Strong Passwords – Your First Line Of Defense

Filed under Server Security | Posted by Gary

The strength of your password has an enormous effect on the ability for others to ‘crack’ it. To understand why, we need to look at how most password cracking programs work.

The most common method is what is known as ‘brute force’ cracking. This involves continuously trying to log in (using automated software) with combinations of usernames and passwords in the hope of finding the correct combination. You would be surprised how many people don’t update or change default usernames and passwords when installing scripts or setting up servers. With brute force, the potential intruder will usually use a list of ‘well known’ passwords. These are generally common english words that people often use for their admin passwords. Words such as ‘password’, ‘secure’,’admin’ and a whole host of other common words. These lists that a cracker uses often contain thousands of possible passwords.

The best way to combat brute force attacks is to include capital letters as well as small letters, numbers, special characters and punctuation in the password. Your password should be at least 8 characters, but I’m inclined to make most of mine 12 characters long. This doesn’t provide 100% protection but it does change the time it would take to crack the password from hours or days .. to years. A password like wEo3;(Mk5u+ is going to take an awful long time to crack!

It also makes a lot of sense to change the username. Default usernames such as ‘admin’, ‘administrator’ and ‘superuser’ are very common. By changing this to something like ‘mikey201’ you are adding major improvement in the security of your server or application.

You must be logged in to post a comment.