1 00:00:00,280 --> 00:00:02,960 Speaker 1: Brought to you by the reinvented two thousand twelve Camray. 2 00:00:03,160 --> 00:00:08,760 Speaker 1: It's ready. Are you get in touch with technology? With 3 00:00:08,880 --> 00:00:17,480 Speaker 1: tech Stuff from how stuff works dot com. Hello again, everyone, 4 00:00:17,560 --> 00:00:19,680 Speaker 1: Welcome to tech stuff. My name is Chris Poulett, and 5 00:00:19,680 --> 00:00:21,720 Speaker 1: I'm an editor at house stuff works dot com. Sitting 6 00:00:21,760 --> 00:00:25,120 Speaker 1: across to me, as is a typically the case, senior 7 00:00:25,120 --> 00:00:28,600 Speaker 1: writer Jonathan Strickland. Hey there, you know, so I was 8 00:00:28,640 --> 00:00:30,960 Speaker 1: thinking maybe after this we could I don't know, play 9 00:00:31,000 --> 00:00:34,400 Speaker 1: game risk. What do you think I think we already are? 10 00:00:35,720 --> 00:00:39,080 Speaker 1: That's funny. Uh. Yeah. Security has been in the news 11 00:00:39,159 --> 00:00:41,040 Speaker 1: a lot lately as of the time we're recording this 12 00:00:41,080 --> 00:00:44,800 Speaker 1: in late August two thousand and twelve, UM. And part 13 00:00:44,800 --> 00:00:47,319 Speaker 1: of that is because, as we have touched on in 14 00:00:47,360 --> 00:00:50,680 Speaker 1: a handful of times since, some of the big, more 15 00:00:50,720 --> 00:00:55,720 Speaker 1: widely publicized cases have been making the news. That you know, 16 00:00:55,880 --> 00:00:59,960 Speaker 1: hackers have been breaking into different accounts at major corporate 17 00:01:00,080 --> 00:01:04,840 Speaker 1: rations online, stealing people's information. It's unclear whether people's credit 18 00:01:04,840 --> 00:01:07,120 Speaker 1: card numbers were stolen, or if we have your home 19 00:01:07,160 --> 00:01:09,440 Speaker 1: address or we know the name of your dog. There 20 00:01:09,520 --> 00:01:12,280 Speaker 1: was the whole story of Matt Honan getting his entire 21 00:01:12,360 --> 00:01:17,200 Speaker 1: digital life hacked because of a vulnerability between the systems 22 00:01:17,200 --> 00:01:21,640 Speaker 1: of Amazon and Apple YEP, which clearly taken a loan, 23 00:01:22,560 --> 00:01:27,720 Speaker 1: clearly were not obvious as problems, but when put together, 24 00:01:27,840 --> 00:01:30,800 Speaker 1: post problems because they were the people who were doing 25 00:01:30,800 --> 00:01:33,600 Speaker 1: the hacking game to the system and put them against 26 00:01:33,680 --> 00:01:36,280 Speaker 1: one another to create a bigger picture that allowed them 27 00:01:36,319 --> 00:01:39,280 Speaker 1: to get the information. Well, uh, you know, people have 28 00:01:39,319 --> 00:01:42,360 Speaker 1: been saying that you need secure password please, and there 29 00:01:42,360 --> 00:01:45,240 Speaker 1: are news reports about this too. People are still using 30 00:01:45,800 --> 00:01:51,480 Speaker 1: password as their password or obvious terms one, two, three, four. 31 00:01:51,560 --> 00:01:55,800 Speaker 1: That's the kind of thing an idiot puts on his luggage. Hey, so, 32 00:01:56,000 --> 00:01:59,200 Speaker 1: uh yeah, I mean those kinds of things are still 33 00:01:59,240 --> 00:02:03,160 Speaker 1: in practice, and of course you need to use more 34 00:02:03,280 --> 00:02:07,760 Speaker 1: secure passwords, but it's it's it goes deeper than that. 35 00:02:07,800 --> 00:02:12,280 Speaker 1: There's more information out there now about how even using 36 00:02:13,000 --> 00:02:19,040 Speaker 1: stronger passwords alone isn't necessarily going to keep hackers from 37 00:02:19,080 --> 00:02:22,160 Speaker 1: being able to get into your account. You know, think 38 00:02:22,200 --> 00:02:25,240 Speaker 1: about what you're doing. There's there's several several things that 39 00:02:25,280 --> 00:02:29,040 Speaker 1: you have to consider. One of those is the idea 40 00:02:29,120 --> 00:02:32,919 Speaker 1: of linking accounts together, because that means that should one 41 00:02:32,960 --> 00:02:37,160 Speaker 1: account become vulnerable, then those other linked accounts could also 42 00:02:37,200 --> 00:02:40,280 Speaker 1: be vulnerable. That was the case with Matt Honan, right. 43 00:02:40,400 --> 00:02:43,800 Speaker 1: So one of the many problems of his yes UM 44 00:02:44,040 --> 00:02:47,400 Speaker 1: because more identifiable problems because once they got access to 45 00:02:47,440 --> 00:02:50,240 Speaker 1: his Google account, then they were able to reset stuff 46 00:02:50,280 --> 00:02:52,240 Speaker 1: all over the place, and then it turned out that 47 00:02:52,280 --> 00:02:54,720 Speaker 1: all they really wanted was to access his Twitter account, 48 00:02:54,720 --> 00:02:58,359 Speaker 1: which is I guess in a way he's fortunate, but 49 00:02:58,440 --> 00:03:00,920 Speaker 1: it's still pretty crazy every that they managed to do 50 00:03:01,000 --> 00:03:02,640 Speaker 1: in order to do that, and they caused quite a 51 00:03:02,639 --> 00:03:06,000 Speaker 1: bit of damage along the way to matahone in anyway, 52 00:03:06,480 --> 00:03:10,040 Speaker 1: not to mention to the the the public perception of 53 00:03:10,080 --> 00:03:14,399 Speaker 1: security UM on the back end. So that's one thing 54 00:03:14,480 --> 00:03:18,600 Speaker 1: is linking lots of accounts together holds a very specific danger. 55 00:03:18,639 --> 00:03:21,800 Speaker 1: I mean, for one, thing like Facebook Connect or really 56 00:03:21,840 --> 00:03:25,360 Speaker 1: any open i D approach, right, if that system is 57 00:03:25,400 --> 00:03:28,680 Speaker 1: not secure, you have a single point that you can 58 00:03:28,720 --> 00:03:31,919 Speaker 1: target that will give you access to lots of stuff. 59 00:03:32,680 --> 00:03:37,520 Speaker 1: Now that's so sad because for us the consumer, that's 60 00:03:37,600 --> 00:03:40,480 Speaker 1: so helpful having one account that you can log into 61 00:03:40,600 --> 00:03:44,280 Speaker 1: and from there you can authenticate with multiple other services. 62 00:03:44,640 --> 00:03:48,720 Speaker 1: You don't have to build out form after form after form. Uh, 63 00:03:48,960 --> 00:03:52,400 Speaker 1: you know, it's nice. It is a very valu service now. 64 00:03:52,480 --> 00:03:55,600 Speaker 1: And I'm not saying that that Facebook Connect or Open 65 00:03:55,640 --> 00:03:58,120 Speaker 1: Idea or any of that is that they are not secure. 66 00:03:58,200 --> 00:04:01,080 Speaker 1: They're putting they're putting lots of protections in place to 67 00:04:01,080 --> 00:04:04,520 Speaker 1: try and keep user information as safe as possible. It's 68 00:04:04,520 --> 00:04:07,920 Speaker 1: not it's not so much that it's inherently wrongs that 69 00:04:08,360 --> 00:04:12,720 Speaker 1: if something does happen, it can cause serious problem. Right. 