At the moment, people seem to be making obvious passwords, such as "password" or "1234". Please, do not use these passwords or combinations of these as they are very easy for a registered user to use a spambot and compromise a user account. A few instances of this can be found in a thread created by ami in one of the forums. It is currently closed. Here are some tips to use when creating a password, as well as the tips to avoid certain passwords. But first, let me explain some things people may not know.
What is a password?
A password is simply a combinations of letters, numbers and special characters (*, ^, _etc) that people use to log onto gaming sites and forums. In the olden days, passwords had no minimum length, which made it very easy for people to have their bank accounts hacked and money removed without your knowledge. Nowadays, password protection is getting stronger, where a minimum of 6 letters must appear in the password, but must contain a number or numbers, or for the more advanced, a couple of special characters.
What are some rules for creating passwords?
What are some tools I can use?
- On many registration websites, you may notice a bar to the left or right of the create password box. This a very useful indicator of your passwords strength.
- For example, some websites require a user to create a password that is at least 6 characters long including at least one number
- You are advised to write down the password you created and keep it in a safe place, and also a place where a robber cannot find it.
- Do not use passwords that are easy to guess. For example, passwords should not, in any circumstances, be your birthday, the word "mum", "password" or "1234": these are first guesses for any hacker.
- Use strong passwords, such as your Car Registration Number. You could even use your National Insurance number
Pun-intended.
- Making your passwords complicated is good. So instead of a straight forward word, take a word you know and mix it up with numbers and special characters.
Out there, people are registering on banking websites, forums, logging onto their favourite shopping site, etc. What you don't know is that these users are using extremely easy and guessable passwords. Many passwords are not even logged on encrypted websites. Here are some tools you can use:
Maybe you could suggest some others things to add to this post.
- Cain&Abel: Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users. Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons.
Originally Posted by BmB
