Tuesday, 26 January 2016

Windows Password Issues

How Long is Strong?
You might imagine that a seven character password is very difficult to crack. However, if we were to try guessing every possible seven character password using an automated tool, it would take just two days to work through all the permutations on a typical desktop PC.
Even worse, most people choose simple passwords - perhaps using the name of their partner with a number appended, or some other word commonly found in a dictionary. An attacker with the right software can try most words and proper nouns, each with one or two numbers appended, in just a few minutes.
It Gets Worse ... 
There is another threat to Windows passwords: rainbow tables. Putting it simply, these are lists of passwords with their encrypted equivalents, making the process of finding a password very fast indeed. Since the tables contain both the encrypted password and its corresponding plain text, you are effectively looking up the password rather than needing to guess it.
The only restriction for rainbow tables is size - the longer the password you are trying to guess, the larger the tables need to be.
What About 'Complex' Passwords?
The traditional response to the problem of weak passwords is to encourage users to use a combination of random letters, numbers and symbols.
Unfortunately, such passwords are impossible for the average person to remember, resulting in other serious problems such as passwords being written on post-it notes or hidden under the keyboard where even inexperienced attackers can find them.
If you decide to make a complex password memorable,  
What's the Answer?
The maximum length of a Windows password was increased to a massive 127 characters many years ago. Although the 'change password' dialogue box limits you to 32 characters, this still makes long, secure passwords possible.
So, instead of trying to memorise a complicated string of numbers, letters and symbols, envisage the password as a passphrase.
A phrase such as “I.love.green.tomatoes” is very easy to remember, yet all but impossible to crack using any automated tools.
Isn't it time you considered switching to passphrases?
More Info
Get your copy of the full Windows passwords white paper

3 comments:

Peter Wood said...

http://xkcd.com/936/

Dominic Roberts said...

Lucky this guy doesn't need to use a windows dialogue box to change his (or someone elses) password ;)

https://www.youtube.com/watch?v=oNrWgjh9tnU

Peter Wood said...

Thank you Dominic :-))))