70 00:04:12,760 --> 00:04:16,240 Speaker 1: So that's one issue. Another issue is the way that 71 00:04:16,320 --> 00:04:20,320 Speaker 1: we create passwords as users. For those of us who 72 00:04:20,520 --> 00:04:26,159 Speaker 1: are using either very common words or even names. Um, 73 00:04:26,200 --> 00:04:28,120 Speaker 1: even if we think we're being clever by adding a 74 00:04:28,160 --> 00:04:31,480 Speaker 1: few numbers to it, that's not really that secure. And 75 00:04:31,920 --> 00:04:36,960 Speaker 1: if it becomes even more insecure if we're using those 76 00:04:38,080 --> 00:04:45,200 Speaker 1: passwords at multiple accounts. So I think, uh, we we were. 77 00:04:45,279 --> 00:04:48,560 Speaker 1: We both read an article from Ours Technica by Dan 78 00:04:48,600 --> 00:04:52,360 Speaker 1: Gooden called why passwords have never been weaker and crackers 79 00:04:52,360 --> 00:04:55,080 Speaker 1: have never been stronger. It's actually it's a fascinating read, 80 00:04:55,120 --> 00:04:56,919 Speaker 1: and I do recommend you check it out if you 81 00:04:57,040 --> 00:04:59,560 Speaker 1: find this episode interesting, or even if you don't, it's 82 00:04:59,560 --> 00:05:02,760 Speaker 1: a good thing to know. And uh, it's it's typically 83 00:05:03,160 --> 00:05:06,520 Speaker 1: our technically typically get into a more technical detail than 84 00:05:06,640 --> 00:05:08,960 Speaker 1: than articles on how stuff works dot com. But if 85 00:05:08,960 --> 00:05:11,000 Speaker 1: you're if you're really serious about it, there there's a 86 00:05:11,000 --> 00:05:13,600 Speaker 1: lot of important information in there, and we can give 87 00:05:13,640 --> 00:05:16,479 Speaker 1: you kind of the the layman approach to what is 88 00:05:16,480 --> 00:05:18,440 Speaker 1: going on here. But part of that is that I 89 00:05:18,520 --> 00:05:20,680 Speaker 1: remember reading, and it may not have been in this article, 90 00:05:20,760 --> 00:05:23,440 Speaker 1: I do remember reading a statistic that the average user 91 00:05:23,480 --> 00:05:27,040 Speaker 1: has something like six and a half passwords in the Okay, 92 00:05:27,160 --> 00:05:29,120 Speaker 1: so they used six and a half pass And you know, 93 00:05:29,120 --> 00:05:30,800 Speaker 1: of course this is an average. We're not saying someone 94 00:05:30,800 --> 00:05:32,960 Speaker 1: out there's just putting, oh, you know what, I was 95 00:05:33,000 --> 00:05:35,640 Speaker 1: gonna type in my whole password, which is typically password, 96 00:05:35,680 --> 00:05:38,000 Speaker 1: and I'm just gonna type in pass for this one. No, 97 00:05:38,160 --> 00:05:41,080 Speaker 1: that's not what it means sword, it's the average. So 98 00:05:41,279 --> 00:05:43,520 Speaker 1: but that means that, you know, you think the average 99 00:05:43,560 --> 00:05:47,120 Speaker 1: person has around twenty five accounts across the web, but 100 00:05:47,200 --> 00:05:50,000 Speaker 1: they're using on average, six and a half passwords, So 101 00:05:50,400 --> 00:05:53,279 Speaker 1: each password is being used around three times on average. 102 00:05:53,360 --> 00:05:55,159 Speaker 1: I mean, that's again an average. You might have just 103 00:05:55,240 --> 00:05:57,560 Speaker 1: one password that used twenty times and the other three 104 00:05:57,680 --> 00:06:00,400 Speaker 1: used the other five. But I don't to use the 105 00:06:00,480 --> 00:06:04,680 Speaker 1: same password on Google and yeah, who's so I'll use 106 00:06:04,800 --> 00:06:06,400 Speaker 1: one for one and the other one for the other, 107 00:06:06,480 --> 00:06:11,240 Speaker 1: and then I'll use the Google one again for interest, yeah, whatever, 108 00:06:11,800 --> 00:06:14,720 Speaker 1: for Facebook, because they are those are disconnected enough where 109 00:06:14,760 --> 00:06:17,320 Speaker 1: it's not gonna know. That's still a problem unless you 110 00:06:17,320 --> 00:06:19,720 Speaker 1: think that I am a super genius, because I can 111 00:06:19,760 --> 00:06:22,520 Speaker 1: say this, No, I I reused passwords from time to 112 00:06:22,600 --> 00:06:25,040 Speaker 1: time too. I'm guilty of it, just as much as 113 00:06:26,160 --> 00:06:29,920 Speaker 1: the planet. I was awful for a long time. Passwords 114 00:06:30,000 --> 00:06:32,880 Speaker 1: among that that was pretty much mine too. I had 115 00:06:32,920 --> 00:06:35,440 Speaker 1: about three passwords that I used for almost everything. That 116 00:06:35,520 --> 00:06:38,760 Speaker 1: is no longer the case. People, I don't do that anymore. Well, 117 00:06:38,760 --> 00:06:40,480 Speaker 1: I told you I didn't mean you erase all those 118 00:06:40,480 --> 00:06:45,159 Speaker 1: accounts anyway. So that's that's another user behavior, and we'll 119 00:06:45,160 --> 00:06:48,080 Speaker 1: get more into that in a minute. But then the 120 00:06:48,240 --> 00:06:54,000 Speaker 1: third piece is how safe are those passwords within the 121 00:06:54,080 --> 00:06:59,640 Speaker 1: databases of the companies that hold those passwords. So if 122 00:06:59,680 --> 00:07:02,080 Speaker 1: you are a cracker, you know a hacker who is 123 00:07:02,120 --> 00:07:06,000 Speaker 1: specifically trying to crack into security systems, and you have 124 00:07:06,400 --> 00:07:10,360 Speaker 1: identified a potential target to try and get at their 125 00:07:10,440 --> 00:07:15,600 Speaker 1: password database, then uh, if it's if it's one where 126 00:07:15,840 --> 00:07:20,560 Speaker 1: the user base of that service or company also typically 127 00:07:20,680 --> 00:07:25,000 Speaker 1: has accounts at other places you've managed to not just 128 00:07:25,040 --> 00:07:27,840 Speaker 1: get the passwords for that one account, but knowing that 129 00:07:27,880 --> 00:07:31,040 Speaker 1: people tend to reuse their passwords, you might actually have 130 00:07:31,120 --> 00:07:36,960 Speaker 1: access to multiple services. Now, there are ways that companies 131 00:07:36,960 --> 00:07:39,680 Speaker 1: can protect against this, not just by building a good 132 00:07:39,720 --> 00:07:44,080 Speaker 1: security system that's hard to crack, but also by uh 133 00:07:44,440 --> 00:07:48,400 Speaker 1: encrypting those passwords in the database, so that if you 134 00:07:48,480 --> 00:07:51,200 Speaker 1: get that database, yes you've got a whole bunch of data, 135 00:07:51,280 --> 00:07:54,960 Speaker 1: but it does not translate directly to the passwords because 136 00:07:54,960 --> 00:07:58,640 Speaker 1: it's been put through a hashing algorithm. Yeah, and there's 137 00:07:58,680 --> 00:08:03,160 Speaker 1: there are several sort of standard hashing algorithms, so basically 138 00:08:03,160 --> 00:08:06,360 Speaker 1: it's a it's a little like uh email encryption too. 139 00:08:07,040 --> 00:08:10,120 Speaker 1: So you have, let's just pick pass the four letter 140 00:08:10,160 --> 00:08:13,400 Speaker 1: word pass um, you put it through the hashing algorithm, 141 00:08:13,600 --> 00:08:16,120 Speaker 1: and on the other side of it, the letters and 142 00:08:16,200 --> 00:08:20,480 Speaker 1: numbers that make up the encrypted information look nothing like that. 143 00:08:20,640 --> 00:08:23,760 Speaker 1: And it might be that your four letter password has 144 00:08:23,760 --> 00:08:27,800 Speaker 1: just become a thirty two letter encrypted string of characters. Yeah. 145 00:08:27,840 --> 00:08:30,320 Speaker 1: So somebody seeing that written down, say on a piece 146 00:08:30,360 --> 00:08:33,360 Speaker 1: of paper, is not going to have any idea what 147 00:08:33,400 --> 00:08:35,040 Speaker 1: that is, and they're not really going to have any 148 00:08:35,040 --> 00:08:40,040 Speaker 1: way to decipher it. And theoretically it's pretty well, uh, 149 00:08:40,120 --> 00:08:43,840 Speaker 1: pretty well protected right theoretically. But here's the problem is 150 00:08:43,880 --> 00:08:48,239 Speaker 1: that not first of all, not every company has historically 151 00:08:48,400 --> 00:08:52,120 Speaker 1: encrypted all those passwords. And there have been cases where 152 00:08:52,440 --> 00:08:55,640 Speaker 1: crackers have gotten access to a password database that was 153 00:08:55,679 --> 00:08:58,880 Speaker 1: stored in plain text. That means that the password that 154 00:08:58,960 --> 00:09:03,319 Speaker 1: you type in appears in that database as you typed it, 155 00:09:03,640 --> 00:09:07,200 Speaker 1: so there's no hidden you know, code or anything. You've 156 00:09:07,200 --> 00:09:10,400 Speaker 1: got those passwords, Well, that's very valuable to a cracker 157 00:09:10,520 --> 00:09:12,400 Speaker 1: for more than just the fact that they now have 158 00:09:12,480 --> 00:09:15,439 Speaker 1: access to your