Hey guys,
As there have been a decent amount of attempts on cracking passwords lately, I wanted to send out a reminder to everyone to change their password if it's one that's easy to guess.
Everyone will probably already know what I'm talking about here. Still, it's hard to get out of the bad habits. I've finally migrated over to all higher-security passwords just a few weeks ago, so I'm even a bit of a hypocrite here. But maybe that's part of the motivation for posting this.
- Your password should not be in the dictionary -- any dictionary. The obvious reason for this is because dictionaries are used to crack passwords.
- Your password should include both letters and numbers. This makes it significantly harder for someone who is using a random password generator to crack your account.
- The letters in the password should not be all one case. Vary upper and lower case.
- The password should be at least 8-10 characters. Think about how hard it would be to crack an ATM with a 1 digit pin. Now think of one with a 12 digit pin. For every character you add on to your password, you are making it much more difficult for the intruder. When I was about 14 and even more of a fool than I currently am, I used to "hack" into answering machines because most had just a 2-digit code. You could enter 95% of all answering machines with at most 50 keypresses on a DTMF pad. But again, this is because the code was 2 digits. One more digit multiplied the difficulty by ten (10 possible values for each digit). With the number of characters available on a keyboard, an additional (random) character magnifies the difficulty of a
password crack by 80 times or more. And that's a conservative estimate.
So please do consider changing your password if it's easy to crack, or improving your already strong password by adding a couple extra random characters. You never have to type the damn thing anyway. It just auto-logs you in, so there's no reason to worry about a difficult-to-remember password.
Also, a quick reminder: the practice of name-trading isn't condoned in TW. If you do it, keep in mind that like shooting heroin, it's extremely addictive, fun and dangerous. Worst case scenario, you may end up losing your name to a misappropriated ban. If you absolutely have to nametrade, though, change your password immediately after each trade, and don't ever use the same password on two accounts.
As there have been a decent amount of attempts on cracking passwords lately, I wanted to send out a reminder to everyone to change their password if it's one that's easy to guess.
Everyone will probably already know what I'm talking about here. Still, it's hard to get out of the bad habits. I've finally migrated over to all higher-security passwords just a few weeks ago, so I'm even a bit of a hypocrite here. But maybe that's part of the motivation for posting this.
- Your password should not be in the dictionary -- any dictionary. The obvious reason for this is because dictionaries are used to crack passwords.
- Your password should include both letters and numbers. This makes it significantly harder for someone who is using a random password generator to crack your account.
- The letters in the password should not be all one case. Vary upper and lower case.
- The password should be at least 8-10 characters. Think about how hard it would be to crack an ATM with a 1 digit pin. Now think of one with a 12 digit pin. For every character you add on to your password, you are making it much more difficult for the intruder. When I was about 14 and even more of a fool than I currently am, I used to "hack" into answering machines because most had just a 2-digit code. You could enter 95% of all answering machines with at most 50 keypresses on a DTMF pad. But again, this is because the code was 2 digits. One more digit multiplied the difficulty by ten (10 possible values for each digit). With the number of characters available on a keyboard, an additional (random) character magnifies the difficulty of a
password crack by 80 times or more. And that's a conservative estimate.
So please do consider changing your password if it's easy to crack, or improving your already strong password by adding a couple extra random characters. You never have to type the damn thing anyway. It just auto-logs you in, so there's no reason to worry about a difficult-to-remember password.
Also, a quick reminder: the practice of name-trading isn't condoned in TW. If you do it, keep in mind that like shooting heroin, it's extremely addictive, fun and dangerous. Worst case scenario, you may end up losing your name to a misappropriated ban. If you absolutely have to nametrade, though, change your password immediately after each trade, and don't ever use the same password on two accounts.
Comment