Sill
We are now using the Internet for a wide range of activities within our daily lives, including online banking, stock trading, online shopping, bill paying, socializing, entertainment and online research. In the last few years there's been a massive growth in the number of social networking sites such as Facebook, Linkedin, Twitter, Craigslist, Instagram, Tumblr, etc. We share all kinds of personal details as well as music, pictures and videos on these sites, most of which we would certainly prefer to protect, safeguard and keep private.
Today you need to remember or store many passwords for all your online accounts, the list is endless. If you’re like most, you use the same or very similar password for each of those accounts. Because if you use only one password everywhere and someone get’s that password, you have a very serious problem. The cyber criminal would have full access to your bank accounts, e-mail, business website, your ebay account, etc. Your world as you know it, would be turned upside down.
Unfortunately, the more personal details we make available, the more exposed we become to online identify theft. Identity theft is when a criminal steals our confidential personal data that lets them fraudulently obtain goods and services in your name. A cyber criminal could, for example, open a bank account, obtain a credit card or apply for a driver’s license or passport in our name, then, they could simply steal money directly from our bank account. They do, and it happens to thousands every day. Smartphones and tablet devices are often misplaced, lost or stolen making it easier for these thieves to exploit our misfortune.
Passwords are the first line of defense against cyber criminals anxious to access our personal stuff, access our identity and, of course, our money. Passwords help safeguard us against identity theft. They make it harder for cyber criminals to profile us, duplicate our identity and abscond with our assets.
So, how secure are you with that secret password of yours, that singular protective word that’s suppose to consist of both upper case, lower case string of alpha characters and numerics that you can barely remember? It’s purposely so super secret because it’s used to authenticate your identity so only you can gain access to your most treasured assets. So difficult to remember that most will store their passwords in their browser for convenience. The obvious problem with saving your difficult to remember passwords in your browser is that it's easy for someone who gains access to your computer to instantly access all your passwords.
So what happens when you do forget your password? Well there are ample, readily available solutions for retrieving forgotten passwords. Password cracking is generally a process of recovering passwords from stored data from your computer or other devices so as to recover the forgotten passwords, but of course in the wrong hands it is conveniently used for gaining unauthorized access to your computer.
So, how easy is it to “crack” your password? Well the evolution in password cracking has accelerated dramatically with the advancements in computational power, giving the cyber criminal a huge advantage. Suddenly, figuring out your password has become much easier and faster to do with the advent of multi-core Central Processing Units (CPU) with off -loading processors, such as the Graphical Processing Unit (GPU) which come in virtually every PC today. The CPU is where all the program instructions are executed. The GPU or graphical processing unit is designed to alleviate the processing load of the CPU by handling all the advanced computational work. In the “old days” criminals used software tools, such as Cain & Abel for cracking the password sequences (hash). This sort of tool used CPU core power for cracking and converting passwords into a plaintext form. So, assuming your password was complex and sufficiently strong (password which includes upper and lower case, alphanumeric and special characters), it would take many weeks and possibly years to process the plaintext from hash.
Besides this method, there are other ways at a criminal’s disposal for password cracking such as by merely guessing your password (using your pet’s name is a common mistake), by using tools such as keyloggers, phishing attacks, social engineering, dumpster diving, peeking over your shoulder, etc. But of course, the easiest and most efficient is by use of easily downloadable freeware designed specifically to locate your password. There are many available online, Hashcat, Rainbow Crack, PWAudit, Accent RAR, and a new super-fast password cracker developed by Ivan Golubev, IGHashGPU, to name a few. A GPU equipped computer can process thousands of threads and can accelerate these cracking software tools by 100X over a CPU alone. The GPU achieves incredible performance gains by using parallelism with hundreds and thousands of cores. With GPU capable computers and these tools readily available criminals can identify simple passwords in seconds and minutes. Ivan’s cracker tool can crack approximately 790 Million hashes per second, finding that hidden password in seconds. Amazing.
So, it’s important to create strong passwords that are different for each of your accounts and it’s strongly recommended that you update those passwords regularly.
Microsoft’s Technology Security group says: “There are a couple of different ways to create difficult-to-crack passwords. One is substituting letters with characters and numbers. To make it easier on yourself, try to use numbers and characters that resemble the letters they are replacing. For example, you may wish to use the first letters of the words in a favorite line of poetry or a verse of song. "Hail, hail the lucky ones, I refer to those in love" becomes "H,hTL0,IR2t1L."
The longer your password is, the longer it will take someone (or more likely, some program) to crack it.
Truth be known, password security depends heavily on the attack method. People often think that a short password of random characters such as “+*4F#0$” is super secure, but actually a long string of combined random words such as “ferrarimonkeybreathdatemonger” is actually far stronger. This added length causes uncertainty and is computationally more difficult to crack. Essentially, avoid real words that a hacker or cyber criminal will find in a dictionary.
The next level of password security is authentication, essentially the process of determining whether someone is actually who they say they are. When a potential subscriber accesses an authentication server, a username and password may be the only identifying data required. In a more sophisticated authentication system the user must request and receive an encrypted security token that is then used to verify access. A higher level, and dare I say, far more secure is the multi-factor authentication (MFA) being implemented by major software vendors, telecommunications and financial institutions. MFA solutions provide tokenless security and give formal verified proof by constantly shifting the user password. The MFA market is understandably growing at a feverish rate and expected to reach $5.5 Billion by 2017 according to Markets and Markets latest research report. Microsoft’s newly released 365 Office products offers an advanced multi-factor authentication, PinSafe, as their safeguard to insure password security in the cloud.
Solutions, such as Microsoft’s MFA PinSafe approach abruptly reduce hacker cracking and eliminate their interest. Microsoft 365 Office’s is designed for absolute simplicity for the user and comprehensive security. Of course, Microsoft and other vendors are even more concerned over enterprise wide security for large scale organizations, thus are evolving towards the data federation model which provides an organization with the ability to aggregate data from divergent sources so it can be used for all aspects of corporate business purposes. This federated model is especially useful for those organizations moving to the “cloud”.
If you’re seriously concerned about your password, strengthen it using the suggestions above or start using multi-factor authentication as a company or as a user. You really need to be protected.
Igor Sill is managing director of Geneva Venture Group. He is a Silicon Valley venture capitalist and founder of Geneva Venture Partners. He is also a Limited Partner in Goldman Sachs Investment Partners, KKR, GS Princeton, Benchmark Capital, Norwest Ventures, Granite Ventures, The Endowment Fund, Fortress Partners and ICO Funds through his Family Office. Igor resides in Silicon Valley and has 23 years of tech investment experience focused on cybersecurity, internet, networks, mobile, cloud and enterprise software.
BIO THE AUTHOR
Igor Sill is Managing Director of Geneva Venture Group. He is a Silicon Valley venture capitalist and founder of Geneva Venture Partners. He is also a Limited Partner in Goldman Sachs Investment Partners, KKR, GS Princeton, Benchmark Capital, Norwest Ventures, Granite Ventures, The Endowment Fund, Fortress Partners and ICO Funds through his Family Office. Igor resides in Silicon Valley and has 23 years of high tech investment experience focused on cybersecurity, internet, networks, mobile, cloud and enterprise software. He received his MBA from Oxford University, Said Business School. He attended the University of California, Berkeley 1975, as well as The Harvard Graduate School of Business Venture Capital Program in 1997, Stanford University School of Law's Directors College 1998, Stanford’s SEP program 1984 and Advanced Management College 1981.