Does Changing Alphanumeric Passwords Frequently Deter Random Hacking Attempts?

  • Context: High School 
  • Thread starter Thread starter Loren Booda
  • Start date Start date
  • Tags Tags
    Hacking
Click For Summary

Discussion Overview

The discussion centers on the effectiveness of frequently changing alphanumeric passwords in deterring random hacking attempts. Participants explore the implications of password changes on security, particularly in the context of brute force attacks and the potential for hackers to exploit previously cracked passwords.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Exploratory reasoning

Main Points Raised

  • One participant questions whether changing passwords has any impact on the likelihood of being hacked, suggesting that a hacker's success depends on the randomness of their attempts rather than the timing of password changes.
  • Another participant argues that if a hacker has previously cracked a password, changing it frequently is advisable to prevent widespread knowledge of the password among hackers.
  • Concerns are raised about server limitations on the frequency of password guesses, suggesting that the time required for a hacker to successfully guess a password is significant, especially with a limited character set.
  • Some participants discuss the concept of brute force attacks, indicating that the likelihood of a hacker breaking a password does not change with the timing of password changes, but rather with the hacker's previous knowledge of the password.
  • There is speculation about the potential for hackers to identify patterns in frequently changed passwords, which could theoretically increase the chances of successfully cracking them over time.
  • A participant suggests the use of respected random number generators for password creation to enhance security, although they express uncertainty about the practicality of this approach.

Areas of Agreement / Disagreement

Participants express differing views on the effectiveness of changing passwords frequently. While some argue it has little impact on random hacking attempts, others emphasize the importance of changing passwords to mitigate risks associated with previously cracked passwords. The discussion remains unresolved regarding the overall effectiveness of frequent password changes.

Contextual Notes

Participants acknowledge various assumptions, such as the nature of hacking attempts, the limitations of server responses to brute force attacks, and the potential for hackers to exploit patterns in password creation. These factors contribute to the complexity of the discussion without reaching a consensus.

Loren Booda
Messages
3,115
Reaction score
4
I have been told to change alphanumeric passwords every so often to avoid someone hacking into a website. Suppose hacking occurs only by trying randomly sequences of numbers and letters to break into the site. Would my changing passwords have any effect, on average, of the site being hacked sooner or later?
 
Mathematics news on Phys.org
Assuming you picked a random sequence and the hacker just kept trying combinations no. whether he's attacking yesterday's pw or today's he has the same problem.

But suppose some hacker a month ago succeeded in cracking your password. And he passed it around to his friends, and they passed it to their friends, and by now every hacker in the freeping world knows it. So change it frequently if you care about being hacked.
 
You have to remember that websites have certain limitations. For instance, a hacker could write a program to randomly guess the password until getting it correct, but the server is likely to have a limit on how frequently the bot can guess it. If the server gets 1 million requests for the script every second, the alarm bell has rung and the admin will shut off access to the site, assuming that many requests doesn't overload the site outright. If we assume that the password only includes case sensitive letters and numbers, with let's say, a maximum of 8 characters, you've still got a countless amount of possible combinations. So unless, the hacker has a million or so years to spare, he/she isn't getting in.

This issue has come up before, because there was such a program developed to hack UBB boards. UBB was at one time the most popular bulletin board software out there, and most sites with big forums had one installed. In one version, the bonehead programmers decided to do away with the case sensitive passwords. In other words, the password letmein and LeTmEiN are the same. Since 99% of users use simple words as their passwords, this gave some access to virtually any UBB on the net.
 
As has been said already, a hacker employing a "brute force" attack, where they simply try every single permutation of the same length as your password, they are no more likely to break todays password as next months password.

However let's assume the hacker somehow succeeded in breaking your password last month. Then when you change your password this month, they must go through the process all over again, and the hacking process will take just as long... Or will it? Suppose that the hacker has broken your password a few times in the past, the hard way. Usually they don't succeed, but sometimes they do. An intelligent hacker will look at all these passwords and look for patterns. Now most of us will more than likely end up producing patterns in our passwords, especially if we have to produce one once or twice a week, or maybe more often in some jobs? These patterns won't be blindingly obvious, perhaps you have a slight tendency to use characters from the right side of the keyboard slightly more than characters from the left side, maybe 49.9% of characters come from the left side and 51.1% come from the right side. This information will slowly leak out of your passwords, and the more of your previous passwords the hacker has the more information they will likely obtain.

This information could be used to search a particular region of the permutation search space first, then simply searching the remaining space at random if the original search fails. This search will probably not hasten the cracking of your passwords by huge amounts, but it does none the less increase the probability that a hacker will crack your password within the time frame you use that password.

The above is really simple stuff, and in reality i have no idea whether it will be in any way practical, I've never tried it. But it does show how an intelligent hacker could theoretically start cracking your passwords, and that an intelligent hacker won't simply use a random search. It also goes to show that you should probably use some form of respected random number generator to produce a password, one that is respected among cryptographers wouold be a good choice.
 
I wonder if, at this moment, hackers are getting new ideas from this.
 
Please don't resurrect ancient threads.

- Warren
 

Similar threads

Online password requirements have gotten ridiculous
  • · Replies 46 ·
2
Replies
46
Views
9K
Planning on studying math for the college entrance exam, help needed
  • · Replies 4 ·
Replies
4
Views
4K
Programs How to continue after a major academic failure
  • · Replies 6 ·
Replies
6
Views
3K
Will a DeVry Electronics Engineering Technology Degree Open Doors for My Career?
  • · Replies 6 ·
Replies
6
Views
5K
The Mojave Phone Booth Phenomenon
  • · Replies 10 ·
Replies
10
Views
5K
April Fool's Physics Papers 2026
  • · Replies 3 ·
Replies
3
Views
2K
Can Evolved State: Dichotomy Capture Your Imagination?
  • · Replies 1 ·
Replies
1
Views
4K
Meet Lisab: Unconventional Education & Fun Adventures in the Pacific Northwest
  • · Replies 39 ·
2
Replies
39
Views
10K
The Scientist as Hero - or not
  • · Replies 1 ·
Replies
1
Views
4K
Do Movies Teach Us Realistic Life Skills?
  • · Replies 1 ·
Replies
1
Views
11K