In today’s digital world, where virtually all of our activities are connected to the Internet, password security is becoming a key element in protecting our data. Even a seemingly innocuous password can be the first line of defense against potential cyber attacks. That’s why it makes sense to learn how to create and manage secure passwords.
Over time, the speed of cracking passwords decreases a lot so it is a cat and mouse game. Our security of passwords is affected by their complexity, length and “personalization.” By personalization here I mean the use of words, numbers or characters that can be associated with us.
“Well okay but why are you talking about password cracking and how it even works?”???. I’m already calmly rushing to answer, but before, we need to explain how login works 🙃.
Of course, this is no standard. It all depends on how the programmer, writes the script.
Mr. Jan Kowalski accesses the site on his computer and wants to log in to the portal with funny pictures.
A login form is displayed to him, in which he is asked for a login and password.
He enters the data and then clicks the login button.
When he clicks that button, his computer sends the data to the server.
The server encrypts his password and stores it in that form in memory, along with his login.
The server then looks in the database to see if such a login and encrypted password exist in it.
If it does, the server returns us the correct message, and redirects us to the user panel.
If not, the server returns us information that the login data is incorrect.
“Well, that’s exactly why? After all, no one from the outside has access to the server anyway …”.
Well, in an ideal world, no … This is, among other things, a safeguard against the fact that if someone breaks in and retrieves data from the database, he has to spend time decrypting those passwords. Why so? Well most of the users tend to be lazy (I know because I am 🤪 myself). Meaning that we often give one password for everything. Now if one site is leaked it’s easy to get into our other portals or services.
Hashes are mathematical operations that convert an arbitrarily long string of data (e.g. text) into a fixed, shorter (or longer, depends on the text you are encrypting) string of a specified length. The result is a unique identifier or “hash” of the data string in question. Hashing is used for a wide range of purposes, especially in the context of security and data protection.
More simply, we give, for example, “Password123” for md5 encryption and get “86c132693c2922a37a2d5f8a63a8f954”.
Unfortunately, new methods of cracking passwords and algorithms are constantly emerging. This gives us a battle between cyber security and hackers. For example, the good old md5 as well as other algorithms are no longer considered secure because ways to “bypass” them (collisions, etc. – I won’t write more about that here. That’s a topic for another post) have been found.
Recently I was doing some presentation regarding security basics and found some interesting graphics.
In 2022, a 12-character password meeting uppercase, lowercase, special characters and numbers reportedly took 3,000 years ……. In 2023 it is already 226 years …..
“It’s 226 years anyway. I will no longer be in the world….”. I would just like to point out that the reference here is probably to a single computer, and if someone had several?
Remember passwords are our first line of defense against unauthorized access