account. What's also valuable is that they 159 00:09:15,440 --> 00:09:22,959 Speaker 1: now have a list of words that people use as passwords. So, uh, 160 00:09:23,000 --> 00:09:25,439 Speaker 1: there's a there's a type of attack we should talk about, 161 00:09:25,520 --> 00:09:29,360 Speaker 1: the brute force attack. A brute force attack is when 162 00:09:29,880 --> 00:09:33,480 Speaker 1: a cracker tries to get access to a system by 163 00:09:33,559 --> 00:09:37,600 Speaker 1: filling out the essentially filling out the password field multiple 164 00:09:37,640 --> 00:09:42,840 Speaker 1: times until they get a positive result. And um, one 165 00:09:42,880 --> 00:09:45,440 Speaker 1: way of doing a brute force attack, A very common 166 00:09:45,440 --> 00:09:48,080 Speaker 1: way is to do what's called a dictionary attack, where 167 00:09:48,120 --> 00:09:52,600 Speaker 1: you take you create a virtual dictionary of words that 168 00:09:52,720 --> 00:09:55,720 Speaker 1: you use as the basis for passwords, knowing that a 169 00:09:55,760 --> 00:09:59,240 Speaker 1: lot of people will pick a common dictionary word as 170 00:09:59,360 --> 00:10:03,040 Speaker 1: the basis of their password hard wark antelope ant eater. 171 00:10:03,200 --> 00:10:05,920 Speaker 1: You know, it just goes all the way through animals 172 00:10:05,960 --> 00:10:08,840 Speaker 1: for some reason. But something else that they'll do as 173 00:10:08,880 --> 00:10:13,520 Speaker 1: part of this dictionary attack what they'll start adding changing symbols. 174 00:10:13,679 --> 00:10:16,840 Speaker 1: So let's say your your password is ard vark, but 175 00:10:17,040 --> 00:10:22,080 Speaker 1: you're being clever and changing the a's symbols to add symbols. 176 00:10:22,160 --> 00:10:24,439 Speaker 1: And uh, you know, let's say you pick a word 177 00:10:24,679 --> 00:10:27,439 Speaker 1: with with ease in it and you change them to threes. 178 00:10:27,840 --> 00:10:31,679 Speaker 1: They try those two, yeah, because those are very common approaches. 179 00:10:31,720 --> 00:10:33,920 Speaker 1: And yes, you know, keeping in mind that most of 180 00:10:34,040 --> 00:10:36,720 Speaker 1: us are using passwords that are easy for us to remember, 181 00:10:37,200 --> 00:10:42,680 Speaker 1: and the more random ish or seemingly random these passwords get, 182 00:10:42,720 --> 00:10:45,200 Speaker 1: the harder it is for us to recall them. So, 183 00:10:45,520 --> 00:10:48,679 Speaker 1: knowing that's a weakness, the cracker can say, all right, well, 184 00:10:48,760 --> 00:10:51,160 Speaker 1: let's go with all these words, and let's go with 185 00:10:51,240 --> 00:10:54,560 Speaker 1: the various variations we would expect people to use with 186 00:10:54,640 --> 00:10:57,000 Speaker 1: these words. And even if you've done stuff like just 187 00:10:57,040 --> 00:10:59,520 Speaker 1: added a couple of numbers at the end, that's not 188 00:10:59,600 --> 00:11:01,760 Speaker 1: always a tough thing either. They can start going through 189 00:11:01,800 --> 00:11:05,920 Speaker 1: all of these different variations, adding various numbers at the end, 190 00:11:05,960 --> 00:11:08,720 Speaker 1: if they know how many characters your password is, that 191 00:11:08,840 --> 00:11:12,520 Speaker 1: already has given them a huge advantage. And the reason 192 00:11:12,559 --> 00:11:15,640 Speaker 1: why this is possible is because we've got processors out 193 00:11:15,679 --> 00:11:19,280 Speaker 1: there that can do these these calculations in parallel. You know, 194 00:11:19,320 --> 00:11:21,720 Speaker 1: if you were to do them all one after the other, 195 00:11:22,200 --> 00:11:26,160 Speaker 1: it may take you centuries to get through all the 196 00:11:26,200 --> 00:11:30,520 Speaker 1: possibilities of a particular password, depending on how many characters 197 00:11:30,520 --> 00:11:34,360 Speaker 1: there are within that password. In Hollywood, Hollywood computers can 198 00:11:34,520 --> 00:11:37,640 Speaker 1: do a executive brute force attacking about twelve seconds. Yeah, 199 00:11:37,880 --> 00:11:40,480 Speaker 1: well sometimes that can happen here too, but that's generally 200 00:11:40,480 --> 00:11:42,080 Speaker 1: not the way it works. Well, that's that's one of 201 00:11:42,080 --> 00:11:44,559 Speaker 1: the interesting things about this article is you learn from 202 00:11:44,559 --> 00:11:48,480 Speaker 1: reading that UH an attack like this doesn't take very 203 00:11:48,520 --> 00:11:55,679 Speaker 1: long at all at most, assuming that you're not following 204 00:11:55,920 --> 00:12:00,559 Speaker 1: really really strong password particles. Um. Yeah, it turns out 205 00:12:00,600 --> 00:12:03,360 Speaker 1: that it's like, because of this parallel processing, you've got 206 00:12:03,400 --> 00:12:08,480 Speaker 1: a processor that's working on multiple UH approaches to this 207 00:12:08,559 --> 00:12:11,640 Speaker 1: logan attempt. So we can go through all these different variations. 208 00:12:11,720 --> 00:12:15,920 Speaker 1: Even when there are billions and billions, as Karl Sagan 209 00:12:15,960 --> 00:12:19,920 Speaker 1: would say, of variations of passwords, the processor can go 210 00:12:20,000 --> 00:12:23,160 Speaker 1: through so many so quickly. You know, each each thread 211 00:12:23,200 --> 00:12:26,240 Speaker 1: in that parallel processing is moving at an incredible rate, 212 00:12:26,679 --> 00:12:30,079 Speaker 1: and you've got multiple threads all going Uh. There are 213 00:12:30,080 --> 00:12:33,160 Speaker 1: crackers who use graphics processing units g p used to 214 00:12:33,240 --> 00:12:35,960 Speaker 1: do this. They because they GPUs are designed to be 215 00:12:36,000 --> 00:12:39,920 Speaker 1: parallel processors. Yeah. Even even though they're designed primarily to 216 00:12:40,200 --> 00:12:44,760 Speaker 1: handle graphics instructions and display them on your your monitor, 217 00:12:45,240 --> 00:12:50,280 Speaker 1: GPUs can be uh pressed into service, let's say, by 218 00:12:50,920 --> 00:12:55,400 Speaker 1: a program by a software that that can specifically UM 219 00:12:55,559 --> 00:12:58,920 Speaker 1: send instructions to it. So what people do, UM, there 220 00:12:58,960 --> 00:13:02,040 Speaker 1: are open source program ms that you can use to 221 00:13:02,480 --> 00:13:08,520 Speaker 1: uh assign password cracking to your GPU. UM sad to say, 222 00:13:08,600 --> 00:13:11,160 Speaker 1: and and one of the uh the interesting stories that 223 00:13:11,240 --> 00:13:12,959 Speaker 1: are one of the the interesting bits that I read from 224 00:13:13,000 --> 00:13:18,520 Speaker 1: this article too was UH that people have grown increasingly 225 00:13:18,679 --> 00:13:23,199 Speaker 1: intelligent about the way they save cracked passwords. So they're 226 00:13:23,200 --> 00:13:29,160 Speaker 1: saving up dictionary attack type information. And so if you 227 00:13:29,280 --> 00:13:34,439 Speaker 1: use you know, password one is your password on one site, UM, 228 00:13:34,520 --> 00:13:36,880 Speaker 1: and they want to hack in to your account at 229 00:13:36,920 --> 00:13:41,720 Speaker 1: the House of Online Grapefruit, they might try they and 230 00:13:41,720 --> 00:13:44,120 Speaker 1: they've got your information. They could try it there too, 231 00:13:44,120 --> 00:13:45,920 Speaker 1: to see if you've used your password on more than 232 00:13:45,960 --> 00:13:49,440 Speaker 1: one site. So that makes it increasingly dangerous for you 233 00:13:49,520 --> 00:13:53,480 Speaker 1: to use the same password in multiple locations because there 234 00:13:53,559 --> 00:13:57,400 Speaker 1: is a growing database of password information that that people 235 00:13:57,440 --> 00:14:00,480 Speaker 1: are saving, not just throwing away once an attack is 236 00:14:00,480 --> 00:14:03,160 Speaker 1: completely That database also means that they can look at 237 00:14:03,200 --> 00:14:06,439 Speaker 1: things like frequencies, like how frequently are people using this 238 00:14:06,600 --> 00:14:09,640 Speaker 1: specific word or variations of this word as a password. 239 00:14:09,880 --> 00:14:12,320 Speaker 1: And the more people who use it, the more you're like, 240 00:14:12,360 --> 00:14:14,280 Speaker 1: all right, well let's bump this up the list. It's 241 00:14:14,320 --> 00:14:17,240 Speaker 1: more of a likely candidate for a password. So, you know, 242 00:14:17,480 --> 00:14:19,760 Speaker 1: we like to think that the passwords we choose are unique, 243 00:14:20,440 --> 00:14:23,720 Speaker 1: but that's if we're basing it off a name or 244 00:14:23,760 --> 00:14:26,880 Speaker 1: a word. That's not the case. There are lots of 245 00:14:26,880 --> 00:14:29,600 Speaker 1: people out there using lots of passwords, and there's a 246 00:14:29,600 --> 00:14:31,560 Speaker 1: good chance that someone out there is using the same 247 00:14:31,640 --> 00:14:35,480 Speaker 1: quote unquote unique password. You are. Just remember your unique 248 00:14:35,600 --> 00:14:39,440 Speaker 1: just like everybody else. You know, when everybody is special, 249 00:14:39,920 --> 00:14:46,320 Speaker 1: no one is. It's incredible. Um. The so yeah, the 250 00:14:46,320 --> 00:14:50,200 Speaker 1: the the database can tell the cracker all right, Well, 251 00:14:50,760 --> 00:14:52,680 Speaker 1: not only am I using a dictionary attack, but I'm 252 00:14:52,760 --> 00:14:57,240 Speaker 1: using a curated dictionary attack in a way, because these 253 00:14:57,240 --> 00:14:59,920 Speaker 1: are the known passwords that are floating out there and 254 00:15:00,000 --> 00:15:01,600 Speaker 1: the world, and these are the ones that are really 255 00:15:01,640 --> 00:15:04,760 Speaker 1: popular that lots of people use. So we'll go through 256 00:15:04,800 --> 00:15:07,280 Speaker 1: all the variations of these first, and you just you 257 00:15:07,320 --> 00:15:10,520 Speaker 1: tweak your cracking program to do that so that you 258 00:15:10,680 --> 00:15:14,000 Speaker 1: can get the the largest number of results in the 259 00:15:14,080 --> 00:15:16,200 Speaker 1: least amount of time. And another thing you can do 260 00:15:16,320 --> 00:15:19,520 Speaker 1: is once you've figured out these passwords that are very popular, 261 00:15:20,400 --> 00:15:23,040 Speaker 1: that helps you determine other things, Like there are only 262 00:15:23,160 --> 00:15:27,200 Speaker 1: so many hashing algorithms that are really popular out there 263 00:15:27,200 --> 00:15:30,600 Speaker 1: in the world of computer security, right, so if you 264 00:15:30,680 --> 00:15:35,280 Speaker 1: know which hashing algorithm there the particular company is using, 265 00:15:36,000 --> 00:15:38,240 Speaker 1: and you are able to get let's say you get 266 00:15:38,320 --> 00:15:41,680 Speaker 1: access to their encrypted password database. So now you've got 267 00:15:41,720 --> 00:15:44,720 Speaker 1: a list of passwords that are encrypted, so you cannot 268 00:15:44,800 --> 00:15:47,080 Speaker 1: just look at them and know what the passwords are. 269 00:15:47,560 --> 00:15:50,160 Speaker 1: If you are able to determine which security protocol they're 270 00:15:50,240 --> 00:15:55,520 Speaker 1: using and you have this massive database of um of 271 00:15:55,200 --> 00:15:58,200 Speaker 1: of of passwords that are really popular, you can run 272 00:15:58,240 --> 00:16:02,160 Speaker 1: those passwords through the same encryption algorithm to look at 273 00:16:02,160 --> 00:16:04,760 Speaker 1: the hashes that come out and then start matching them 274 00:16:04,840 --> 00:16:07,200 Speaker 1: up with the stuff that was in the database. So 275 00:16:07,240 --> 00:16:09,600 Speaker 1: you're still cracking the passwords. You're just going about in 276 00:16:09,600 --> 00:16:12,360 Speaker 1: a different way as far as this brute force attack 277 00:16:12,440 --> 00:16:15,360 Speaker 1: is concerned. It's still a brute force attack. It's just 278 00:16:15,520 --> 00:16:19,360 Speaker 1: doing it in a kind of an odd roundabout way. 279 00:16:19,400 --> 00:16:21,760 Speaker 1: Because you've got the you've got the hash of the password, 280 00:16:22,520 --> 00:16:25,480 Speaker 1: you've got the security protocol that's being used. Now you're 281 00:16:25,480 --> 00:16:29,800 Speaker 1: trying to guess the original word that created that hashed password. 282 00:16:30,360 --> 00:16:32,760 Speaker 1: Once you're able to do that, that account is no 283 00:16:32,800 --> 00:16:35,680 Speaker 1: longer secure. And if that again, if you're using that 284 00:16:35,720 --> 00:16:39,800 Speaker 1: same password elsewhere, those accounts aren't secure. UM. So you 285 00:16:39,880 --> 00:16:42,880 Speaker 1: might be asking yourself, hey, if there are crackers out 286 00:16:42,880 --> 00:16:46,840 Speaker 1: there who have these really advanced tools that can either 287 00:16:47,520 --> 00:16:51,200 Speaker 1: figure out a password or uh, you know, kind of 288 00:16:51,440 --> 00:16:54,640 Speaker 1: work down a list so that the the passwords I 289 00:16:54,760 --> 00:16:58,640 Speaker 1: use are vulnerable, how do I how do I protect myself? 290 00:16:59,200 --> 00:17:00,680 Speaker 1: And there are a few things you can do. One 291 00:17:00,880 --> 00:17:05,119 Speaker 1: is use a unique password for every service that you 292 00:17:05,240 --> 00:17:09,199 Speaker 1: log into, which is incredibly difficult if you're doing it 293 00:17:09,240 --> 00:17:11,800 Speaker 1: on your own, which is why I would suggest getting 294 00:17:11,800 --> 00:17:15,159 Speaker 1: a password manager program. And there are a lot of 295 00:17:15,200 --> 00:17:18,280 Speaker 1: them out there. There are some that are free, there's 296 00:17:18,280 --> 00:17:21,080 Speaker 1: some that you pay for. Um, there's some that are 297 00:17:21,119 --> 00:17:24,320 Speaker 1: in the cloud. There are some that are based on 298 00:17:24,359 --> 00:17:28,840 Speaker 1: your system. Yeah. Uh, you use a password manager, right, 299 00:17:29,119 --> 00:17:32,359 Speaker 1: I do as well, um, and I'll go ahead and 300 00:17:32,400 --> 00:17:34,920 Speaker 1: say which one I use. I use dash Lane, which 301 00:17:35,200 --> 00:17:37,920 Speaker 1: uh I tried out for the first time this year 302 00:17:38,040 --> 00:17:42,640 Speaker 1: and I like it well enough. Um. It saves passwords 303 00:17:42,640 --> 00:17:45,600 Speaker 1: and if you want, it will generate a password for you, 304 00:17:45,720 --> 00:17:48,080 Speaker 1: so you don't have to just come up with a 305 00:17:48,119 --> 00:17:50,320 Speaker 1: string of things. It'll it'll do it for you and 306 00:17:50,400 --> 00:17:53,800 Speaker 1: save it to your account. You create a master password 307 00:17:54,440 --> 00:17:58,240 Speaker 1: that is a strong password, meaning that there are upper 308 00:17:58,240 --> 00:18:01,960 Speaker 1: and lower case letters. There's a numbers in there. Uh, 309 00:18:02,000 --> 00:18:03,680 Speaker 1: and all you have to do is remember that one. 310 00:18:04,240 --> 00:18:07,000 Speaker 1: Which that sounds tricky, but I'll give you a hint 311 00:18:07,080 --> 00:18:09,440 Speaker 1: on how to do something like that if you want 312 00:18:09,480 --> 00:18:13,080 Speaker 1: to try it yourself. You create a master password. Uh. 313 00:18:13,119 --> 00:18:17,000 Speaker 1: Then when you log into your dash ling account in 314 00:18:17,040 --> 00:18:19,720 Speaker 1: my case, you then have access to all the other 315 00:18:19,720 --> 00:18:22,639 Speaker 1: passwords that are that