How Easily Can Your Password Be Hacked?

-

Introduction

 Keeping yourself and your data safe is often referred to as cybersecurity. Providers of computer services (like banking, email, or social media) have the responsibility of keeping hackers out of people's systems. As a computer user, you can do your part by being careful about who you talk with over the Internet, what information you share, and by picking and using strong passwords. Computer passwords are one of the most important tools used to protect information on computer systems. Just as you do not want anyone stealing your password and gaining control of your Instagram account, banks have to take precautions to keep criminals from stealing money. Because passwords are so important, it is a crime to steal passwords and to intentionally access other people's computers.

You use computer passwords every day, whether to access your email account, social networking sites, or even to do online banking. One of the challenges you may have when picking a password is making it easy for you to remember, but hard for other people to guess. It may not be a good idea, for example, to use your dog's name, your street address, or any information that's somehow connected to your username. For instance, if Sue Jones uses the login "SJones" to access her email and lives at 314 Apple Pie Road, the password "pie314" might not be a good choice. Do you see why? Though it might be easy for her to remember, it is very short and contains her street address. 
A stronger password might be "9J8qwerfcvhjAMzjJQUnD"...if he could remember it. That is certainly much longer, it's not a word, and it does not have any identifiable information. But who can remember that? And if you write it down and misplace the piece of paper, that isn't really more secure


A strong password is one that you can remember easily, but that is pretty long, is made up of a couple of words, numbers and punctuation, but doesn't have anything in it that someone would guess if they looked you up on the Internet. There are a lot of strategies for creating strong passwords.
  • The example is from an online totally random password generator. It simply picked 16 characters at random.
  • Another strategy is to start by thinking of a passphrase, which is a phrase you like or a quote from a movie. Then use the first letter of each of the words and put in a number or punctuation in there somewhere. If your password is "T4IdtwiKa", can you remember it more easily if you're a fan of the Wizard of Oz? "Toto, I don't think we're in Kansas anymore." The number 4 takes the place of the comma and is the number of legs Toto has.
  • Another common approach is to use two completely unrelated words and separate them by numbers or characters; is "deaf+anteater" easy to remember? Is it still easy to remember if you sprinkle in some numbers, like perhaps the phone number where you used to live? "deaf555+4715anteater" might be harder for someone to guess.
  • Or consider a nonsense word that doesn't mean anything, but you can still pronounce it, like "USiFiPiZOG" is an example of a pronounceable random password. Compare that to the one starting with "9J8" in the paragraph. Is it easier or harder to remember? Memory tricks that help us remember things are called mnemonic devices. Try saying the two random passwords out loud and see which one you remember.
You can see that there are as many possible passwords as stars in the sky.



Password Type
Example Password
Easy to guess based on personal knowledge
pie314
Pronounceable random
USiFiPiZOG
Completely random (hard to guess)
9J8LZcWAMzjJQUnD
Passphrase
T4IdtwiKa (Toto, 4I don't think we're in Kansas anymore)
Two unrelated words
deaf+anteater
Two unrelated words + personal info
deaf555+4715anteater


With so many possible passwords, how is it possible for anyone to guess yours and steal your email account? The fact is that people are not good at picking random things and are terrible at remembering things that do not make sense in some way. In the 'deaf anteater' examples, you may have trouble remembering that second one if your phone number was never 555-4715. People like to pick things that connect to something else in their experience and make some sense. We do not remember nonsense very well at all. We also do not like to remember things that are long and detailed; yet, a long, difficult password is exactly the kind we should have if we do not want anyone guessing it. This is the challenge then; how do we balance between "easy to remember" and "really hard to guess"?
The first part of this science project is to do some research on the Internet about password security. When you do your research, you will find literally thousands of sites that offer up password suggestions or offer to evaluate your passwords and tell you how strong they are. Some have explanations about the math that shows why making a weak password a little bit longer will make it a strong password. You will want to read about why some passwords are better than others and why people pick the passwords they use. Police detectives have to think like a thief if they want to catch one, so while people trying to steal passwords use this information to help them, you can use it in this science project to make it easier to guess our samples and therefore, to improve your own passwords after the science project is completed. Once you have found some strategies for both hiding and guessing passwords, you will write a computer program to guess passwords using the strategies you have read about. Think about passwords like a typical user; how do you think a typical user picks a password? You will be writing a computer program to try out these techniques to guess some samples we offer, and to guess your own as well.
Remember that it was stated earlier that it is a crime to break into computers without permission? In this science project, you will be "breaking into" your own computer by simply guessing passwords. Once you guess the ones we provide, you have our permission to try them out on a special website we have set up.
The procedure contains some sample code to help you get started. Once you are at the programming stage, you can take this science project in one of several different directions:
  • Modify the provided programming examples to try guessing the passwords Science Buddies has encrypted. How long does each password take to guess? What does this tell you about what types of passwords are strongest?
  • Have friends or family make up weak versus strong passwords based on what you learn about password cracking. Test those passwords against your password-guessing program. How long do you think it will take your program to crack your own email password?
 

