Learn how to create strong password.
Who is vulnerable?
Both home and small business users are at risk. Home PC users enter passwords when accessing web sites to perform personal business transactions, such as banking and online shopping. Without proper password management, they make themselves easy targets for hackers.
Remote users and those on home and small-business networks not only allow hackers to intercept their passwords, they allow access to entire networks of private business information. Everyone must take responsibility for creating strong passwords and safeguarding them. A good password is private (known only by you), easily remembered, not easily guessed, and is not written down.
How password-cracking programs work
Password-cracking programs work by extracting passwords from a server's system registry, from an emergency repair disk, or by intercepting passwords sent over a network. When a consumer signs onto Internet sites and enters their password, it can be caught by a packet sniffer or Trojan horse program. Unlike a sign-in session, a browser sends the password every time it fetches a protected document from a server. This makes it even easier for a hacker to intercept the data. The hacker can then use the password to compromise the user's personal information or to gain access to any resources tied to that password.
When a hacker wants to gain access to a network resource, the easiest way is to figure out the password of a valid user. Hackers use specialized software to attempt to discover passwords. The most common type of attack is called a "dictionary attack." A dictionary attack uses a large list of words and tries each of them until an accepted password is found. They start with obvious or weak choices such as names and nouns, and then move on to word lists, combinations, and hybrids of the words.
Other ways hackers obtain passwords are to install software on a computer to record its keystrokes, or simply by watching as a user enters their password. Therefore, it's important to be aware of who has physical access to a PC and how openly users sign onto the computer. It's also imperative to maintain a secure computing system by installing and upgrading anti-virus and firewall software in case a password breech occurs. AT&T Internet Security Suite - powered by McAfee offers comprehensive protection.
Cracking encrypted passwords
Even encrypted passwords are vulnerable to cracking. Encryption can be done using keys or a hashing algorithm. If a password is encrypted with a key, the hacker needs to obtain the proper key in order to decrypt it. Unix and Windows passwords are instead commonly encrypted as a hash. A hash is a mathematically derived string that is an alias for the text.
Techniques for strong passwords:
Unfortunately, no matter how strong, a password can be figured out eventually. Therefore, never share your password, change it regularly, never use the same password twice, and do not write down passwords in an obvious place. By securing your systems, creating strong passwords, and following safeguarding techniques, you, your computer, and your identity can be much more secure.
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com
McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. (c) 2006 McAfee, Inc. All rights reserved.