Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
How Hackers Use
Weak and poorly protected passwords remain the single biggest threat to computer security. Unfortunately, many of us still choose passwords that are easily “cracked,” like birthdays, pets’ names, foreign words, and celebrities’ names.
Powerful, automated tools for cracking poorly chosen passwords are readily available to malicious individuals, and are often carried in computer worms and viruses.
These tools call on large dictionaries to guess what a user’s password might be. Password dictionaries generally contain hundreds of thousands of entries, including words and phrases from numerous languages, from pop culture, and sequences like “12345678” and “fjdksla;” which are common passwords. Password cracking tools take each dictionary entry and use it in numerous ways–spelling it forwards and backwards, and making common substitutions like replacing the letter “O” with a zero and the letter "S" with a dollar sign ($).
For information about selecting a strong password, please visit www.upenn.edu/computing/email/pswd_guide.html.
Almanac, Vol. 52, No. 19, January 24, 2006
January 24, 2006
Volume 52 Number 19