Back to Basics – The Password Part 2

by
is Ramses II a good password?

31 October 1985 when “RAMESES II” was an acceptable password for the world’s smartest man. But it was not secure. It is definitely not secure in 2023. (Moore & Gibbons, 1986)

This is the second part of our “Back to Basics” mini-series, where we are looking at the essential steps, that are often overlooked by the user but exploited by the hacker with respect to your password.

Before we start

I just said “password” but I mean “passwords” – we will cover that in part 4!

Back to Basics – The Password Part 2 Cyber Awake

Your Password Size Counts

This seems almost too obvious to cover, but longer passwords are more secure than shorter ones. There – article finished – your takeaway is use long passwords.

Why should I use a long password?

It is all a matter of resisting a brute force attack on your password security. A brute force attack is when a set of password permutations are tried against your account to see if the password can be cracked. When security experts talk about cracking, what we really mean is “guessing”. If you have a long password it is harder to guess than a short one.

In the example I quoted at the top of the article, that password was guessed, using visual clues left around the computer in question. In the real world, cracking is carried out by powerful computers, that can try millions of password combinations in fractions of a second.

Surely though this article is irrelevant – no one uses a short password

Not so – a recent report about weak password use found that 88% of the passwords in custom brute force/hybrid dictionaries, used against Windows RDP, were of 12 characters or less (Specops. 2023). If these short passwords were not proving successful, the hackers would not waste attack cycles and compute time using them.

People – including IT professionals – are using short passwords. Do not do it or do not let your team do it.

Brute force password help is on it way…

Windows 11 is about to introduce a limit on the number of password attempts allowed and a lock-out on Windows RDP. So unless the hacker gets very lucky with their first few guesses you should be safe… from that attack.

Next

Even more about password discipline.

References

Moore, A., & Gibbons, D. (1986). Watchmen. DC Comics.

Specops. (2023). Specops Software 2023 weak password report. Specops Software. https://specopssoft.com/our-resources/most-common-passwords/

Further Reading

Passwords – Back to Basics – CyberAwake

Contact us for consultation

Wake up to cyber threats..

Back to Basics – The Password Part 2 Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close