Not so far ago, we talked about the necessity to act, passwords and rainbow tables. Salt is used to help to protect you from rainbow attacks. Brute force can crack any passwords if you have garage supercomputer and all-time in the universe. What can you do make even that hardly impossible?

Brute force is when you start trying all possible password combinations and see if anyone fits a user account in a particular service or file. aaaaaaaa, then aaaaaaab, then aaaaaaac, then aaaaaaad and so on. With a powerful PC, you can crack 8 symbol password in one day (if service responds to your guesses instantly). Add there one number, and you have months. Add there a big letter, and you have years. Add there % symbol, and you get centuries. Make it 10 symbols long, and no one will find it unless you tell it to someone on your own:)

Every time you register in a new service, you bump into password requirements. Your password must have numbers and special characters, and so on. That is good, really good! But where are they pushing us by putting restrictions on passwords? The main reason is to increase brute force time and force you to choose a unique password, a password that was never used before by anyone else. And this is the most important thing! Here is the list of 10 most common passwords. If you have any one of them, you know what to do, right?

1. 123456

2. 123456789

3. qwerty

4. password

5. 1234567

The reality is that we are surrounded by passwords everywhere, and you must choose the right password, even when you do not have any restrictions. For example, in Wi-Fi routers, on your web-sites, in your applications.

Another problematic point is the default passwords. They are usually set in IoT devices, routers and other supportive hardware. You may keep them unchanged and be rewarded by joining the ranks of the botnet soldiers.

The best thing you can do is to write down all your assets in Excel, look on them and change passwords in half of them.