Next: How to Choose a
Up: telnet/rlogin/rsh restrictions
Previous: telnet/rlogin/rsh restrictions
Contents
attributed to Joe Sanjour, Andrew Arensburger, Anne Brink
Choosing overly simply or commonplace passwords is extremely dangerous. Automated attacks from across the internet attempt to force their way in using common username/password combinations at the rate of thousands of attacks per day.
Here are some of the types of passwords that will be picked up by crackers:
- Words in the dictionary.
- Words in any dictionary.
- Your user name.
- Your real name.
- Your spouse's name.
- Anyone's name (crackers don't necessarily know that your
aunt's middle name is Agnes, but it's easy enough to get a
list of 100,000 names and try each one).
- Any word in any ``cracking dictionary.'' There are lists of words that crackers use to try to crack passwords: passwords that a lot of people use. Some of these lists include:
- Abbreviations, Asteroids, Biology, Cartoons, Character Patterns, Machine names, famous names, female names, Bible, male names, Movies, Myths-legends, Number Patterns, Short Phrases, Places, Science Fiction, Shakespeare, Songs, Sports, Surnames
- Any of the above, with a single character before or after it
(8dinner, happy1).
- Any of the above, capitalized (cat
Cat)
- Any of the above, reversed (cat
tac), doubled (cat
catcat) or mirrored
(cat
cattac).
- We used to tell people that taking a word and substituting
some characters (a 0 (zero) for an o, or a 1 (one) for an l (el)) made a good
password. This is no longer the case. New crackers have the
capability to crack things like this, in certain situations.
- Words like foobar, xyzzy and qwerty are still
just plain words. They are also popular passwords, and the crack
programs look for them. Avoid them.
- Any of the sample passwords, good or bad, mentioned in this document.
Next: How to Choose a
Up: telnet/rlogin/rsh restrictions
Previous: telnet/rlogin/rsh restrictions
Contents
John Stange
2011-08-02