Blog

What determines the strenght of a password

Posted by on Jul 30, 2015 in home, News | Comments Off on What determines the strenght of a password

What determines the strenght of a password

There are some misunderstood assumptions on what determines the strength of a password.

During the course of the past decade there have been several studies on what constitute as a strong password.

Some people believe it’s the password complexity that determines the strength of the password, saying that adding special characters alone does strengthen a password.

Others believe that it’s the lenght of the password determines it’s strength.

Their argument is that the longer a password is, the more possible characters the hacker/program has to go through , so the longer it takes to crack a password. Another argument is that if you have a 6 character password that does have some kind of password complexity, it’s still a relative smaller amount of possible characters to go through to crack a password, therefor a longer password (16 character ) even if there is no password complexity involved is better option.

There are some websites that provides an indication on the password strength, but as always not all websites are trustworthy.

We are adding 2 websites which 5 Star Technology use.
The first website is part of the Microsoft Safety & Security site.

Microsoft’s website will tell you if the password is strong according to their algorithms.

The other is website Gibson Research Corporation. This website will analyze how long it will take to crack a password.

After you have created a strong password on the Microsoft site, you can verify on GRC how long it would take for a hacker to break the password.

Beside the technical point of view , we have to consider also how users react when being confronted by entering a complicated password that they can not remember easily.

Some studies has also showed that users are more frustrated by the password complexity requirements then the password lenght. Which means they prefer a longer password then trying to figure out on how to enter 3-4-5 special characters to make the password harder to crack.

In addition to all of this, not all websites are created equal. Some websites can accept a maximum of 8 characters while other websites (Microsoft) accepts 16 characters and other websites (Google) accepts up to 100 characters.

Nowadays with the current technology available there is not a real reason to limit the password field to a small number, so eventually on the long run we can hope that all websites would eventually a password field with 16 or more characters.

5 Star Technology recommends a password consisting of 11 or more characters,  consisting of least 5 characters of  the uppercase, lowercase, numbers and special characters combination.

See also the article: How to create an excellent password strategy.

On a something related note,  there is also the development of authentication method called 2 factor authentication, which is an authentication by something you know and something you have. By having a second authentication based on something you have, although a hacker may crack your password, since the hacker “hopefully” wont have access to the second part of the authentication (the something you have), the hacker will not be able to access your account.

The Jeep hack and internet of things

Posted by on Jul 26, 2015 in News | Comments Off on The Jeep hack and internet of things

You can read the original article regarding the Jeep hack.
The article is specific to Jeep but is applicable to all devices (pc, tablet, watches, fridges, camera’s, radio’s, cars  and so on) connected to the internet.
Now with the new trend called internet of things where everything could be connected to the internet we need to stop and think on the following.
Do we really need that these devices to be connected to the internet.
Do we trust x company that brings out their product to be security compliant.
Does the option to connect to the internet need to be enabled by default by the manufacturer or does the user need to enable it manually.
Who’s responsible for updates on the system, the manufacturer or the owner.
Does the update process need to be manual or automatic.
Do these devices need a firewall, antivirus and malware detections as well ?
Can these individual devices be centrally managed by a 3rd party

Increased costs by NOT upgrading

Posted by on Jun 18, 2015 in News | Comments Off on Increased costs by NOT upgrading

Increased costs by NOT upgrading

Yesterday someone called me to help him setting up his email on the phone.
I turned out that about 4 months ago I did set up the smtp settings for him on the phone so he could  sent email via the phone, something he was struggling to accomplish for 2 years.
At that time I managed to do it in 10 minutes. (there is a point to the story)

We met at the company he used to work for to set up the email.
We started at location x. Location x had a very weak wireless signal so the phone was not connecting at all at the wireless network , so we moved to location y.
Location y had 2 pc’s with windows xp and java 7.
The website (godaddy) required java 8 to display the information needed to enter all the email details so java 8 needed to be installed on the system.
During the installation of java 8, java warned us, that maybe the java may not function properly on the windows xp as well.
By that time 30+ minutes has passed to the client asked why this time it took so long.
In the end a 30 minute billable job became a 1 hour billable job just because the organisation had not the proper infrastructure and hardware/software updates.
This is just a small example on how IT cost could increase by not having more recent technology in place.

A new website

Posted by on Jun 18, 2015 in News | Comments Off on A new website

A new website

The first blog is about on how the new redesigned website finally became a reality.
When I started the business I tried to create the website by myself.
After an initial design I asked Ace Suares (www.suares.com) and Alexander Peijnenborgh (www.deltaworksinc.com) to provide some feedback. After their initially feedback I actually stopped working on the website.
In 2014 Jean Paul Bernadina (www.noxxar.com) approached me and gave me some insights on how and what to change on the website as well.
In 2015 I finally bit the bullet and asked Rianne Hellings (www.kukiko.com) to design the website for me.
So finally a professional looking website is up and running, adequately representing the direction that 5 Star Technology is moving too.