that dash Lane generates. So I 316 00:18:22,640 --> 00:18:26,440 Speaker 1: actually went in to all my accounts and used the 317 00:18:26,520 --> 00:18:30,160 Speaker 1: dash Lane password generator program and it creates a ten 318 00:18:30,359 --> 00:18:35,919 Speaker 1: character long strong password that's unique. So none of my 319 00:18:35,960 --> 00:18:39,800 Speaker 1: accounts used the same ones anymore. They're all ten characters long, 320 00:18:40,359 --> 00:18:45,640 Speaker 1: they are a mix of various characters and uh. When 321 00:18:45,680 --> 00:18:49,560 Speaker 1: you get to about nine characters, and if it's a 322 00:18:49,600 --> 00:18:53,159 Speaker 1: truly you know, or at least a seemingly random series 323 00:18:53,160 --> 00:18:57,240 Speaker 1: of characters and numbers, uh, the difficulty of cracking that 324 00:18:57,320 --> 00:19:01,639 Speaker 1: password escalates dramatically. So it might go from a matter 325 00:19:01,760 --> 00:19:04,639 Speaker 1: of days, two weeks or months. And the harder you 326 00:19:04,680 --> 00:19:08,520 Speaker 1: make it to crack, the more likely your information will 327 00:19:08,840 --> 00:19:12,680 Speaker 1: be safe so or that it will just be difficult 328 00:19:12,720 --> 00:19:16,239 Speaker 1: for anyone to guess. Um. So that's the purpose of 329 00:19:16,280 --> 00:19:19,640 Speaker 1: creating these strong passwords and the purpose for the password managers, 330 00:19:19,720 --> 00:19:24,399 Speaker 1: because strong passwords are hard to remember. Um, so all 331 00:19:24,440 --> 00:19:27,080 Speaker 1: I have to do is remember my one master password. 332 00:19:27,119 --> 00:19:28,760 Speaker 1: Here's the hint I was gonna make. So if you 333 00:19:28,800 --> 00:19:35,000 Speaker 1: want to make a strong password, like a master strong password, uh, 334 00:19:35,040 --> 00:19:38,240 Speaker 1: it's best that you come up with a phrase that 335 00:19:38,320 --> 00:19:42,399 Speaker 1: you will not forget and it it's great if the 336 00:19:42,440 --> 00:19:47,359 Speaker 1: phrase also has a proper noun somewhere after the first word, 337 00:19:47,680 --> 00:19:49,639 Speaker 1: so that you have some capitals in there as well. 338 00:19:50,040 --> 00:19:52,600 Speaker 1: And you need a number, like a four digit number 339 00:19:52,640 --> 00:19:57,520 Speaker 1: is best. So for example, you might say Dad's first 340 00:19:57,720 --> 00:20:03,760 Speaker 1: car was a eighteen fifty six Volkswagen bug. M all right, 341 00:20:04,200 --> 00:20:06,840 Speaker 1: So then your password. You take the first letter off 342 00:20:06,880 --> 00:20:09,400 Speaker 1: of each of those words and the number and you 343 00:20:09,520 --> 00:20:13,199 Speaker 1: put them together and that becomes your password. So the 344 00:20:13,240 --> 00:20:16,040 Speaker 1: first letter would be upper case D for Dad's and 345 00:20:16,040 --> 00:20:19,280 Speaker 1: then first car, so it's upper case D, lower case F, 346 00:20:19,920 --> 00:20:24,160 Speaker 1: lower case C, lower case W, lower case A. Then 347 00:20:24,200 --> 00:20:29,440 Speaker 1: you have the one and then uppercase V upper case 348 00:20:29,480 --> 00:20:33,080 Speaker 1: B for Volkswagen bug. That could be your master password. 349 00:20:33,400 --> 00:20:36,399 Speaker 1: And when you look at it as just a string 350 00:20:36,440 --> 00:20:40,120 Speaker 1: of letters and numbers, it looks meaningless. You know, there's 351 00:20:40,160 --> 00:20:44,280 Speaker 1: no there's no phrase that's evident right there immediately unless 352 00:20:44,359 --> 00:20:47,000 Speaker 1: you happen to have already known it. So don't tell 353 00:20:47,080 --> 00:20:51,480 Speaker 1: people you're, oh, I gotta change my password. Yeah, but no, 354 00:20:51,680 --> 00:20:54,679 Speaker 1: don't tell people what your phrases. But make it a 355 00:20:54,680 --> 00:20:59,679 Speaker 1: phrase that is easy to remember and uh, and that 356 00:20:59,720 --> 00:21:03,879 Speaker 1: could your master password, and don't use it again. Just 357 00:21:04,080 --> 00:21:06,720 Speaker 1: use it for your master password, and then use the 358 00:21:06,800 --> 00:21:10,640 Speaker 1: password generator or a password generator if you don't want 359 00:21:10,640 --> 00:21:13,920 Speaker 1: to trust one thing with it. But it's it's easier 360 00:21:13,920 --> 00:21:17,399 Speaker 1: to use a password managers onboard password generator because they 361 00:21:17,400 --> 00:21:20,680 Speaker 1: can save it directly to your account. Otherwise you're gonna 362 00:21:20,680 --> 00:21:24,840 Speaker 1: have to transfer that that password to whatever your manager 363 00:21:24,920 --> 00:21:30,359 Speaker 1: is UM and then that way you've got a vault 364 00:21:30,359 --> 00:21:36,080 Speaker 1: of passwords that are encrypted, that are ten characters, hopefully 365 00:21:36,119 --> 00:21:38,639 Speaker 1: at least ten characters nine or ten characters at the 366 00:21:38,760 --> 00:21:44,840 Speaker 1: very least, and are strong. It's funny. It's it's rather 367 00:21:44,880 --> 00:21:47,960 Speaker 1: than coming up with a mnemonic device to remember your password, 368 00:21:47,960 --> 00:21:51,800 Speaker 1: you start with them mnemonic device and from it from it. Yeah, 369 00:21:51,840 --> 00:21:54,320 Speaker 1: I think that that's way easier, because that is I've 370 00:21:54,400 --> 00:21:59,320 Speaker 1: used a password generator before that creates a random string 371 00:21:59,359 --> 00:22:02,679 Speaker 1: of characters and then tells you it's easy to remember this. 372 00:22:03,119 --> 00:22:07,920 Speaker 1: Just remember echo Bravos seven Delta delta bro. You know, 373 00:22:07,960 --> 00:22:10,800 Speaker 1: I'm like, this is that? Where are you from? Where 374 00:22:10,840 --> 00:22:14,800 Speaker 1: that is easy? How is how is remembering a random 375 00:22:14,840 --> 00:22:19,080 Speaker 1: selection of echoes and Bravos and et cetera numbers easier 376 00:22:19,119 --> 00:22:22,600 Speaker 1: than say, just remembering e e blah blah. You know, like, 377 00:22:23,160 --> 00:22:25,880 Speaker 1: that's not easier to me. But this other method where 378 00:22:25,880 --> 00:22:29,840 Speaker 1: you create a mnemonic device first and then convert that 379 00:22:29,880 --> 00:22:33,639 Speaker 1: into a strong password, makes way more sense to me. 380 00:22:34,840 --> 00:22:39,880 Speaker 1: And uh again, because you know, the output of it 381 00:22:40,000 --> 00:22:44,399 Speaker 1: is a seemingly random string of letters and numbers. Uh, 382 00:22:44,440 --> 00:22:49,040 Speaker 1: it's not something that's easy for a computer to guess. Yeah, well, um, 383 00:22:49,080 --> 00:22:52,800 Speaker 1: I use one password by agile bits um, which is 384 00:22:52,880 --> 00:22:56,159 Speaker 1: a you can get as a desktop application for Windows 385 00:22:56,240 --> 00:23:00,400 Speaker 1: or Mac. UM also works on iOS and Android UM 386 00:23:00,440 --> 00:23:02,639 Speaker 1: and uh you know it has a browser plug in 387 00:23:02,960 --> 00:23:06,600 Speaker 1: too on the desktop so that you uh, say, you 388 00:23:06,720 --> 00:23:10,600 Speaker 1: visit a site where you have a um an account, 389 00:23:10,960 --> 00:23:13,080 Speaker 1: maybe a shopping site, maybe a banking site or something 390 00:23:13,119 --> 00:23:15,159 Speaker 1: like that for example, So you have your log in 391 00:23:15,200 --> 00:23:17,280 Speaker 1: and password, you have to log in and has a 392 00:23:17,320 --> 00:23:19,239 Speaker 1: little button and you press the button in it you know, 393 00:23:19,440 --> 00:23:21,840 Speaker 1: says what is your overall passwords? He is your master 394 00:23:21,880 --> 00:23:24,920 Speaker 1: password in there, and then as soon as you uh 395 00:23:25,040 --> 00:23:28,240 Speaker 1: log in, you'll be given an opportunity to log into 396 00:23:28,240 --> 00:23:31,200 Speaker 1: the site and it submits the information for you. Yeah, 397 00:23:31,200 --> 00:23:34,639 Speaker 1: this is important if you're using a someone else's computer 398 00:23:34,840 --> 00:23:37,760 Speaker 1: and you are using a browser to navigate to something. 