Security Corner

Sep 28 2011   2:02AM GMT

Real dialogue about real password ideas



Posted by: Ken Harthun
Tags:
hackers
Password
Security

We have a Skype room called the International Internet Marketing Group where we discuss various topics related to Internet Marketing. Last night, we had a discussion, which I led, about passwords and online security. Here’s an excerpt:

EVERYBODY here needs to LEARN this stuff today.
[9/26/2011 7:59:22 PM] ™ Gary Simpson: If you choose not to read it or – even worse – IGNORE it then more fool you!
[9/26/2011 8:00:16 PM] ™ Gary Simpson: Marj, you wanna kick off with the subject?
[9/26/2011 8:00:43 PM] Steve Lorenzo: Ken is the (*) tonight
[9/26/2011 8:00:51 PM] ™ Gary Simpson: Yep.
[9/26/2011 8:00:59 PM] ™ Gary Simpson: The Sheikh of Geek!
[9/26/2011 8:01:22 PM] Dennis Pippin: I’m all ears Ken
[9/26/2011 8:03:13 PM] ™ Gary Simpson: Banging fist on table: GEEK! GEEK! GEEK!
9/26/2011 8:04:17 PM] ™ Gary Simpson: Those who need it most ain’t here – as USUAL!
[9/26/2011 8:04:21 PM] Marj Wyatt: Bill will catch up
[9/26/2011 8:04:55 PM] ™ Gary Simpson: “I will read it later” <— translates to “I can’t be stuffed.”
[9/26/2011 8:05:16 PM] Maureen Amberg: I’m here
[9/26/2011 8:05:24 PM] ™ Gary Simpson: NEXT: “My site has been hacked!”
[9/26/2011 8:05:35 PM] ™ Gary Simpson: HEEEEEEEEEEEEEEELP MEEEEEEEEEEEEEEEEEEE!
[9/26/2011 8:05:39 PM] Marj Wyatt: Topic tonight is Online Security for your Business (think we ought to keep it focused on Business)
[9/26/2011 8:05:59 PM] + Ken Harthun (Co-host: TIIMG): [Monday, September 26, 2011 8:04 PM] ™ Gary Simpson:

<<< Those who need it most ain’t here – as USUAL!Let them eat Phish!
[9/26/2011 8:06:14 PM] ™ Gary Simpson: ************************************
[Monday, September 26, 2011 8:05 PM] Marj Wyatt:

