Passwords broken in seconds



Swiss researchers have released a paper outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from one minute 41 seconds, reports.

The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses. The method used to break passwords involves using large lookup tables to match encoded passwords to the original text entered by a user, thus speeding the calculations required to break the codes. Lookup tables typically enable users to cross reference and 'translate' codes to find their real value or meaning.

Philippe Oechslin, senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL) states: "Windows passwords are not very good. The problem with Windows passwords is that they do not include any random information."

Users can protect themselves against the attack by adding non-alphanumeric characters to a password. Including other symbols besides alphanumeric characters adds complexity to the process of breaking passwords and that means the cracker needs more time or more memory or both.