399 00:23:38,280 --> 00:23:41,639 Speaker 1: And you know, again, if you've created these these strong passwords, 400 00:23:42,200 --> 00:23:44,840 Speaker 1: remembering each one is going to be really hard. And 401 00:23:44,880 --> 00:23:46,439 Speaker 1: if you and it's not like you're gonna go and 402 00:23:46,520 --> 00:23:50,560 Speaker 1: install your you know, you don't want to install the 403 00:23:50,680 --> 00:23:53,640 Speaker 1: desktop program on someone else's computer. I mean, that's not 404 00:23:54,000 --> 00:23:57,040 Speaker 1: your job. It's their computer. Especially like let's say that 405 00:23:57,080 --> 00:23:58,879 Speaker 1: you're at a library or something and you want to 406 00:23:58,920 --> 00:24:01,040 Speaker 1: log in and check l but you've used one of 407 00:24:01,080 --> 00:24:05,200 Speaker 1: these strong password vaults using something that has a web 408 00:24:05,200 --> 00:24:08,480 Speaker 1: browser interface in it, so that you can log into 409 00:24:08,480 --> 00:24:12,120 Speaker 1: the service and access those passwords and then log out 410 00:24:12,320 --> 00:24:16,359 Speaker 1: and those passwords are no longer there. That's important. Yeah, yeah, 411 00:24:16,440 --> 00:24:19,160 Speaker 1: and uh, it does give you a one password. Also 412 00:24:19,160 --> 00:24:22,880 Speaker 1: gives you the opportunity to when you're creating a password, um, 413 00:24:23,359 --> 00:24:25,920 Speaker 1: to make it as longer as short as you need 414 00:24:25,960 --> 00:24:29,200 Speaker 1: to really so, or include symbols, or not to include symbols. 415 00:24:29,240 --> 00:24:33,640 Speaker 1: So one of the important tips that this article that 416 00:24:33,640 --> 00:24:36,480 Speaker 1: that Jonathan and I read points out is that eight 417 00:24:36,680 --> 00:24:42,560 Speaker 1: digit or eight character passwords are easier to crack than 418 00:24:42,920 --> 00:24:46,360 Speaker 1: longer ones. So if you're you're presented with a a website, 419 00:24:46,400 --> 00:24:49,399 Speaker 1: you're you're filling out the information for the account, it says, oh, well, 420 00:24:49,440 --> 00:24:52,440 Speaker 1: your password needs to be six characters are longer. Don't 421 00:24:52,440 --> 00:24:55,480 Speaker 1: pick a six character password? Is the is the simple 422 00:24:55,600 --> 00:24:58,080 Speaker 1: thing for that, whether it's your own or one that 423 00:24:58,320 --> 00:25:03,240 Speaker 1: uh one of many many very capable password generators. Um. Yeah, 424 00:25:03,440 --> 00:25:05,760 Speaker 1: As Jonathan said, these are the two that we picked, 425 00:25:05,800 --> 00:25:08,080 Speaker 1: but there are lots of them out They're great. There 426 00:25:08,119 --> 00:25:10,359 Speaker 1: are a lot of them, and they all like you 427 00:25:10,400 --> 00:25:13,560 Speaker 1: can read reviews of them and uh. And you know, 428 00:25:13,600 --> 00:25:18,280 Speaker 1: these are companies that their reputation is completely built upon 429 00:25:18,359 --> 00:25:21,960 Speaker 1: how reliable they are and that and how upfront and 430 00:25:22,000 --> 00:25:24,919 Speaker 1: transparent they are in the sense of they're not using 431 00:25:25,280 --> 00:25:29,080 Speaker 1: data themselves to get access to stuff. In fact, most 432 00:25:29,119 --> 00:25:33,160 Speaker 1: of these companies have the information encrypted so that they 433 00:25:33,160 --> 00:25:37,679 Speaker 1: don't have any idea what passwords you are using. Because 434 00:25:37,680 --> 00:25:40,080 Speaker 1: it's just like we were talking about with the the 435 00:25:40,119 --> 00:25:44,480 Speaker 1: password databases, where all they are encrypted passwords, same sort 436 00:25:44,520 --> 00:25:46,680 Speaker 1: of thing. They they have no way of knowing what 437 00:25:46,760 --> 00:25:50,879 Speaker 1: you chose as your various passwords. They just provide the 438 00:25:51,440 --> 00:25:53,760 Speaker 1: hard the world the software that that lets you do it. 439 00:25:54,480 --> 00:25:56,159 Speaker 1: So yeah, if you can, if you can choose a 440 00:25:56,200 --> 00:26:00,320 Speaker 1: password manager that allow you to create longer passwords and 441 00:26:00,400 --> 00:26:03,960 Speaker 1: to save them automatically in the in your database, that's 442 00:26:03,960 --> 00:26:06,720 Speaker 1: a good thing, especially if your database is encrypted wherever 443 00:26:06,800 --> 00:26:08,480 Speaker 1: it is, whether it's on the cloud or on your 444 00:26:08,560 --> 00:26:11,800 Speaker 1: your hard drive or your phone. UM. You know those 445 00:26:11,880 --> 00:26:16,400 Speaker 1: that's important to know. UM. Also, one of the interesting things, 446 00:26:16,400 --> 00:26:18,560 Speaker 1: and this is one of those things that companies, do 447 00:26:19,040 --> 00:26:25,120 Speaker 1: that make your security less uh more open. Let's say 448 00:26:25,160 --> 00:26:29,280 Speaker 1: to to being cracked is uh people who for their 449 00:26:29,320 --> 00:26:34,280 Speaker 1: accounts have their email address UM as their user name. 450 00:26:34,320 --> 00:26:37,600 Speaker 1: Because these are this is sort of the equivalent of 451 00:26:37,600 --> 00:26:42,240 Speaker 1: of linking accounts. So you know, anybody, Let's say somebody 452 00:26:42,320 --> 00:26:45,720 Speaker 1: hacks into UM an account like they did with that 453 00:26:46,240 --> 00:26:50,200 Speaker 1: large shopping provider, the one that had all the uh 454 00:26:50,480 --> 00:26:54,480 Speaker 1: loyalty programs or cards. Uh. If they if they say, well, 455 00:26:54,520 --> 00:26:58,800 Speaker 1: all they got was people's email addresses, Well that's an 456 00:26:58,800 --> 00:27:01,760 Speaker 1: important part of the equation. So maybe they'll start using 457 00:27:01,960 --> 00:27:05,040 Speaker 1: that email address that they got from those loyalty cards 458 00:27:05,080 --> 00:27:10,040 Speaker 1: in accounts with Amazon and Facebook and Google and all 459 00:27:10,040 --> 00:27:13,000 Speaker 1: these other places. They may start figuring out where your 460 00:27:13,040 --> 00:27:15,639 Speaker 1: accounts are. If they can figure out, you know, using 461 00:27:15,680 --> 00:27:18,720 Speaker 1: that user name and they identify one of the passwords, 462 00:27:19,160 --> 00:27:24,000 Speaker 1: then the dominoes start to fall. So uh, using multiple 463 00:27:24,359 --> 00:27:28,119 Speaker 1: user names and especially not your email address, you can 464 00:27:28,520 --> 00:27:32,040 Speaker 1: arrange that. That's very helpful as well. UM. You wouldn't 465 00:27:32,040 --> 00:27:34,600 Speaker 1: necessarily think it right off the shelf, but when you 466 00:27:34,640 --> 00:27:38,280 Speaker 1: think that these these people are putting together databases of 467 00:27:38,359 --> 00:27:42,840 Speaker 1: this information, it makes it clear that varying as much 468 00:27:42,840 --> 00:27:46,760 Speaker 1: information as possible is a good idea. Also, changing your 469 00:27:46,800 --> 00:27:51,119 Speaker 1: passwords regularly. Let's say you do have a banking site. Um, 470 00:27:51,280 --> 00:27:55,720 Speaker 1: you have a fifteen character password. It's got four different 471 00:27:55,720 --> 00:27:58,879 Speaker 1: symbols in a upper and lower case letters and numbers. 472 00:27:58,920 --> 00:28:02,119 Speaker 1: That's pretty secure. You should probably change it every few months, 473 00:28:02,560 --> 00:28:04,640 Speaker 1: just to be on the safe side. This is your 474 00:28:04,640 --> 00:28:07,040 Speaker 1: financial information we're talking about. It's a good idea to 475 00:28:07,040 --> 00:28:09,560 Speaker 1: swap it out. And you know, another nice thing is 476 00:28:09,600 --> 00:28:12,280 Speaker 1: a lot of those password managers will even have a 477 00:28:12,359 --> 00:28:15,400 Speaker 1: you know, you can set a reminder on many of 478 00:28:15,440 --> 00:28:18,359 Speaker 1: them that you know they'll they'll keep a track of 479 00:28:18,480 --> 00:28:21,600 Speaker 1: when you established a particular password and let you know 480 00:28:21,680 --> 00:28:24,719 Speaker 1: when it's time you should change it up. And again, 481 00:28:25,040 --> 00:28:26,960 Speaker 1: if you're using one of these that has a password 482 00:28:26,960 --> 00:28:29,240 Speaker 1: generator is part of it, then all it takes is 483 00:28:29,280 --> 00:28:32,760 Speaker 1: logging in and uh often it'll go ahead and fill 484 00:28:32,760 --> 00:28:35,439 Speaker 1: out the forms that you need already and then you 485 00:28:35,480 --> 00:28:38,000 Speaker 1: just press a little button to generate a new password. 486 00:28:38,080 --> 00:28:40,840 Speaker 1: It will save the new password to your account. So 487 00:28:40,960 --> 00:28:42,960 Speaker 1: I mean it's something that takes five seconds once you've 488 00:28:42,960 --> 00:28:45,840 Speaker 1: set up the first time, and uh, you know, five 489 00:28:45,880 --> 00:28:50,080 Speaker 1: seconds of effort to keep crackers at bay is not 490 00:28:50,200 --> 00:28:53,360 Speaker 1: a bad idea. Uh. And keep in mind also that 491 00:28:53,480 --> 00:28:58,680 Speaker 1: as GPUs become more sophisticated, um, as software gets more sophisticated, 492 00:28:58,720 --> 00:29:03,520 Speaker 1: as as these algorithms get more sophisticated, it's gonna get 493 00:29:03,520 --> 00:29:06,600 Speaker 1: harder and harder to protect the password. You know, you 494 00:29:06,600 --> 00:29:10,480 Speaker 1: can play the game of adding more characters, which does 495 00:29:11,320 --> 00:29:16,720 Speaker 1: uh increase the difficulties significantly to get the positive hit. 496 00:29:17,480 --> 00:29:21,760 Speaker 1: So uh, you know, we we can stay ahead just 497 00:29:21,840 --> 00:29:25,000 Speaker 1: by adding longer and longer passwords as we go along. 498 00:29:25,760 --> 00:29:28,800 Speaker 1: But you know that's a game that ultimately we're gonna 499 00:29:28,800 --> 00:29:30,280 Speaker 1: have to sit there and say we need to find 500 00:29:30,320 --> 00:29:33,640 Speaker 1: a new way to protect stuff. Because that's the problem 501 00:29:33,680 --> 00:29:37,000 Speaker 1: is that you know, you're, you're you're just playing a 502 00:29:37,000 --> 00:29:39,560 Speaker 1: game of cat and mouse at that point. And you know, 503 00:29:39,600 --> 00:29:43,360 Speaker 1: we talked about quantum computers a few times. One of 504 00:29:43,400 --> 00:29:45,680 Speaker 1: the potential things a quantum computer could be very good 505 00:29:45,720 --> 00:29:52,880 Speaker 1: at is cracking codes. Because a quantum computer is is 506 00:29:53,360 --> 00:29:59,800 Speaker 1: also really well equipped for parallel processing um. So that's 507 00:30:00,320 --> 00:30:02,480 Speaker 1: something else to think about, is that now. Granted, right now, 508 00:30:02,600 --> 00:30:07,240 Speaker 1: quantum computers are still largely theoretical. There are a few 509 00:30:07,320 --> 00:30:11,640 Speaker 1: working examples, but they're notoriously difficult to design and even 510 00:30:11,760 --> 00:30:16,520 Speaker 1: more difficult to maintain because you know, the slightest alteration 511 00:30:16,680 --> 00:30:21,840 Speaker 1: and they there the whole coherence problem becomes apparent. Yeah, 512 00:30:21,880 --> 00:30:26,280 Speaker 1: either it is or it isn't toward maybe, Um. Yeah, 513 00:30:26,360 --> 00:30:29,520 Speaker 1: and uh I also read another article on on Ours 514 00:30:29,560 --> 00:30:33,560 Speaker 1: Technica by the same author actually, where they had discovered 515 00:30:33,560 --> 00:30:37,920 Speaker 1: that in versions of Windows seven and eight, Um, it's 516 00:30:37,920 --> 00:30:43,480 Speaker 1: possible to get hold of people's security questions. Uh. Now 517 00:30:44,760 --> 00:30:47,520 Speaker 1: that sounds I think it's easy to come off with 518 00:30:47,640 --> 00:30:50,600 Speaker 1: a negative. That seems like it's a negative against Microsoft, 519 00:30:50,640 --> 00:30:52,480 Speaker 1: and I guess in a way it is. But it 520 00:30:52,520 --> 00:30:56,760 Speaker 1: assumes first that the person has the person's computer. You 521 00:30:56,800 --> 00:30:58,719 Speaker 1: would actually have to have their computer to get it, 522 00:30:59,240 --> 00:31:03,000 Speaker 1: and you'd also have and now how to retrieve that information. 523 00:31:03,240 --> 00:31:05,560 Speaker 1: But that goes back to our discussion of Matt Honan too, 524 00:31:05,560 --> 00:31:08,920 Speaker 1: because if uh, you know a lot of these security 525 00:31:08,920 --> 00:31:11,880 Speaker 1: words that you set up to talk to people on 526 00:31:11,920 --> 00:31:15,440 Speaker 1: the phone about your account, or you set them up online. 527 00:31:15,760 --> 00:31:18,239 Speaker 1: You know, what's the name of your first pet, you know, 528 00:31:18,360 --> 00:31:21,600 Speaker 1: and you put in your first dog's name, and then 529 00:31:21,680 --> 00:31:24,800 Speaker 1: you use that in multiple places, then want that was 530 00:31:24,880 --> 00:31:27,560 Speaker 1: what enabled them to get hold of that information? If 531 00:31:27,600 --> 00:31:30,000 Speaker 1: this person got hold of your computer was able to 532 00:31:30,040 --> 00:31:34,040 Speaker 1: pull that out from the log in help. They could 533 00:31:34,120 --> 00:31:36,440 Speaker 1: use that on your accounts too, So it might be 534 00:31:36,480 --> 00:31:39,080 Speaker 1: a little good to use some reverse social engineering. And 535 00:31:39,120 --> 00:31:42,000 Speaker 1: when someone asks you what who what you're uh the 536 00:31:42,080 --> 00:31:44,959 Speaker 1: name of your first dog was or first pet was, 537 00:31:45,360 --> 00:31:50,440 Speaker 1: you put your favorite uh form of salad dressing in 538 00:31:50,440 --> 00:31:54,000 Speaker 1: there instead something something unusual that they wouldn't be able 539 00:31:54,040 --> 00:31:57,680 Speaker 1: to pick. So that, which, by the way, obvious, is 540 00:31:57,720 --> 00:32:01,479 Speaker 1: a blast when you have to call has you've forgotten 541 00:32:01,480 --> 00:32:05,160 Speaker 1: your passwords stuff, and you call in and then they're like, so, 542 00:32:06,120 --> 00:32:12,520 Speaker 1: what's your favorite pets name? Paul Newman's Thousand Island dressing. Yeah, 543 00:32:12,920 --> 00:32:18,640 Speaker 1: that's right. Well I'll tell you that this is and 544 00:32:18,720 --> 00:32:21,480 Speaker 1: anybody who's frustrated by this conversation and will tell you 545 00:32:21,520 --> 00:32:27,440 Speaker 1: that using these super secure passwords and obviously a fustutory 546 00:32:27,960 --> 00:32:31,840 Speaker 1: material here is a pain in the neck because you know, 547 00:32:31,840 --> 00:32:33,520 Speaker 1: if you don't have to have your password manager with 548 00:32:33,520 --> 00:32:35,480 Speaker 1: you when you're on a friends computer logging in to 549 00:32:35,560 --> 00:32:37,840 Speaker 1: check your mail and it's got some kind of thirty 550 00:32:37,840 --> 00:32:41,960 Speaker 1: two character weird password and you don't remember it, and 551 00:32:42,040 --> 00:32:44,480 Speaker 1: you're going, man, I know, no one's ever going to 552 