Unfortunately, a new completely free password cracker, ocl-Hashcat-plus, will make life much harder for anyone who relied too much on very long but predictable combinations. The old version of the software effectively attacked 15-character passwords, but did not go beyond that.
The current one reaches 55 characters, decrypting passwords once considered unapproachable. The change is significant: using a phrase instead of a simple word is one of the most classic suggestions for anyone who wants to secure an account without risking forgetting the combination used.
Understanding how this new version thinks can help anyone who wants to protect themselves more effectively: the software creates a database of possible words by searching dictionaries, encyclopedias and even forums far and wide, looking for the most common letter combinations. The secret, then, is not so much to look for very long alphanumeric strings, but to focus on something impossible to find on the web.
An entire tercet from the Divine Comedy, long but widely present online, will not make us safe at all. At most, once discovered, it will make us look good to the cracking program. A misspelled word we used as children, however, will be much harder for the software to identify, without making it harder to remember.
Our individual lives are probably the most unreachable store of words for a search engine. To quickly assess how easy your chosen term is to find online, try searching it on Google and look at the number of results returned.
Forget heroic memory efforts: to be safe, a little originality is much more useful!
Want to know how exposed your website is?
EasyAudit WEB checks websites, portals and e-commerce with a professional external audit designed for SMEs.