Thursday, February 14, 2013

The story of a "strong" password: How exactly a strong password is "unhackable"?

This might as well be the least asked question but we still do it!! We all prefer keeping long and complicated passwords with digits, symbols, punctuations etc. only knowing a plain reason which not many understand (but still know) that "It makes the password STRONGER!"....Ever wondered as to "How can a password be STRONG?? "...If not, there's no need to because the answer lies below...

What does a strong password mean?
Well technically even a nine year old can give this answer- A strong password is difficult to guess, hack, decode, decrypt and other geeky shit!
The answer is pretty correct! There's nothing more to add to it! And having such a password is very likely to enhance the security of your account!

So how come it's so difficult to hack a 'strong' password?
Before you start reading this section, make sure you know a teeny-weeny bit about encryption. If you don't, just scroll through a recent mini article that I've written: Click here just the basics.....

So here's the thing. Hackers usually approach a password by guessing it (It rarely works). So with such a complicated password ...there is an absolute zero chance of merely mind guessing it. So the next thing they do is intrude the servers of the very website holding your account and try to find your password (Because they are 100% sure it's in there)....But even in the servers, the passwords of all the users go through some whacky encryption until they reach to their spot!

And as you know about encryption algorithms, they ain't no pieces of cakes too! Most websites nowadays use algorithm like MD5, Which is well known as "The one way encryption" Heck Yeah! You can encrypt something to md5 easily but decryption can only be done by the almighty creator of mankind! (That means it cannot be decrypted directly). Some chaps might be laughing because I mentioned about Brute Force guessing in some previous articles but that can take CENTURIES to decrypt an md5 key.That is because any md5 key needs a "match" or a "reference" and the website gets its reference key when user enters the password during log in. And a strong password has infinite possibilities and there are no references even in the website's server.

And that is the reason you should not keep a single word or a phrase password like "Hello" because this is an easy word and the hacker can approach the md5 key by simply matching  a list of common dictionary words which are easily available even on the internet! This means 'Hello123' is many times stronger than 'Hello'. As seen clearly, a simple word list cannot solve a complicated password, and creating a word list with every possible combinations and lengths of letters, symbols and numbers is next to impossible even if done by a computer (A normal one). For that we'll need a huge "supercomputer" (Like TRANSLTR in Dan Brown's novel- Digital Fortress ) which will take another billion dollars to build. Such word lists with all possible combinations of a certain set of characters are called "Rainbow Tables"....Rainbow tables with all combinations can only be achieved by some supercool organizations like CIA, FBI or something! You might find some results of Googling "rainbow tables", most are fake and the others are limited....such tables cost millions of dollars and can never be Open Source...

However strong the password is, cheap tricks like extortion, phishing, Keystroke Logging  still prevail....I've got some tips for that:
1. Change your password if you have logged in at your friend's house of at an internet center after coming at your home computer.
2. Never trust pages that ask for your facebook/google/other password. If they do make sure that there is 'https://' in that site.....

That'll be it!

Tuesday, February 5, 2013

Be secure and beat spam with 10 minute mail!

Coming across an awesome website you often get compelled to register for an account so that you can access more “handpicked” stuff and share, comment and post on it. Almost every website asks you for your email address and you don’t give it much thought and you enter your primary email, receive your password or a confirmation email.
After 1-2 days you check your mail and there are hundreds of ads, offers, news and other useless stuff from the website you registered on some time back (some even from the ones you never knew about). This is annoying for most users when a site uses your inbox as such a blotting paper!
This phenomenon is termed as “spam”!!
However I came around an internet tool that helps us avoid “spam” to a great extent. It’s called “10 Minute Mail“. Normally websites don’t have any business with your email after you’ve seen the confirmation link (apart from resetting password but what’s the harm in remembering it? ). This tool creates an email account for you that self destructs after 10 minutes. Seems pretty useful while registering on some website. You have practically no use of the id after registration. This blocks spam and is also more safe as your original email id is nowhere in the scene!! I loved this tool!!! Felt like sharing and so I did!!

Check your browser’s support details without the hassle.

Say a website or a web application doesn’t seem to work properly in your browser and you e-mail the authorities or the admin that you’re having a problem. The first thing that they ask is the details about your own system like “Which OS are you using?”, “Which version of Mozilla Firefox are you using?”, “Are cookies enabled?” blah blah….
Getting all this information can be a pain in the neck (of course you’ll have to make a lot of clicks and searches). But there is an easier way. There are a bunch of websites which show all these details on a single page and some of them can e-mail those details to desired address in almost no time.