<<< Topic tonight is Online Security for your Business (think we ought to keep it focused on Business)************************************
[9/26/2011 8:07:15 PM] + Ken Harthun (Co-host: TIIMG): Gary, Steve, Anyone. What is the least secure password you can use.
[9/26/2011 8:07:26 PM] Kay Brasher: password
[9/26/2011 8:07:37 PM] ™ Gary Simpson: admin?
[9/26/2011 8:07:47 PM] Kay Brasher: I thought admin was the login?
[9/26/2011 8:07:49 PM] ™ Gary Simpson: Both are as DUMB as each other.
[9/26/2011 8:07:56 PM] Marj Wyatt: @Ken, children’s names, birthdays
[9/26/2011 8:07:58 PM] + Ken Harthun (Co-host: TIIMG): Yes, Kay, and what if I told you that password is perfectly OK to use IF you do something to it?
[9/26/2011 8:07:59 PM] ™ Gary Simpson: Your name?
[9/26/2011 8:08:01 PM] Marj Wyatt: Marj Wyatt just guessing
[9/26/2011 8:08:11 PM] Kay Brasher: Oh I am all ears
[9/26/2011 8:08:11 PM] Dennis Pippin: 123456
[9/26/2011 8:08:19 PM] ™ Gary Simpson: eg password versus !pass!word%
[9/26/2011 8:08:40 PM] + Ken Harthun (Co-host: TIIMG): Yes, 123456 is a good one. Also, can be one of the most secure passwords you can use. Anyone confused yet? Ready to lynch me?
[9/26/2011 8:09:09 PM] Marj Wyatt: have no idea, Ken
[9/26/2011 8:09:09 PM] ™ Gary Simpson: @ Ken – depends how you “conceal” it.
[9/26/2011 8:09:27 PM] + Ken Harthun (Co-host: TIIMG): Gary, you’re too damn smart for your own good… LOL
[9/26/2011 8:09:39 PM] Marj Wyatt: combo of upper/lower case alpha with numeric and special characters
[9/26/2011 8:09:47 PM | Edited 8:09:58 PM] ™ Gary Simpson: LOL!
[9/26/2011 8:10:01 PM] Marj Wyatt: lower case “us” Robert
[9/26/2011 8:10:22 PM] + Ken Harthun (Co-host: TIIMG): Here’s a question, based on Marj’s comment. What is the most secure password of these two? Xh73!*j3 or Dog……..?
[9/26/2011 8:10:37 PM] Kay Brasher: Xh73!*j3
[9/26/2011 8:10:48 PM] Marj Wyatt: [Monday, September 26, 2011 8:10 PM] + Ken Harthun (Co-host: TIIMG):
<<< Xh73!*j3that one
[9/26/2011 8:10:55 PM] + Ken Harthun (Co-host: TIIMG): @Kay BUZZZZZ! Not!
[9/26/2011 8:11:04 PM] + Ken Harthun (Co-host: TIIMG): Wrong, Marj.
[9/26/2011 8:11:20 PM] Marj Wyatt: oh well
[9/26/2011 8:11:28 PM] ™ Gary Simpson: 1k2e3n4h5a6r7t8h9u10n
[9/26/2011 8:11:34 PM] Marj Wyatt: I use an online strong password generator tool
[9/26/2011 8:11:44 PM] + Ken Harthun (Co-host: TIIMG): @Gary BUZZZZ you’re out XXXXXX
[9/26/2011 8:12:04 PM] ™ Gary Simpson: Spill Geek.
[9/26/2011 8:12:15 PM] Marj Wyatt: Ok Ken, why would Dog…….. be better?
[9/26/2011 8:12:23 PM] + Ken Harthun (Co-host: TIIMG): I vill give you my secret for a fee!
[9/26/2011 8:12:36 PM] ™ Gary Simpson: Stop speaking like the Count!
[9/26/2011 8:12:39 PM] Marj Wyatt: umhmmm
[9/26/2011 8:12:43 PM] ™ Gary Simpson: Has he bitten you?
[9/26/2011 8:12:43 PM] + Ken Harthun (Co-host: TIIMG): Everyone must pay the fee!
[9/26/2011 8:12:58 PM] Marj Wyatt: (bow)
[9/26/2011 8:13:09 PM] + Ken Harthun (Co-host: TIIMG): Ist you villing to pay ze fee?
[9/26/2011 8:13:27 PM] ™ Gary Simpson: I vill keel you if you keep the teeze.
[9/26/2011 8:13:30 PM] Kay Brasher: Sorry I am broke
[9/26/2011 8:13:37 PM] Marj Wyatt: I just bowed to you, that’s all yer gettin
[9/26/2011 8:14:04 PM] + Ken Harthun (Co-host: TIIMG): OK. The fee is simple: Promise to heed these words and USE what I am about to reveal to you!
[9/26/2011 8:14:10 PM] + Ken Harthun (Co-host: TIIMG): Agreed?
[9/26/2011 8:14:19 PM] Dennis Pippin: Agreed!!!
[9/26/2011 8:14:19 PM] ™ Gary Simpson: Agreed.
[9/26/2011 8:14:20 PM] + Ken Harthun (Co-host: TIIMG): It’s really a revelation1
[9/26/2011 8:14:21 PM] Marj Wyatt: (nod)
[9/26/2011 8:14:27 PM] Tina Golden: Agreed <and I’m here now… lol>
[9/26/2011 8:14:35 PM] ™ Gary Simpson: Quoting from the Bible now?
[9/26/2011 8:14:37 PM] Suzanne Patricia Howarth: most programs won’t allow 3 letter passwords anyway
[9/26/2011 8:14:41 PM] Kay Brasher: Agreed
[9/26/2011 8:14:43 PM] ™ Gary Simpson: ie Revelations.
[9/26/2011 8:14:50 PM] Maureen Amberg: Why can’t you have a password that noone could guess?
[9/26/2011 8:15:02 PM] Marj Wyatt: @Suzanne, except for DAP
[9/26/2011 8:15:03 PM] + Ken Harthun (Co-host: TIIMG): The correct answer is that Dog…… is a very secure password and easier to remember than XH@*222>>>@
[9/26/2011 8:15:22 PM] Marj Wyatt: That’s why I use Roboform!
[9/26/2011 8:15:23 PM] ™ Gary Simpson: @ Maureen – A brute force password attack will crack almost any English word so it’s
best to include some random characters to avoid the possibility of that.
(See Steve Lorenzo’s e-book/report on the most common passwords NOT to use.)
[9/26/2011 8:15:26 PM] -Bill Vallee (Leader:TIIMG): (whew) (wave) (flag:us)
[9/26/2011 8:15:38 PM] Suzanne Patricia Howarth: You are not saying why. please get to the point I need to go
[9/26/2011 8:15:40 PM] + Ken Harthun (Co-host: TIIMG): Gary, you’re stealing my thunder here.
[9/26/2011 8:15:59 PM] ™ Gary Simpson: Soz Ken. I will STFU. LOL!
[9/26/2011 8:16:14 PM] Dennis Pippin: so you mean dog with the dots?
[9/26/2011 8:16:45 PM] + Ken Harthun (Co-host: TIIMG): OK. here’s the scoop. You take any dictionary word, your name, your dog’s name, anything you want and PAD it with a personal password pattern that you will easily remember and you have an virtually unbreakable password.
[9/26/2011 8:17:05 PM] ™ Gary Simpson: EXCELLENT point.
[9/26/2011 8:17:35 PM] Steve Lorenzo: [Monday, September 26, 2011 8:06 PM] + Ken Harthun (Co-host: TIIMG):

