Running a password cracker is a standard part of any security audit procedure. Password crackers generally work in 4 ways – (1) a brute force crack (2) a dictionary crack (3) a hybrid dictionary crack and (4) rainbow tables. The hybrid attack works by appending common phrases and sequences to dictionary words. Rainbow tables work by using pre-calculated password hashes, and the size of the table depends on the original character set used. Most tables have alpha characters, alpha-numeric, or larger tables that include special characters. However, none have tables that include ALT characters.
To create a password that cannot be cracked using a standard password cracking tool be sure to include a non-breaking space (http://en.wikipedia.org/wiki/Non-breaking_space). You can do so by typing ALT-0160 in the password using the numbers on the keyboard. NOTE: on a laptop you must use Num lock. Other ALT characters are a good choice but a non-breaking space is even better because it is also not detected by most keyloggers. Such a password is a great choice for accounts like Domain Admins, Enterprise Admins and the built-in Administrator account on servers.
To learn more about password crackers and steps you can take to thwart them, please download our whitepaper.
To learn more about how to improve your Windows password policy please visit our website or give us a call at +1 404-348-4678.