00:32:44,520 --> 00:32:48,000 Speaker 1: crack into this computer. It's a friends computer. I'm fairly saying, well, yeah, 553 00:32:48,040 --> 00:32:51,800 Speaker 1: you probably are fairly safe, but it's probably worth a 554 00:32:51,840 --> 00:32:54,920 Speaker 1: frustration then, more so than it will be having to 555 00:32:54,920 --> 00:32:57,560 Speaker 1: put out all the fires of all the account information 556 00:32:57,560 --> 00:32:59,720 Speaker 1: that you could be giving up otherwise. And it's not 557 00:33:00,120 --> 00:33:02,760 Speaker 1: so much worrying about your friends computer as it is 558 00:33:02,840 --> 00:33:05,880 Speaker 1: worrying about that database that's on the other end of 559 00:33:05,880 --> 00:33:12,280 Speaker 1: this password system. Because, uh, the more passwords a company accumulates, 560 00:33:12,280 --> 00:33:14,120 Speaker 1: as more and more people use its service, the more 561 00:33:14,160 --> 00:33:17,760 Speaker 1: attractive it is as a target to crackers. And they're 562 00:33:17,800 --> 00:33:20,280 Speaker 1: doing you know, that's that's what they do. They look 563 00:33:20,320 --> 00:33:23,040 Speaker 1: at systems and try and find ways of of penetrating it. 564 00:33:23,160 --> 00:33:27,120 Speaker 1: So it's you know, they're not they're not worried about 565 00:33:27,160 --> 00:33:30,520 Speaker 1: getting your your buddy bills computer. They're looking at you know, 566 00:33:31,240 --> 00:33:34,360 Speaker 1: like Mega core that has all those passwords in it. 567 00:33:34,440 --> 00:33:38,280 Speaker 1: That's what they want. So you know, using that easy password, 568 00:33:38,760 --> 00:33:45,520 Speaker 1: while it's convenient, is also ultimately a dangerous thing. And 569 00:33:45,920 --> 00:33:48,560 Speaker 1: you know, I gotta I gotta admit, like, for the 570 00:33:48,760 --> 00:33:54,040 Speaker 1: very long time, I had pretty poor password protection, and 571 00:33:54,320 --> 00:33:56,280 Speaker 1: I just I was just I did not I was 572 00:33:56,320 --> 00:33:59,680 Speaker 1: not very good about it at all. Even as we 573 00:33:59,680 --> 00:34:04,240 Speaker 1: were telling people change your passwords, still wasn't doing as 574 00:34:04,400 --> 00:34:06,160 Speaker 1: as good a job as I should have. But you 575 00:34:06,200 --> 00:34:08,399 Speaker 1: don't back up your hard drive regularly? Oh yes I do, 576 00:34:08,920 --> 00:34:11,640 Speaker 1: I do good. I got well the MAC hard drive, 577 00:34:12,520 --> 00:34:14,520 Speaker 1: my my PC hard drive. I do not back up 578 00:34:14,520 --> 00:34:16,640 Speaker 1: as regularly as I should which really I need to 579 00:34:16,640 --> 00:34:20,400 Speaker 1: start doing that. But the in the neck. But but 580 00:34:20,480 --> 00:34:23,080 Speaker 1: cloud services have made that really a lot better too, 581 00:34:23,640 --> 00:34:26,279 Speaker 1: now you know. Cloud of course has its own set 582 00:34:26,360 --> 00:34:28,600 Speaker 1: of problems, which we've talked about in previous podcasts. But 583 00:34:28,680 --> 00:34:31,400 Speaker 1: everything technological has its own set of problems. You just 584 00:34:31,440 --> 00:34:33,879 Speaker 1: have to decide which ones are the most acceptable set 585 00:34:33,880 --> 00:34:37,520 Speaker 1: of problems for you. So, but I have I have switched. 586 00:34:37,560 --> 00:34:41,279 Speaker 1: I mean I am now I am wholeheartedly in this. 587 00:34:41,920 --> 00:34:44,600 Speaker 1: Let's protect our passwords, especially after saying what happened to Honan. 588 00:34:45,440 --> 00:34:47,640 Speaker 1: I mean, you and I are in the public eye. 589 00:34:47,960 --> 00:34:51,520 Speaker 1: We're not celebrities by any stretch of the imagination. But 590 00:34:51,800 --> 00:34:55,399 Speaker 1: it's not that far, um, it's not. It's not all 591 00:34:55,480 --> 00:34:58,160 Speaker 1: the realm of possibility that someone at some point could say, 592 00:34:58,160 --> 00:35:00,680 Speaker 1: you know what would be funny? Well, and and it 593 00:35:00,800 --> 00:35:03,319 Speaker 1: just really takes somebody getting ahold of your name. Yeah, 594 00:35:03,360 --> 00:35:06,160 Speaker 1: that's why they tell people to shred when you have 595 00:35:06,239 --> 00:35:07,920 Speaker 1: a junk mail or something with your name on it, 596 00:35:07,960 --> 00:35:10,560 Speaker 1: to shred that information. Because I've got one of those two. 597 00:35:10,640 --> 00:35:13,799 Speaker 1: You never know when somebody's gonna go and you know, 598 00:35:13,880 --> 00:35:15,919 Speaker 1: say Jonathan's chickline. I bet there's a bunch of people 599 00:35:15,960 --> 00:35:19,319 Speaker 1: named that. Actually there are. So one of them got 600 00:35:19,320 --> 00:35:22,479 Speaker 1: booked in North Atlanta for something a couple of weeks ago, 601 00:35:22,560 --> 00:35:25,440 Speaker 1: but wasn't me. I won't ask how you know that 602 00:35:25,480 --> 00:35:28,680 Speaker 1: I'm on the lamp because I've got a Google alert 603 00:35:28,719 --> 00:35:34,399 Speaker 1: said to my name, because because how many egomaniac I'm 604 00:35:34,400 --> 00:35:36,759 Speaker 1: an egomaniac, I have a Google alert said to my name. 605 00:35:36,960 --> 00:35:39,480 Speaker 1: I saw a Google alert. I went and I said, 606 00:35:39,880 --> 00:35:42,560 Speaker 1: someone named me was arrested. But it's not me, because 607 00:35:42,560 --> 00:35:44,680 Speaker 1: I'm looking at the picture and that's not me. So 608 00:35:44,760 --> 00:35:47,240 Speaker 1: I am comforted to know I am not currently under arrest. 609 00:35:47,960 --> 00:35:50,120 Speaker 1: That's good to know. It was good to know the 610 00:35:50,160 --> 00:35:52,239 Speaker 1: police wanted a few words with me earlier, and you 611 00:35:52,239 --> 00:35:55,000 Speaker 1: know I can tell him the truth. I gotta go alright, guys, 612 00:35:55,120 --> 00:35:58,040 Speaker 1: if you have any suggestions for future topics on tech stuff, 613 00:35:58,160 --> 00:36:04,440 Speaker 1: um biometrics that earning perhaps like what's it like the 614 00:36:04,520 --> 00:36:07,759 Speaker 1: podcast Out of the Penitentiary. Let us know. You can 615 00:36:07,760 --> 00:36:10,799 Speaker 1: send us email our addresses tech stuff at Discovery dot com, 616 00:36:11,000 --> 00:36:14,120 Speaker 1: or contact us on Facebook or Twitter. Are handled. There 617 00:36:14,200 --> 00:36:17,439 Speaker 1: is tech stuff hsw and Chris will talk to you soon. 618 00:36:17,680 --> 00:36:20,680 Speaker 1: I'll talk to you in ten to twenty for more 619 00:36:20,719 --> 00:36:23,000 Speaker 1: on this and thousands of other topics. Is it how 620 00:36:23,040 --> 00:36:29,239 Speaker 1: staff works dot com? See, guys, I told you we 621 00:36:29,320 --> 00:36:32,400 Speaker 1: talked to you again. Really soon. That really soon is 622 00:36:32,520 --> 00:36:35,200 Speaker 1: right now. I'm just reminding you that we have our 623 00:36:35,200 --> 00:36:38,799 Speaker 1: photo upload widget live on the site at www dot 624 00:36:38,800 --> 00:36:42,160 Speaker 1: how stuff works dot com. Slash upgrade your tech Toyota 625 00:36:42,200 --> 00:36:45,080 Speaker 1: is giving us the chance to let you share your creativity. 626 00:36:45,320 --> 00:36:49,200 Speaker 1: So send us those pictures of your modifications, your tech ideas, 627 00:36:49,400 --> 00:36:52,160 Speaker 1: those gadgets that you've created, all those hacks. If you're 628 00:36:52,200 --> 00:36:55,800 Speaker 1: steampunking everything in sight, put on your goggles and show 629 00:36:55,880 --> 00:36:58,719 Speaker 1: that to us. We can't wait to see them. Brought 630 00:36:58,760 --> 00:37:01,960 Speaker 1: to you by the reinvented thousand twelve camera. It's ready, 631 00:37:02,120 --> 00:37:02,760 Speaker 1: are you