<<< Gary, Steve, Anyone. What is the least secure password you can use.The MOST used password is
“123456″
See the Most Used 500 Passwords here:

http://tipsandtricks.im/TOP-500-Passwords-Download/

^^^ It is still free to get for you ^^^
But I’ll be releasing it as a PAID product WSO next week
[9/26/2011 8:17:54 PM] Tina Golden: Awesome tip, Ken, thanks!
[9/26/2011 8:17:57 PM] + Ken Harthun (Co-host: TIIMG): The secret is that the hackers don’t know your password. They will try dictionary words and common variations, but once you force them to use brute-force guessing routines, they’re lost.
[9/26/2011 8:18:00 PM] Maureen Amberg: I do not use a dictionary word…..and do add numbers or symbols.  Is OK?
[9/26/2011 8:18:45 PM] Tina Golden: I use a name (not my own) and number combination
[9/26/2011 8:18:51 PM] Steve Lorenzo: One VERY important thing is
You do not need ONE password .. <<< dumbest thing to do, no matter how complicated it is!
[9/26/2011 8:18:56 PM] Tina Golden: But I like Ken’s suggestion
[9/26/2011 8:19:10 PM] Steve Lorenzo: But rather different passwords for each separate website
[9/26/2011 8:19:13 PM] + Ken Harthun (Co-host: TIIMG): Steve, I’ll use 123456 every day. Try to guess this one: +_..123456.._+
[9/26/2011 8:19:18 PM] Dennis Pippin: [Monday, September 26, 2011 8:16 PM] + Ken Harthun (Co-host: TIIMG):

<<< OK. here’s the scoop. You take any dictionary word, your name, your dog’s name, anything you want and PAD it with a personal password pattern that you will easily remember and you have an virtually unbreakable password.I don’t understand this
[9/26/2011 8:19:48 PM] Maureen Amberg: Excellent point Steve!
[9/26/2011 8:19:51 PM] Tina Golden: If you have a virtually unbreakable password, would it matter if we used it on more than one site?
[9/26/2011 8:19:52 PM] Steve Lorenzo: Ken, it’s not about me, but the hackers who would use software to try all the combos possible
[9/26/2011 8:20:04 PM] Steve Lorenzo: the simpler it is, the fastest they can push through it
[9/26/2011 8:20:11 PM] Dennis Pippin:  PAD it with a personal password pattern…. this is what I don’t understand
[9/26/2011 8:20:25 PM] ™ Gary Simpson: @ Dennis – look what I did here:
[Monday, September 26, 2011 8:11 PM] ™ Gary Simpson:

<<< 1k2e3n4h5a6r7t8h9u10n
[9/26/2011 8:20:34 PM] + Ken Harthun (Co-host: TIIMG): Once you add the padding, which is unkown to a hacker, and force brute force attacking methods, then length trumps complexity. Use anything you will easily remember, just add a pattern that you will remember and you’re good to go.

[9/26/2011 8:24:52 PM] + Ken Harthun (Co-host: TIIMG): @Marj. Brute force means you have to guess every character one at a time. It can take eons if your password is long enough.

Are you getting this?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: