Wed 20 Nov, 2013 03:01 pm
many times, people working in IT companies strongly advise NOT to write passwords on paper. because, it is assumed that someone might see that password and copy it, so that person might hack into the owner's email account. I have thought of a small trick which makes it practically
impossible to hack the email account even if the password is written on paper.
let us assume that password of my email account is %jAv83LOinFsQ%5 which is basically just random bunch of characters
it is difficult for me to remember such passwords if there are more number of such passwords. so, i write it down on paper, but i will only write it as %jAv83LOinF
BUT, I WILL NOT WRITE THE LAST FOUR CHARACTERS. I will remember them ( that is, sQ%5) So, even if anyone reads the paper on which %jAv83LOinF is written, still even then they cannot know last four characters. so, it is useless to them. If at all they have to hack my email
account, they will have to try different combinations of last four characters which is not practically possible because it will need at least around 25 million combinations or may be even more
please can anyone clear this doubt of mine? it is important to me because if by chance there
is any defect in this procedure which I am not yet aware of, then it will be prone to hackers
The whole point of having a long, complicated password that is not easy to remember is to make it extremely difficult for a hacker to be able to figure it out through trial and error and a program to do such testing.
Writing down all but the last four characters eliminates that protection and reduces the security of that password to that of a four character password that can easily be hacked.
yes, you are right...... 4 character password can be hacked easily if large number of login attempts are made... but i doubt websites like gmail, yahoomail, and other reputed sites will allow that many number of login attempts within a short span of time (let's say 7 or 10 days). and there is one more thing.. if i choose 4 characters in a totally random way, then for each character has totally 73 possible values (26 small alphabets+26 capital alphabets+11 special symbols+10 numerals). so, 73 multiplied by 73 multiplied by 73 multiplied 73 means totally 2,83,98,241 combinations.... i seriously doubt gmail or yahoomail or facebook are so naive that there are going to allow such king of login attempts... or do they? i don't know
The length of a password is the most important factor as once all common passwords are gone through by an attacker in a dictionary attack mode then random guesses need to be try and the longer the password the longer the attack will take.
Let see for for this website a brute force attack on the password of able2know%%%%%-<<<<< would take as follow from
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
Assuming one thousand guesses per second) 1.93 trillion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 19.31 thousand trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 19.31 trillion centuries
Note that typical attacks will be online password guessing
limited to, at most, a few hundred guesses per second.
In any case, a very simple password with padding added that you can remember such as 5 "%%%%%" one "-" and 5 "<<<<< would be very safe indeed as in 19.31 trillion centuries
Here is a link to a video that explain the point I am making that the over all length of the password being the most important factor over just randomness that is hard to remember.
Your password is then about as safe as your piece of paper. You should probably not tape it on the underside of your keyboard.
There is a wonderful little exe program for free by the name of locknote that have a notepad type of editor along with AES 256 protection where you can type in all your passwords into locknote and only need to remember one long password to open the locknote program and then y0u can cut and paste your other passwords from the locknote file/program to whatever website you are accessing.
I have all my passwords in a locknote file on a memory stick on my key chain.
To me far better then a piece of paper with passwords on it.
Yes, it is usually(*) safe to write passwords on paper. Who are you worried about. In most cases, people finding a slip of paper are not very much of a risk.
Hackers aren't coming into your office looking for pieces of paper taped to your keyboard. That is a really inefficient way to hack people's passwords. The way people steal your password is writing millions of phishing emails, getting password files and usernames, and then writing brute force algorithms to crack your password. They are stealing millions of passwords... they simply don't have time to go into your office.
This isn't always true, of course. You have to understand the situation. If you work for a bank, or a defense contractor; places where there is an obvious target valuable enough that someone would break into your office to steal your passwords, then you should be really careful about security.
But for most of us, the risk is botnets and hackers from Russia. These people will never hop on a plane to look at your paper. In fact... writing passwords on paper might be the most secure place to store them. Passwords on paper will never be found by a worm or a phishing email. They can't be hacked. A piece of paper at my office is accessible to 20 people who I know and trust, plus janitorial staff. And if someone goes through the trouble to break into my home to find my passwords... I am probably already in trouble.
That being said, if I have your piece of paper with the 4 digit trick (or any trick) you make is significantly easier for me to run a brute force attack. You are cutting down the number of combinations I have to try.... and remember I can try millions of passwords per second (and the government can try billions). The reason it is safe is because I will never take the time to steal your paper (not because these tricks are secure).
AND... as I said before. Everyone should be using two-factor authentication on their email password, banking passwords and any other password that might be valuable to a criminal.
You can also use your smartphone to store passwords. Create a contact on your phone for site or service needing the password.
With so many new smartphones having a fingerprint or facial recognition access you can store your passwords securely in the notes of the contact.
Well. Your smartphone is connected to the internet. That means it takes one phishing email or security flaw to get at whatever is on it.