User guide
Chapter 2. Securing Your Network
24
cracker starts an attack in the middle of the night on a system with weak passwords, the cracker may
have gained access before dawn and edited the log files to cover his tracks.
In addition to format and storage considerations is the issue of content. The single most important
thing a user can do to protect his account against a password cracking attack is create a strong
password.
2.1.3.1. Creating Strong Passwords
When creating a secure password, it is a good idea to follow these guidelines:
• Do Not Use Only Words or Numbers — Never use only numbers or words in a password.
Some insecure examples include the following:
• 8675309
• juan
• hackme
• Do Not Use Recognizable Words — Words such as proper names, dictionary words, or even terms
from television shows or novels should be avoided, even if they are bookended with numbers.
Some insecure examples include the following:
• john1
• DS-9
• mentat123
• Do Not Use Words in Foreign Languages — Password cracking programs often check against
word lists that encompass dictionaries of many languages. Relying on foreign languages for secure
passwords is not secure.
Some insecure examples include the following:
• cheguevara
• bienvenido1
• 1dumbKopf
• Do Not Use Hacker Terminology — If you think you are elite because you use hacker terminology
— also called l337 (LEET) speak — in your password, think again. Many word lists include LEET
speak.
Some insecure examples include the following:
• H4X0R
• 1337
• Do Not Use Personal Information — Avoid using any personal information in your passwords. If the
attacker knows your identity, the task of deducing your password becomes easier. The following is a
list of the types of information to avoid when creating a password:
Some insecure examples include the following: