Warning: Creating default object from empty value in /nfs/c09/h03/mnt/132495/domains/blog.nfrontsecurity.com/html/wp-content/themes/headlines/functions/admin-hooks.php on line 160

A Password to Survive any Audit

Running a password cracker is a standard part of any security audit procedure.  Password crackers generally work in 4 ways – (1) a brute force crack (2) a dictionary crack (3) a hybrid dictionary crack and (4) rainbow tables.  The hybrid attack works by appending common phrases and sequences to dictionary words.  Rainbow tables work by using pre-calculated password hashes and the size of the table depends on the original character set used. Most tables have alpha characters, alpha-numeric, or larger tables that include special characters.  However, none have tables that include ALT characters.

 

To create a password that cannot be cracked using a standard password cracking tool be sure to include a non-breaking space (http://en.wikipedia.org/wiki/Non-breaking_space).  You can do so by typing ALT-0160 in the password using the numbers on the keyboard.  NOTE: on a laptop you must use Num lock.  Other ALT characters are a good choice but a non-breaking space is even better because it is also not detected by most keyloggers.  Such a password is a great choice for accounts like Domain Admins, Enterprise Admins and the built-in Administrator account on servers.

 

To learn more about password crackers and steps you can take to thwart them please download our whitepaper.

To learn more about how to improve your Windows password policy please visit our website or give us a call at +1 404-348-4678.

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

About Gregg

I have over a decade of experience teaching Windows, Cisco and security technologies to IT professionals worldwide. I have taught classes in Hong Kong and created classes for the United Nations. Once upon a time I wrote a book on Windows Domain Architecture for McMillan and I penned a couple of articles for Windows IT Pro magazine. In a former life I worked with technologies ranging from ASIC circuit design, to robotics, to industrial controls and Allen Bradley PLCs. On the IT consulting side I have implemented technologies like Cisco VOIP, IDS, Unix CAD/CAM systems. I have designed windows domains, created highly optimized database servers and terminated fiber optics. Many years ago I wrote one of the first products to detect missing patches on Windows systems and eventually the code became St. Bernard's Update Expert.

Comments are closed.