Trust wave passwordWe live in a time where a certain level of dependency on machines is inevitable. Several complicated software have evolved for the sake of data storage management, which might be worth millions.

But as the technology advances, the negativities associated to online web security issues have also advanced. One such “negative aspect” is the security breach; in simple words; hacking into someone’s account. From a mere common man, to multi-million industry, no one is safe from this menace.

Each week, as a result of hack attempts, several access points, passwords and security information is either leaked or sold to third party companies in the market. In most cases, rather than the complete password, a version of the hashing algorithm is exposed. In a latest research by ‘Trust Wave’, it is clarified that hashing is of no use when simple or –easy-to-guess passwords are created. Length of the passwords is more vital as compared to the complexity.

However from my personal experience, I’d suggest a mixture of upper case, lower case and numeric variations to the password are also necessary. You can’t just input your dog’s name or birthdate anymore; these “password protection” norms have already become too old.

Let’s discuss hashing.  Under this procedure, the secure website never stores a user’s password. The hashing algorithm is used to store the result of running of that password, making it a one way encryption. The server-side software hashes the password that you just entered when you log in, while at the same time, allowing you to create the new account.

Problem lies with the bad guys also having the access to the hashing algorithm. Consequently they will use every combination to figure out the password. Another point to be noted is of what we are doing wrong when it comes to passwords.  Logically speaking, complicated passwords seem more difficult to decode. However, that’s not the case.

According to ‘Trust Wave’, cracking complex password would take a maximum of 4 days. But cracking a lengthy password could take up to 18 years. Interestingly ‘Trust Wave’ also found out that the users would stick to the word limit given, if not more, eventually making their password more prone to being hacked.

How to make the passwords long? How about, typing your favourite quote while omitting spaces. There are other types of cracking attacks as well. Instead of hashing every single combination of characters, a dictionary attacks hashes combinations of known words, which narrows down the search. But with long passwords, brute-force attacks will probably take a whole lotta time towards successful execution.