Recently the Government of Syria was hacked and their emails were leaked to the web. Of the 78 email inboxes that were hacked, some of them used the default password “12345? which some email servers use for new accounts with an instruction to change the password the first time you log on.
King Roland “The combination is 1-2-3-4-5?
Dark Helmet “1-2-3-4-5? That’s the stupidest combination I’ve ever heard of in my life! That’s the kinda thing an idiot would have on his luggage!”
President Skroob “1, 2, 3, 4, 5? That’s amazing! I’ve got the same combination on my luggage”
The fact that the government of Syria has problems with their IT infrastructure aside, it does raise the question of how can we protect our own accounts properly. Hackers typically use two different types of attacks to break passwords. One is the dictionary attack, which guesses your password against a list of commonly used words. The other type of attack is called a brute force attack which guesses passwords one letter at a time until it gets the correct one (i.e., a, aa, aaa, b, ab, aab and so on)
According to Google’s password recommendations, a secure/strong password would be something like Serf$uPd0oD!, combining upper and lowercase, phonetic spelling (serf and dood), numbers instead of letters and punctuation. Unfortunately, while a password like this makes it difficult for a hacker to guess the password, it also makes it difficult for us to remember.
So how can we make a password that not only is resistant to being cracked by a automated computer program, but also is easy for us to remember? Comic artist and former NASA roboticist Randall Munroe of xkcd has an answer:
xkcd - Password Strength
What it all means is that the first presented password 'Tr0ub4dor&3?' is easier for password-cracking software to guess than 'correcthorsebatterystaple'. The comic makes a great point in that more complex does not always mean safer. The most important thing really is that we should start looking at what we type as 'pass-phrases' instead of 'pass-words'.
