Nothing Special   »   [go: up one dir, main page]

DEV Community

Cover image for Once upon a time, PASSWORDS 🔑🤯☠️
Younes
Younes

Posted on • Edited on • Originally published at blog.yafkari.dev

Once upon a time, PASSWORDS 🔑🤯☠️

First of all, if any of you have a password such as "password" or "1234" I have something fantastic to show you. Firstly, I invite you to click on ALT, then while keeping the key pressed, you'll have to click on F4, this will solve all your problems (I think 😇👌🏻)

Introduction 👨🏻‍💻

Nowadays, passwords are completely part of our lives. There isn't a day that goes by without using (directly or indirectly) passwords. They protect our work, our privacy and our most hidden secrets.

Let's dive into it.

The problem with passwords ❌

On one hand, there is the problem of having a strong password, but on the other hand, the person has to be able to remember it. Because humans are very bad to remember things without sense. "PurpleLicorn2000" as no sense too but you can imagine it and so remember it.
But if I told you "20oN0rcLipleP0ur" you would hardly remember it.

Weak Passwords 🔓

Even today people still use very weak passwords, which brings them to more or less dangerous situations ...

The top 5 most used passwords in 2018 were:

  • 123456
  • password
  • 123456789
  • 12345678
  • 12345

🤦🏻‍♂️😩

Here is the complete list of the most common passwords on Wikipedia.

People think that only a hacker can steal their passwords and that a hacker doesn't care about them. They think that it happens only to others (until it obviously happened to them 🤷🏻‍♂️)

In fact, a password can be guessed or cracked very easily with tools available to all, and within a very short period of time.
The "all" as a name actually, they are called script kiddies. It means people that don't have enough knowledge to build their own tools, but they use the tools created by others, and it hurts just as much at the end.

It can be, your friend, your colleague, your girlfri..🤐

2 main ways of hack 🤫

Passwords are mainly attacked by hackers with two ways :

1. Brute-force attacks 💪🏻:

The brute-force technique consists of testing all possible combinations. For example, if your password is 3 characters long, you will have to try (aaa, aab, ..., Aaa, Aab, ..., aa1, ...)

This shows that a long password takes longer to decipher.

Of course, we can't know the exact speed, as it depends on the computing speed of the machine. Your computer will be much slower to decipher a password, than a NS🅰️ server.

In fact, in 2020, we don't need that much time to decipher a password. Here is a small infographic that I found (I'm not sure if that is up to date, but that gives a good idea of the range of time it takes)

Infographic

2. Dictionary attacks 📚:

The dictionary method consists of testing potential words, one after the other, hoping that the password is contained in the dictionary of words.

This method is possible because, as we saw above, people use words that generally exist (password, sunshine, iloveyou, ...)

Is there any solution 🔐⁉️

There's no final solution, just leads to complicate the tasks of the malicious people.

First of all, don't use the same password everywhere !
If you have different passwords, if one is lost or compromised, you will minimize the risks.

Personally, I would suggest to use sentences instead of words. Sentences with words that have no sense.

We could imagine putting one or two special characters in some of the words.

You should, of course, choose words that you'll remember. For example, I could use the word "Drag0n" instead of using my year of birth. (2000 is the year of the Dragon of Chinese zodiac sign)

Be CREATIVE 😁

You can also write a part of your password in different places, this way if you forget your password (you will not 😋), you can find it.

Finally, you should know that there are online tools that show you the strength of your password, but I advise you to use them with a slightly different password than the one you want to try, who knows if they are logging all the tested passwords in a database. (This is probably the case for most of them. You know the song 😂 "when it's free, you're the product").

And about password managers 🤨

Honestly, I'm paranoid, I don't trust this kind of tool, not necessarily because of the company itself but more by the fact that they can also be attacked, ...

I'd rather complain myself if I get hacked, than if they get my data stolen, I would go crazy.

But it's up to you to make your choice, some of them are really well done.

In fact, I would like to have your thoughts about password manager. What do you think? Let's discuss!

Conclusion

There is no perfect solution so, be very attentive to your password, and take your time to find a good one !

and HAPPY WORLD PASSWORD DAY 🔑🎉🎊

Actually it was two days ago but I was busy.. 😂

Top comments (1)

Collapse
 
angt profile image
Adrien Gallouët

Hello,
If you're not a fan of passwords manager I've proposed a possible solution to your problem here: dev.to/angt/how-to-store-your-litt...