Tuesday, January 24, 2006 - Almanac Vol. 52, No. 19
How Hackers Use Password Dictionaries
Weak and poorly protected passwords remain the single biggest threat to computer security. Unfortunately, many of us still choose passwords that are easily "cracked", like birthdays, pets’ names, foreign words, and celebrities’ names.
Powerful, automated tools for cracking poorly chosen passwords are readily available to malicious individuals, and are often carried in computer worms and viruses. These tools call on large dictionaries to guess what a user’s password might be. Password dictionaries generally contain hundreds of thousands of entries, including words and phrases from numerous languages and from pop culture, as well as sequences like "12345678" and "fjdksla;" which are common passwords. Password cracking tools take each dictionary entry and use it in numerous ways - spelling it forwards and backwards, and making common substitutions like replacing the letter "O" with a zero and the letter "S" with a dollar sign ($).
For information about selecting a strong password, please visit http://www.upenn.edu/computing/email/pswd_guide.html