A 15-year-old computer hacker caused a 21-dayshutdown of NASA computers that support the international spacestation, and invaded a Pentagon weapons computer system to intercept3,300 e-mails, steal passwords and cruise around like an employee.

Weak and easy-to-guess passwords make even the soundest cybersecurity strategy easy to bypass. If a hacker guesses or cracks a password, the intruder can access your account or system without raising the alarm and compromise whatever asset you kept safe behind a password.

Breaking Boy News Password

The guide below provides 11 strong password ideas that will help you stay a step ahead of hackers. We also explain the difference between sound and weak passphrases, provide tips on improving current passwords, and show the main methods hackers rely on to crack credentials.

While 89&^598 is entirely random, the first password is less secure than the second one. A password-cracking program could guess the 89&^598 in about 44 hours while cracking ILoveMyCatLordStewart would require 7 years of constant processing.

If you do not want to remember a random sequence of words, you can make a password out of a custom phase. Words within a phrase flow together better than random words and are easier to remember, but you should not rely on a famous saying or a quote.

You can use an acronym to create a memorable yet effective password. For example, you can choose the phrase "My son was born at a Liverpool hospital in 2002" and take the first letter of each word ([email protected]) to create a solid and easy-to-remember password.

Using the keyboard layout to create a custom pattern is another strong password idea. For example, you can remember something simple as a name (e.g., Jane Austen) and then use the keys above and to the right of the letters (Iwj4 W8e64j). Some good examples are:

This fun yet strong password idea requires you to list the ISO codes of your favorite countries or counties you visited (that way, you can update your password every time you visit a new nation). You will get something like this:

You can use mathematical symbols and equations to create a strong password. These passwords are typically long and full of different symbols, making them an ideal passphrase choice. Some examples are:

If you decide to use this method, be careful not to use common misspellings (such as "acommodate"). Hackers feed cracking programs with password lists with all usual wording errors, so the more obscure your password is, the better.

Slight changes to a password are also helpful when creating unique passphrases for several accounts. Rather than creating a new password from scratch, you can add a different code to your existing password for each online account (e.g. Andrew,77EBAY for your eBay profile and Andrew,77PPAL for the PayPal account).

Besides strong password ideas, you can also rely on other security practices to ensure a password remains safe. The suggestions below are helpful both for securing personal credentials and protecting passwords on a company-wide level.

Even if someone steals your password, you can still prevent the intruder from accessing your account. Multi-factor authentication (MFA) adds an extra layer of security to your account by requiring the user to provide the following during login:

If you wish to protect your business from stolen identities and passwords, you can implement MFA via a specialized app your employees install on their smartphones. Google's Authenticator and Authy are two great free options, both tools that generate a one-time PIN that serves as an additional factor during login.

You (and your employees) should always use a VPN when typing in or exchanging passwords on public Wi-Fi. A VPN ensures no one is intercepting your username and password when you log into your account.

A password manager keeps track of all your passwords and does the remembering for you. All you remember is the master password which grants access to the management program (which is, hopefully, a strong password protected with MFA).

Password managers keep passphrases safe with encryption. If someone successfully hacks the manager, password hashes would be useless without the decryption key, which is why sound key management is vital for these apps.

A brute force attack is a simple process in which a program automatically cycles through different possible combinations until it guesses the target password. These programs can easily crack simple and medium passwords.

An average brute force program can try over 15 million key attempts per second, so 9 minutes is enough to crack most seven-character passphrases. Brute force attacks are the main reason why we insist on a 12-character minimum for passwords.

Whereas a brute force attack tries every possible combination of symbols, numbers, and letters, a dictionary attack tries to crack the password via a prearranged list of words. This attack typically starts with common categories of words, such as:

A dictionary attack also tries substituting letters with symbols, such as 1 for an I or @ for an A. This cyberattack is the main reason why no security-aware person should use common words in their password.

A hacker can intercept credentials when victims exchange passwords via unsecured network communications (without VPN and in-transit encryption). Also known as sniffing or snooping, eavesdropping allows a hacker to steal a password without the victim noticing something is wrong.

Credential recycling is a less targeted attack but still dangerous to people without a strong password. This tactic uses usernames and passwords collected in other breaches and tries them on as many random platforms and websites as possible.

Hackers typically gather tens of thousands of different credentials leaked from another hack. Unfortunately, as many people use the same simple passwords, this method is very effective. Another name for credential recycling is password spraying.

If someone steals or guesses your password, that person can easily bypass all other security measures protecting your data. The strong password ideas in this article can help keep you safe and ensure your passphrases never ends up in the wrong hands.

A password, sometimes called a passcode (for example in Apple devices),[1] is secret data, typically a string of characters, usually used to confirm a user's identity.[1] Traditionally, passwords were expected to be memorized,[2] but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical.[3] Using the terminology of the NIST Digital Identity Guidelines,[4] the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol,[5] the verifier is able to infer the claimant's identity.

In general, a password is an arbitrary string of characters including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN).

Despite its name, a password does not need to be an actual word; indeed, a non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of a sequence of words or other text separated by spaces is sometimes called a passphrase. A passphrase is similar to a password in usage, but the former is generally longer for added security.[6]

Passwords have been used since ancient times. Sentries would challenge those wishing to enter an area to supply a password or watchword, and would only allow a person or group to pass if they knew the password. Polybius describes the system for the distribution of watchwords in the Roman military as follows:

Passwords have been used with computers since the earliest days of computing. The Compatible Time-Sharing System (CTSS), an operating system introduced at MIT in 1961, was the first computer system to implement password login.[9][10] CTSS had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy."[11] In the early 1970s, Robert Morris developed a system of storing login passwords in a hashed form as part of the Unix operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in 1974. A later version of his algorithm, known as crypt(3), used a 12-bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of pre-computed dictionary attacks.[12]

In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online.

The easier a password is for the owner to remember generally means it will be easier for an attacker to guess.[13] However, passwords that are difficult to remember may also reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password across different accounts. Similarly, the more stringent the password requirements, such as "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.[14] Others argue longer passwords provide more security (e.g., entropy) than shorter passwords with a wide variety of characters.[15] 2ff7e9595c