Comments on: Leetspeak and The Unbreakable Password: Encryption That is Nearly Impossible to Break http://computersight.com/communication-networks/security/leetspeak-and-the-unbreakable-password-encryption-that-is-nearly-impossible-to-break/ Sun, 21 Mar 2010 04:03:56 -0400 http://wordpress.org/?v=2.8.4 hourly 1 By: josephadeo http://computersight.com/communication-networks/security/leetspeak-and-the-unbreakable-password-encryption-that-is-nearly-impossible-to-break/comment-page-1/#comment-11258 josephadeo Wed, 14 Oct 2009 19:35:16 +0000 http://computersight.com/communication-networks/security/leetspeak-and-the-unbreakable-password-encryption-that-is-nearly-impossible-to-break/#comment-11258 Leetspeak is definitely a helpful strategy, kind of a numerical pig latin of sorts. It is, however, still possible to crack, since not all password leaks occur as a result of "guess"-bots. For instance, a hacker could use a phishing attack to compromise a forum or other community with a large database of credentials -- then it wouldn't matter what one's password is. That's why at VeriSign we're strongly encouraging people to use as many different encryption methods as possible, to protect against the various types of attacks. Choosing a strong password is essential, but it would be nice if more websites aside from financial institutions allowed their users to log-in with two-factor authentication. Technology like that would dilute the worth of passwords in general (since it would require additional info to sign in) and might even ease the frequency of attacks. Until then, though...leetspeak it is! Leetspeak is definitely a helpful strategy, kind of a numerical pig latin of sorts. It is, however, still possible to crack, since not all password leaks occur as a result of “guess”-bots. For instance, a hacker could use a phishing attack to compromise a forum or other community with a large database of credentials — then it wouldn’t matter what one’s password is.

That’s why at VeriSign we’re strongly encouraging people to use as many different encryption methods as possible, to protect against the various types of attacks. Choosing a strong password is essential, but it would be nice if more websites aside from financial institutions allowed their users to log-in with two-factor authentication. Technology like that would dilute the worth of passwords in general (since it would require additional info to sign in) and might even ease the frequency of attacks. Until then, though…leetspeak it is!

]]>