The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.
Has the art of password cracking advanced, or has the art of password creation decayed? When I think of my friends and peers I realize that many people have a single email account. Attached to that single email account are all of their social networks, online shopping services (Amazon.com, newegg.com, etc.), and they typically use one or two passwords for all these websites (with slight variations – iamawesome could be IAmAwesome, or IAMAWESOME, etc… none of which is hard to crack). What’s worse is that many people give out their passwords to close friends or they use public computers to access these services and never log out. I’ve come across several oncampus computers that are no longer in use yet have the contents to someone’s facebook page opened. I’ve seen people who post funny status updates on a friends facebook account because they left it up at a computer at work. Whats worse is that you may not even be protected in your dorm room. If you make a habit of keeping your door open or unlocked and walk away even for just a moment (a trip to the bathroom, vending machine, etc.) that may be enough time for someone to come in and swipe some sort of information. These are but a few of the reasons why I am much more inclined to believe that the average user is dumber verses the average hacker being smarter.
The breakthrough wasn’t just the speed with which the tables could crack passwords; it was also their ability to crack almost every possible password as long as it didn’t fall outside the targeted keyspace.
We that’s disheartening. The article goes on to say that “The huge advances in GPU-assisted password cracking have diminished much of the advantages of rainbow tables, however. Passwords with six or fewer characters can be brute-force cracked with less fuss using GPU-powered computers, while passwords longer than nine or 10 characters require rainbow tables with unwieldy file sizes. That leaves only a small sweet spot of seven or eight characters where rainbow tables are especially useful these days.” The bottom line seems to be that any password can and will eventually be cracked. the good news is that the longer the password the more difficult it is to breach. So if you have a password that’s 10 letters or more, regardless of what it contains, it should be safe. The difficult aspect of this, however , is that, to truly be protected you need to have a unique code for every site.
Matt honan’s story is just a further example of why you shouldn’t trust cloud services or even protection services like 1password. Back up everything onto a physical, external harddrive. It is shocking though how shamefully aweful apples protection is.
Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.
This is especially shocking. I always thought that there was some sort of unwritten (or written, but just never read) rule that the last four digits of a credit card number were unimportant and shouldn’t be used to identify someone unless they had the WHOLE card.
Honestly I don’t want to read any more. This whole study makes me just not want to use the internet.
As for the basic security measures, I think most of them are self evident and something I will definitely take into consideration. However, I question the effectiveness of using Windows XP Professional is a 9 year old operating system still the best system on the market to use?
Lastly, what does this mean for digital historians? First and foremost, it means that digital archiving, publishing, etc. can never be the only manner in which we research, study, and store knowledge. It also means that important documents, whether they be peer reviewed journals or photographs of historic things, should always be backed up using offline hard ware, such as portable hard drives, flash drives, etc. It would also be smart to always contain a physical copy of the most important things. You should also pay attention to what websites you use to post your information. If you use a blog, for example, and that blog is published on a site such as wordpress.com, you should double check to make sure that the site has adequate defense mechanisms to protect you.
Leave a Reply