Password Security
“DId you install BruteSniffer?”
“Yes, I installed BruteSniffer!”
“Which version?”
“Danny, I checked for the latest version, okay?”
“I don’t know why you’re mad at me, Sean, you’re the one who can’t get into their web hosting account.”
“I’m just testy. My blood sugar is really low, and I’ve been trying to hack this guy’s account for like three weeks.”
“It’s been running that long?
“Yeah, man. The other hosting accounts had passwords like “qwerty12345,” or “password,” and stuff. No characters, no spaces, no changes in capitals.”
“Like Boise?”
“You make that joke every time”
“So what is the problem?”
“I don’t know. Web hosting accounts aren’t typically this hard to crack. Most people don’t anticipate a really high threat of intrusion, so they use passwords that are related to their website, or the same password that they use for their bank accounts, social media and whatever.“
“I do that, so what?”
“Are you kidding me? If you tell me that you have all of your passwords on a sticky note on your monitor, I am going to scream.”
“I’ll, uh… be right back.”
Meanwhile, at Gracie’s Puppy Emporium...
“Gracie, what’s the password for the hosting account?”
“Here, Dad. I’ll show you again.”
“Why does it have to be so complicated? I remember when I could just use your birthday. What was wrong with that?”
“We got hacked, some guys took our website down for a week without us knowing, our customers got viruses, we lost a ton of business, and we even lost our Google pagerank- which took a bunch of time and work to get. Oh, and my birthday isn’t May 4th, it’s April 5th.”
“It’s correct in Europe.”
“Which would mean that in some Scandinavian country, your present wouldn’t have been a month late, but we live in Boise.”
“Okay, I get it. But why does it have to be so complex? It could just be a weird name, right?”
“Dad, these guys aren’t manually going through lists of passwords to get into hosting accounts.. They have banks of hundreds, thousands of commonly used passwords. Sequential numbers like 12345 and real names aren’t going to cut it. You would have to use a combination of both that wouldn’t exist anywhere. There are key generators that spit out passwords like that.”
“Why does it matter to them? What do they get out of breaking into someone’s web hosting account?”
“Well, best case scenario is they just delete the website, and upload an image to annoy the user. What’s more common is they upload a bunch of malicious code to the hosting account and use that to send a bunch of spam or even programs that are used to steal the data from anyone who visits the site. Remember when we had to get a new card for the shop?”
“Oh. Right. So if my er, friend had to change his password, what would he need to keep in mind?”
“Well Dad, your ‘friend’ would want to use a combination of upper and lower-case letters, numbers, symbols, spaces when possible, and to not use sequential numbers or common words.”
“Anything else?”
“Yeah, the software these guys use gets more sophisticated all the time. It’s important to change it all the time, every six months at the latest. “
“Seems like a lot of work.”
“If you look at it that way, maybe, Dad. It’s really just another investment, but one that only costs you if you don’t do it.”
“Ah. I feel like you’re getting me back for not getting you a pony.
“No, making you work in my pet shop is for not getting me a pony. The password thing is serious.”
“Every six months?”
“I do it every three. Now let’s get some ice cream.”
“Yes, I installed BruteSniffer!”
“Which version?”
“Danny, I checked for the latest version, okay?”
“I don’t know why you’re mad at me, Sean, you’re the one who can’t get into their web hosting account.”
“I’m just testy. My blood sugar is really low, and I’ve been trying to hack this guy’s account for like three weeks.”
“It’s been running that long?
“Yeah, man. The other hosting accounts had passwords like “qwerty12345,” or “password,” and stuff. No characters, no spaces, no changes in capitals.”
“Like Boise?”
“You make that joke every time”
“So what is the problem?”
“I don’t know. Web hosting accounts aren’t typically this hard to crack. Most people don’t anticipate a really high threat of intrusion, so they use passwords that are related to their website, or the same password that they use for their bank accounts, social media and whatever.“
“I do that, so what?”
“Are you kidding me? If you tell me that you have all of your passwords on a sticky note on your monitor, I am going to scream.”
“I’ll, uh… be right back.”
Meanwhile, at Gracie’s Puppy Emporium...
“Gracie, what’s the password for the hosting account?”
“Here, Dad. I’ll show you again.”
“Why does it have to be so complicated? I remember when I could just use your birthday. What was wrong with that?”
“We got hacked, some guys took our website down for a week without us knowing, our customers got viruses, we lost a ton of business, and we even lost our Google pagerank- which took a bunch of time and work to get. Oh, and my birthday isn’t May 4th, it’s April 5th.”
“It’s correct in Europe.”
“Which would mean that in some Scandinavian country, your present wouldn’t have been a month late, but we live in Boise.”
“Okay, I get it. But why does it have to be so complex? It could just be a weird name, right?”
“Dad, these guys aren’t manually going through lists of passwords to get into hosting accounts.. They have banks of hundreds, thousands of commonly used passwords. Sequential numbers like 12345 and real names aren’t going to cut it. You would have to use a combination of both that wouldn’t exist anywhere. There are key generators that spit out passwords like that.”
“Why does it matter to them? What do they get out of breaking into someone’s web hosting account?”
“Well, best case scenario is they just delete the website, and upload an image to annoy the user. What’s more common is they upload a bunch of malicious code to the hosting account and use that to send a bunch of spam or even programs that are used to steal the data from anyone who visits the site. Remember when we had to get a new card for the shop?”
“Oh. Right. So if my er, friend had to change his password, what would he need to keep in mind?”
“Well Dad, your ‘friend’ would want to use a combination of upper and lower-case letters, numbers, symbols, spaces when possible, and to not use sequential numbers or common words.”
“Anything else?”
“Yeah, the software these guys use gets more sophisticated all the time. It’s important to change it all the time, every six months at the latest. “
“Seems like a lot of work.”
“If you look at it that way, maybe, Dad. It’s really just another investment, but one that only costs you if you don’t do it.”
“Ah. I feel like you’re getting me back for not getting you a pony.
“No, making you work in my pet shop is for not getting me a pony. The password thing is serious.”
“Every six months?”
“I do it every three. Now let’s get some ice cream.”