thousand emails are probably from the sites you registered to but never really used often like when you wanted to read an article from girlyfashionmagazine.com/forum/topic/top-20000-reasons-your-fat.

The other email account (don't obviously use the same password) is for registering all your crap. Feel free to load everything in this account since your not really going to use it. And don't save any contacts even the your other email addresses.

Think of At Least 3 sets of Usernames/Passwords
Remember the theory. We don't want everything to be accessed with a single username/password. So besides having a dummy email account here's a good practice think of a couple of combination of usernames/passwords. And you can make it easy to remember without being complicated. Think of a theme. For example:

Theme: Hunger

user: gustokongkumain password: pengefoodmen
user: gutomnaakoshet password: palimospagkain
user: pakaininmoako password: lunchnaba

Think of a theme, create 2-3 sets and use it interchangeably on different sites.

Create a Strong Password
This is an amazing informative article http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/ but a rather long one. Most of the things I mentioned in this article is discussed there thoroughly.

For the love of god, don't use a "dictionary password". What is a dictionary password? As the name implies its a word that you used as your password that's easily in the dictionary.

Hackers could hack that in a few hours or even minutes. Hackers can use a technique called a "brute force" or basically trying every word in the dictionary. (They can also try your birthdays, family names, etc).

Here's a nice graph on how fast Hacker's can get your password.

Courtesy:
http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/
Password Length All Characters Only Lowercase
3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters
0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia
0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia
12 seconds for an easy password. Nuff' said.

A Bunch of Interesting Tips for a stronger password:

1. Use a jEjE password
Because of their use of utter undecipherable words, they make great passwords. Change that e into a 3, change that o into a zero, use both lower and uppercase while abusing the shift key.

2. Be creative
Instead of just using your name in your password, why don't you try to be creative. For example instead of kris try passwordnikris.

3. Use tagalog
I don't think there is a dictionary brute force based on tagalog since programmers hate tagalog. We can't even imagine a tagalog programming language. We get nightmares from even thinking that. So if you had a tagalog password it would be hard to recognize for foreigners. Example password: isawatbalut or sinigangnaadobo

4. Make It almost a Sentence
I know it's hard to think of just a specific thing or place or name so here's another option. Think of a sentence. Let's say "Pogi ako bukas". Turn it into a password. Password: pogiakobukas Easy to remember and based on the chart above it'll take at least 3 millennia.

5. Long Passwords is a Must
As we can see from above it takes longer amount of time to hack a password the longer it is. Why? A simple explanation is that the more characters the more possibilities there are. With this in mind, remember to make your password a long one.

After you created your password, try it here http://www.microsoft.com/uk/protect/yourself/password/checker.mspx to see how secure it is.

Trying it Out:
Getting those tips in mind. Lets try an example:
The elections is over so let's use it as a theme.

1. Green ang color ni Gibo (theme and tagalog)
2. greendawsigibo (modified, long password 14 char)
3. gr33ndAwSig1B0 (jEjEmonizing it)

Now according to microsoft it's the best password.

Last example:

1. Nokia N73 ang cellphone ko (theme, tagalog)
2. nokian73cpko (long password 12 char)
3. n0kIaN73cPk0 (jEjEmonizing it)

It's not as good as the first example but its still a strong password.

Conclusion:
Hope you learned something here and try it out yourself. An ounce of prevention is worth a pound of cure. Or some fancy quote like that.




1 comment: