How secure is your computer: not as good as you think

Bruce Schneier has an excellent article on how passwords are cracked. Much of the content relates to the techniques used by AccessData, a company that sells Password Recovery Toolkit, or PRTK.

…So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.

Even something lower down on PRTK’s dictionary list — the seven-character phonetic pattern dictionary — together with an uncommon appendage, is not going to be guessed. Neither is a password made up of the first letters of a sentence, especially if you throw numbers and symbols in the mix. And yes, these passwords are going to be hard to remember, which is why you should use a program like the free and open-source Password Safe to store them all in. (PRTK can test only 900 Password Safe 3.0 passwords per second.)

PRTK seems to be Windows-only and application specific. That raises at least one question: if you are protecting an Apple Mac OS X computer, what is the most dangerous software which can be used to attack it?

Technorati Tags: