100 Guesses Is Enough To Crack Your Password


1
In the past few years the constant ever growing threat of cyber attacks and rampant attack has brought a new sensibility among the avid internet users towards strengthening their password. So how people make their password stronger is not an enigma. Most of the people include a number of two along with punctuation in order to make it difficult for the bad guys to figure it out. Sometimes people even add the name of a site or their pet or some other tricks to spice the things up. But a recent study has shown that if you do things like these then it is simply not enough.

A team of four researchers from the Peking University along with Jeff Yan from Lancaster University has published a study wherein they were able to crack a number of passwords from lesser than 100 guesses. They had aptly titled their study as ‘targeted Online Password Guessing: An Underestimated Threat.

TarGuess designed to break password effortlessly

Typing in the guessed password for hundred times or less than hundred times will be considered as a time consuming affair. Therefore researchers have created an algorithm named TarGuess which has been able to notch 73% of success in selected test scenarios. This means that the algorithm has been successful in decoding the password of users in 100 guesses at the most. TarGuess works so well on the cracking the password because at first it indulge in getting to know the targets.

TarGuess is designed to make use of the personally identifiable information (PII) in order to guess the passwords. Once the target is identified TarGuess makes use of the available information present on the site such as Facebook, Instagram, Twitter and LinkedIn. Then it also makes use of the dozens of the massive breaches which has happened in the past revealing the personal details or account info of the users.

Reuse Password practice should be avoided

Most of the people tend to reuse password for different website and accounts which is a very bad idea when it comes to security. TarGuess can easily spot your email address when you use passwords like biglove123yahoo for yahoo account and a similar password for PayPal account. TarGuess will quickly decide to start guessing with biglove123paypal for the PayPal as the safe bet.

Do not substitute numbers for letters

A number of TV show hackers has popularized the usage of numbers as a substitute for letters. But this practice isn’t a great weapon for creating stronger passwords. Researchers have embedded TarGuess with more than a dozen of transformation rules which can easily help in decoding the numbers for their respective letters. Apart from that it can even do difficult transformation like swapping the word as for @s.

There is a similar kind of tool named Telepathwords created by Microsoft which has the ability to predict the next character within a password as user happens to type it. Therefore substituting habit should be avoided at all cost as it makes your passwords much easier to crack than you can even think of.