Experimental Procedure


Cybersecurity Project Warning


This Cybersecurity ideas can be fun, but they can also get you in trouble if you are not careful. Make sure you follow these rules when doing a cybersecurity idea:
  • Do not attack any individual, computer, system, or network without consent from the individual (or person who owns the computer). For example, do not try to guess someone's email password and log into their account unless you get their permission first, or try to hack into a website without permission from the owner of the website.
  • Even if you have consent to perform an attack, the attack should be for learning purposes only, and you should help the individual or organization fix any problems you find (this is known as "white hat" hacking). For example, if you are able to guess someone's password, you should tell them they need to pick a stronger password (and help them learn how). Do not read their emails, change any of their account settings, look at private information or files like pictures, or tell anyone else their password.
  • If your project involves human subjects, even if you have their consent, you may still need approval from your science fair or an Institutional Review Board (similar to the rules for psychology or medical experiments). See this page for more information.
  • Do not pretend to be a different person, company, or other organization online. This includes pretending to be someone else on a social media site, setting up fake websites designed to look like real websites from reputable companies, or sending "phishing" or other emails designed to look like they were sent by someone else. (A controlled experiment where only study participants have access to examples of such websites or emails would be OK.)
  • Do not use data that was illegally obtained (for example, contact information stolen from a company's employee database), even if it was stolen by someone else and already posted online.
  • Do not publicly post sensitive personal information, even if it was obtained with consent. For example, if your project involves accessing people's contact information (legally), do not post someone's name and address in the "Results" section of your science fair display board. You should destroy any such information (by shredding paper or deleting files) when you are done with your project.
  • Do not install or run any malicious software (viruses, malware, spyware, Trojans, etc.) on a computer that is connected to the internet. The software could easily spread to other computers and get out of your control. 
thank you 
hope this idea may help you 
have a great fun moments.

Comments

  1. Cathy13 February 2019 at 08:14

    For every account basic security is your password, If your password is strong enough so hackers will not able to crack it

    ReplyDelete

Post a Comment

Popular posts from this blog

KNEC- How to verify and correct errors on the 2019 KCPE, KCSE candidates’ registration data.

-
Image
The registration of the 2019 KCPE and KCSE candidates ended on Friday 15lh February, 2019 .  There after the process of verification of the candidates’ details commences immediately. According to KNEC, Verification of registration data will take place between 18th and 28th February, 2019 . The candidates, parents and guardians are required to verify the accuracy of registration details online by  sending the candidate’s index number via SMS to 20076 . The SMS system has been activated on Saturday; 16th February, 2019 and candidates are encouraged to take advantage of the system to confirm their registration status online. The Kenya National Examinations Council officers will be visiting all the Sub counties between 24th February, and 2nd March 2019 to sensitize the heads of institutions on issues relating to registration of candidates. During the visit they will issues the KNEC generated computer nominal rolls to heads institutions and later collect the downloaded signed n
Read more

SECONDARY SCHOOL REVISION-FORM 1

-
The following is a list of the available Form 1 Revision Papers for Term 3, 2018. The question papers are  available for DOWNLOAD for  FREE  of charge. Marking Schemes are also available but at a small fee of Ksh. 50/ per paper. Kindly click to place your   Form 1 Revision Papers AGRICULTURE BIOLOGY BUSSINESS CHEMISRTY CRE ENGILISH GEOGRAPH HISTORY KISWAHILI MATHEMATICS PHYSICS
Read more

How to crack a Modem to be used for other networks Prepared By Kevinlangs

-
UNLOCK YOUR SAFARICOM MODEM(Simple) this are the steps your have to follow for one to unlock a safaricom Modem in a very simple way With four mobile operating companies operating in kenya and the need for faster and reliable internet and with the tough economic times, its expensive to buy four modems...ok thats not the point. The point is some data providers are too damn expensive and slow and having locked their  modems to their networks only,its only human to unlock them. some people have made it their business to make money from kenyans, i saw it wise to pass the knowledge so that you can unlock your modem on your own.its a 2 minutes process( people normally pay ksh.500 for this.sh*t).   First you need to get your modem's unlock code. To get this you run this link: http://bb5.at/huawei.php?imei= where you enter your modem's IMEI number(check the back of your modem) after the = sign eg  http://bb5.at/huawei.php?imei=35XXXXXXXXXXX        
Read more