Basically, wireless security requires WPA2 encryption (with a complex pass-phrase that is not included in any pass-phrase dictionaries), MAC address filtering, and no remote administration of the router.
Here’s a great link describing these opportunities:http://www.labnol.org/internet/secure-your-wireless-wifi-network/10549/
And here’s a cartoon about making a safe pass-phrase:
http://xkcd.com/936/
http://imgs.xkcd.com/comics/password_strength.png
And finally:
The following are from comments on an article at:
http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/1/
================…================
althaz wrote:
The best passwords are still those posited by XKCD (http://xkcd.com/936/) – four (two is next to
worthless and three is not that good) random words strung together.
Reply:
Actually, three or four random words with a numeral or special character inserted between each
word are much better (will defeat -every- lowercase brute force attack). Even just capitalising the
Nth letter of each of your words gives a dramatic improvement in security.
“coRrectbaTteryhoRsestAple”
Longer is indeed always better, but the following are also good tips:
* numeral or special character inserted somewhere in the middle of the password. (It’s
computationally easy to check prepends and postpends, but still difficult to check every possible
Password strenth 2 of 3 3/26/2013
position.)
* ditto for capitalisation. The rules out there mean that “HorseStaple” is really no more secure
than “horsestaple” (because it’s the most likely thing someone does to a two-word passphrase, and
thus only double the time to check), but “hoRsestAple” adds 5×6+2=33 permutations (if they
have a rule to look for a single capitalized character in each word), which isn’t great, but is still
better than nothing.
* Even better, replace every Nth character with something completely different. “h&rses&aple” /
“hQrsesQaple” / “h5rses5aple” … just be careful not to pick a substitution that turns a word into
another word or accidentally emulates l33tsp34k.
All that aside, the MOST important thing is, if you reuse passwords, reuse them wisely.
* Use unique passwords, as strong as you can stomach, for -every- account that involves access to
your actual monetary resources (bank, paypal, amazon, etc)
* Ditto for any email account with password reset access to the above. THIS IS IMPORTANT!
* For sites where your online reputation or business would be harmed by a breakin, or where you
would be seriously inconvenienced from a loss of access, use a unique password, but you don’t
need it to be as strong.
* For generic forums and the like… try not to reuse if you can, and try to pick “good” passwords,
but if the repercussions are low that it really isn’t too important. These definitely lend themselves
towards the “ease of use” end of the scale, as there’s little for you to lose.
Last edited by Yobgod on 25 Mar 2013 02:46
================…================
Quote:
Of course 16+ truly random characters is slightly harder to break, but it’s also impossible to
remember.
Reply:
A 16 character truly random password is not “slightly harder to break”; it’s “computationally
infeasible to break, even with massive parallelism, even with a really fast hashing function, for
years to come”.
Your GPU may be able to do a billion hashes per second, and you may have a supercomputer
with a thousand GPUs. Great. A trillion hashes per second. How much does that help you?
Not much.
There are 95 printable keyboard-friendly ASCII characters. Many systems these days will accept
UTF-8, but we’ll just stick with ASCII, as it’s good enough. A 16 character random password
taken from the 95 printable ASCII characters gives 44,012,666,865,176,569,775,543,212,890,625
combinations. That’s 44 million * trillion * trillion. On average you’ll only need to crack half that
to crack any given password, so call it 22 million * trillion * trillion. At a trillion hashes a second,
that’s still going to take, on average, 22 million trillion seconds.
Password strenth 3 of 3 3/26/2013
That’s a lot of seconds. It’s a hair under 700 billion years, or about 50 times the current age of the
universe.
You might complain that the supercomputer is too small. But it doesn’t really matter. Even with
100,000 GPUs (and that’s a lot) you’re looking at 7 billion years. Maybe your GPUs are better,
and can do 4 billion hashes per second. Great; you’re still looking at more than 1 billion years.
A billion years is a really long time.
Now let’s look at your XKCD password. The idea here is that they’re four common words strung
together. Typical English speakers have a spoken vocabulary of 10-20,000 words, and a working
knowledge of 35-50,000 words. Four words out of 35,000 gives a total of just
1,500,625,000,000,000,000 passwords. Our trillion hash per second supercomputer can crack that
on average in 8.6 days, and can crack it exhaustively in 17 days. Perhaps you’ll use some really
obscure words (which is rather undermining the point, because you’re less likely to remember
really obscure words); four from 100,000 can be cracked exhaustively by our trillion hash
supercomputer in 3 years. Perhaps you’ll decide to span most written English, and pick four from
a million words. That’s stepped up the difficulty a lot–our supercomputer would now take almost
16,000 years, on average.
But it’s a blink of an eye compared to the 700 billion years that it’d take for random selection of
16 ASCII printable characters to be brute forced.
——————-end—————–