. Although the latter is true for each hash method used as almost irrecoverable on the plain text password. But together with such files full of discovered plain-text passwords and dictionaries, the existing hash values in a program loop can be compared to previously computed hashes of all hashes from the existing passwords in the files. With the appropriate computing power and a little patience, the collected hash values are converted into plain text passwords to the respective mail address. And since the leaks also contain information about the source of the leaks, you know where to apply the email address and password.
In principle quite simple.
The Hasso-Plattner-Institut even offers you a very special service with which you can test which of your mail addresses have been leaked. Here are already these new leaks entered. And you will receive a detailed report on where your data gap is open to your verified mail address.
The nuts and bolts are the handling of our passwords. Not only the handling but also the strategy is very important.
- Your creativity can live on the password. It is important that the password stays in your memory. There are different auxiliary strategies for this: One person can memorize a sentence (mantra) very well and uses only the first letter (or only the second or the last) of each word. In addition, you can possibly turn certain letters into numbers or special characters. Example from "One" becomes a "1" or a comma character mutates to the% sign. The next one uses a whole sentence as a password or strings different words connected by special characters. Or there are people who can visually remember the sequence of character input.
- However, the following basic rules still apply: the longer, the better. That is, a good password should be at least eight to 12 characters long. Among them are always programs that try combinations.
However, you should take the encryption methods for WLAN, such as WPA and WPA2, seriously. A password of less than 20 characters is a lucky hit for every attacker. Because at these points, so-called offline attacks are feasible. These will work even without an existing open network connection. Something that is not feasible when hacking online accounts.
- As a rule, you can use all available characters for your password, such as uppercase and lowercase letters, numbers and special characters (spaces,?!% + ...). The more digits and special characters you include in the password, the stronger the password - and of course the longer it is. However, you should also keep in mind that you have country-specific keyboards when traveling abroad, so you might not have some characters available on an ad hoc basis. Remedy here again password manager.
- Totally inappropriate as passwords are names of family members, pet, best friend, pet star, birth dates and so on. In particular, data that can be filtered out from dictionaries, name registers, address books. Social media also makes it possible to find out very quickly how your relatives, your friends, your favorites and of course your animals are called. Also, using common variations and repeat or keyboard patterns like "asdfgh", "qwert", "password", "HelLO" or "1234abcd" is not a good idea.
- Likewise, it is an absurdity to append simple numbers to the password at the end or at the beginning, one of the usual special characters $! ? # at the beginning or end of an otherwise simple password. The same misdeeds would be a simple password, such as a name with a date that usually shrouds a significant date, in the figure "0520TesTeron19".
- Password managers like KeePass not only help you create a new password for each account. But you are already excellently good and strong passwords offered that you can confidently take over. Because your KeePass encrypted password database will protect you with a well-remembered and secure master password. At the same time, you can use the KeePass database on all your devices (smartphone, PC, laptop, tablet), even with a USB stick, it can be used in the Internet Cafe or in the office.
- Linux and OS users also have an awesome Bash tool for password generation: pwgen.
Generate many and optional passwords with many special characters and numbers in the desired length. The uppercase and lowercase letters can also be deliberately taken into account.
- One last good approach is two-factor authentication, which sends an SMS with a code or token to a stored mobile phone number. The same would be possible with the email address. Disadvantage with the latter is again the risk of a leaked mail address. And disadvantageous would be the publication of the mobile phone number, which is also very popular as a data collection object among the providers.
- My favorite is the creation of specific mail addresses for targeted special accounts. This would be followed by firstname.lastname@example.org for said forum or email@example.com for FaceBook etc. To do this one does not have to create infinite mail accounts today. There is enough mail account where you can create 10 or more mail aliases.
The good thing is that I can delete the Mailaliases again, if I no longer need it or notice that the address for SPAM or other is abused, respectively was leaked.
You see, your IT security is entirely up to you and your creativity as you use it. At the same time you protect yourself and your network yourself, but you also contribute to the safety of all other parties involved in the Internet. Because a leaked Internet user usually has the consequence that its contacts (mail, address book) will also be affected. And that can become self-fulfilling.
Be creative and get active! Best now at the end of this blog!