jfb-security-passwords [Jcink.com Wiki]
jfb-security-passwords
 
Trace: » irc-nicknames » jfb-moderation » jfb-general_use » reputation_system » jfb-administration » jfb-acp-ibproarcade » phpqa-administration » jfb-acp-media-gallery » jfb-acp-unreal-portal » jfb-security-passwords
Table of Contents

JFH >> Security >> Passwords

This topic about security is just what the title says: Password.

Cracking Passwords

Password cracking is a major issue. How does it happen? Through the use of brute forcing tools publicly available online. These applications can guess thousands of passwords in one shot. If a password is weak enough, it can even possibly be guessed by hand.

Pick a good password and you will be immune to activities like this.

Picking a good password

Your password should be something you can remember, but not weak. If you make your password 'dog' or 'fish' that is just bad. A simple dictionary attack program can snag that. You should also never use your name, or anything that's associated with you. E.g. you may like pokemon a lot and you say it all the time, maybe that's even the boards theme, so don't make your password anything to do with pokemon. Desperate crackers will try passwords based on your known interests.

The other thing you should know is that pure-number passwords or random letter ones are just as bad. 2349581 ← for example is a terrible password. It can get guessed using brute forcer that goes through number combinations. (As a matter of fact, that number is 2,349,581 - if someone were to try every single number in order until they hit that one they would get in.)

Now here is an example of a GOOD password:

thedogloll33tm@nbob

It has numbers and letters. A special character too. Its not in ANY way a dictionary word. This password is good, but it can be improved even more.

ThEdOgLoLl33tM@NbOb

With the password having uppercase and lowercase mix now it makes it even harder.

You can also use password phrases. This is where you take a phrase and make it into a password. E.x.

yourethemannowdog

would be a password phrase. these are somewhat easier to remember. Again, you could enhance it by throwing in some numbers now:

y0ur3th3mann0wd0g

Using l33tspeak can help out a bit here.

Email Passwords

There one last thing to mention - a good password on your forum is worthless if there is a bad password on your email account. Be sure to keep your email account's password strong too, because if a cracker knows your email they may try to target that instead.

Passwords on other servers/boards

To use the same or similar password on other boards and login systems online is extremely bad. If a malicious administrator logs your passwords, or steals your password hashes they can gain access. Always have you, AND your staff keep passwords on your board(s) TO your boards for maximum security.

Giving your password away

This is easy. Don't do it. Even if someone claims to be staff, never give away your password.

Final Words

These same password rules can be applied almost anywhere, and while it isn't a 100% assurance you won't be cracked, it sure does make it a lot harder.

 
jfb-security-passwords.txt · Last modified: 2011/12/16 18:02 by jcink
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki