Tutorial: Learning How To Write & Remember Un-Hackable Passwords

Before we begin, why should learning how to write strong passwords be of much more importance to you? Believe it or not, it is a statistical fact that more people are hacked as a result of weak passwords than any other single factor. This is also why encryption – aka passwords – should be much more important to you. With that said, learning how to read, write and remember strong passwords is not nearly as hard or complicated as people might think, in fact it is rather easy once you understand the core concepts.

Lesson 1 – Password Length:

To unlock someone’s password, “law enforcement authorities” and/or “hackers” will either run something known as a “Brute Force Attack” or “Dictionary Attack” against it, in an attempt to break or de-crypt the numbers, letters and symbols contained within the password itself. One by one over time, these software programs will slowly decrypt the password, just like cracking the numbers to open a vault or safe.

Quite simply, the more complicated/randomized the sequence of numbers, letters and symbols in your password are, and the longer the password is, the longer it takes hackers to break. Moreover, each letter, number or symbol you add on to the end of your password literally makes it exponentially harder for even the most sophisticated programs to crack. For example, here are estimates from the FBI regarding how long it takes them to crack lengthier encrypted passwords.

  • seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
  • eight-digit passcodes will take up to three months, and on average 46 days, to crack
  • nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
  • 10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
  • 11-digit passcodes will take up to 253 years, and on average 127 years, to crack
  • 12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
  • 13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack

Lesson 2: LEET or “1337” Language:

L33t Language is a way of replacing letters with numbers and symbols in everyday sentences and it is perhaps the most basic form of encoding used to encrypt messages. To understand how it works, here are some quick examples:

Normal Statement v 1337 Version:

BankruptMedi4 – 84nkru97M3di4
TheDailyProletariat – 7h3D@i1y9r0L37@Ri@7
Elitepassword – 31it3p4$$w0rd
Activism – 4ctivi$m
Encryption – 3ncry9ti0n
Brian Dunn – 8ri4nDunn

It doesn’t necessarily have to be that complicated and you don’t necessarily have to replace as many letters with numbers and symbols, those are just examples of how it works. You can run any attack your little heart desires at “84nkru97M3di4” or “7h3D@i1y9r0L37@Ri@7” all day long, go ahead – have fun. To make the password even stronger mix in capitalized and un-capitalized letters throughout.

I think I have explained the concept easily enough? To make an un-hackable password simply take a name, phrase, short sentence – et cetera – that is personable to you and convert it into l33t language, then use that as your new password. Not only will it be impossible to break, but it should be fairly easy for you to remember. And as always, use two-factor-authentication whenever possible.

Lesson 3: Two-Factor Authentication

I’ve always understood that 2-Factor Authentication (2FA) is a concept lost on most “normal people” in society right now, but a new statistic really puts it all into perspective. This would be the news that, according to Google’s own statistics, less than 10% of all Gmail or Google business owners currently have enabled 2-Factor Authentication for their online accounts. Considering that Google is estimated to host well over 2 billion accounts globally, this means that there are over 2 billion insecure accounts floating around the internet right now – and that’s just from Google alone!

This is not to mention the fact that there are literally billions of email addresses, along with their passwords, currently available on the Deep Web and DarkNet for search. For example, there are single websites around the internet that are currently selling the log in credentials of 1.4 billion people and if anyone of those people simply just enable 2-factor authentication for their accounts, all the information stored on those would become utterly useless.

Responding to the news last week Grzegorz Milka, a Google software engineer, said that the company’s latest statistics “demonstrates the lack of awareness of cyber threats and the way to mitigate them.” Adding that he believes more people don’t or haven’t “configured 2-Factor Authentication for their accounts” because “many users believe 2FA can make their experience worse,” or at least more of a hassle. To do everything they could to mitigate the problem from their end, Google also took the occasion/platform to release a 2-Factor Authentication tutorial of their own, imploring Google users to immediately begin securing their accounts in this way.

Google 2FA Tutorial: https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome

As for what 2-Factor Authentication is, does or means, it’s not nearly as complex or complicated as people think. In fact, it only adds about 10 seconds to the amount of time it already takes you to log into your accounts anyways. Essentially, as soon as you type in your password and press enter you will receive a text message on your phone, which will have a short code for you to type in. Without that secondary code no one is allowed to login, even you. That’s it – literally. That’s the amount of “hassle” it will take you to begin practicing strong cyber security in the future. Again, despite the simplicity of it all, less than ten percent of people in society have taken this step.

2-Factor Authentication should be available for nearly every App or account you own, and you can find/enable it by searching for it in your account(s) settings. As I also once explained in a different article on this subject earlier last year, even if someone already knows your password, “close to 100% of hackers will be prevented from successfully hacking into your social media accounts if you simply enable 2-Factor Authentication” for them – and I still believe this holds true today.

Interestingly/Coincidentally Enough?

As I was in the process of writing this article I got a text message informing me of new log in codes to verify, because someone had somehow managed to brute-force their way past my password – which no one has ever been able to do before. Put another way, my site was literally saved from being hacked/hijacked by malicious cyber actors, all because I once enabled 2-factor authentication on my account(s) months ago. To put the importance of 2-Factor Authentication into focus, I’ve invested thousands upon thousands of hours of my personal time into this website, and it took me less than one minute to turn on and verify 2-Factor Authentication for it – certainly worth the time/effort!

Behind The US’s Use of Hacktivists Groups As Cover for Cyber Campaigns Targeting Brasil

As someone whom has covered hacking news and hacktivists quite heavily for the last 5 years now, I found many events which took place between the later half of 2018 and beginning of 2019 particularly interesting. For those of you whom might not have been paying attention, over this time period the country of Brasil came under heavy fire from seemingly every direction – with many local, state and federal political/Government agencies and organizations getting hacked/leaked.

However, as a hacking news journalists whom got many exclusives over this time period, what was particularly interesting to note were the people whom were behind at least some of these attacks. While some were Brasilians, such as Pryzraky, the longer all of the hacks went on, the more different groups began outing themselves as internationals – particularly Americans. Such as was the case of the group known as “Shadow Squad Hackers” whom were Americans and claimed they were targeting Brasil because they were “disgusting and dirty people.” They claimed they were targeting Brasil for know other reason that they “hate Brasil and Brasilians.” Many also claimed to the be former members of the US Department of Defense at the same time.

While those are just some examples, they were far from alone. As you can see by following the tag below, the number of new or previously unknown hacktivists groups targeting Brasil in 2018/2019 were almost too many to count.

Read More – Brasil Tag on Rogue Media: https://roguemedia.co/tag/brasil/

Why Is This Happening?

This is a two part answer. The first is the fact that Brasilian Government and political websites are far behind the rest of the world when it comes to sound cyber security practices. For example, the vast majority of hacks were all pulled off via SQL injection (SQLi) – because their website’s IT staff apparently doesn’t know how to block bad query strings. Upon further investigation, many political websites leave their login pages out in the open, on the front end landing page, making themselves an easy target for brute force attacks. Still even further, many of the smaller, local government websites don’t even utilize a Secured Socket Layer (SSL) – making them easier targets for DDoS attacks and defacement campaigns, of which there were many.

https://twitter.com/geekwiresec/status/1148940713167663106

However, the second reason is far more interesting – geopolitics. What you may not know is that Brasil is a member/signatory the the BRICS Alliance. Built by an international outreach campaign by Russian President Vladimir Putin over the years, what you should know is that BRICS is built on a long term economic/military strategy to lock the United States out of South Pacific and South Atlantic trading routes, opening up trade routes for developing countries and emerging economies – such as Brasil, Russia, India, China and South Africa (BRICS).

If you think about it logistically or tactically it makes sense, Brasil has potential for the largest economy in South America and sticks the furthest out into the South Atlantic, which gives them the best chance at controlling the South Atlantic and sealing out countries from doing business in those waters. South Africa, for example, can control the Cape of Good Hope – the only route for Western Countries to cross over the African continent and reach Eastern markets by sea. Moving further East, India could have full control over the Indian ocean and has already begun sealing out the US from shipping rubbage to their country. And still yet, further East, Russian and China have the military power necessary to completely lock out the US from reaching all Eastern countries if they really wanted – with an all out attack on Japan not withstanding (RIP).

With that established and with countless coverage of all the Brasilian attacks, along with interviews with each of the hackers and hacking groups behind the hacks, it is my firm belief that the United States Government was using “hacktivist” groups as a cover for the hacks of major political parties and Government websites across Brasil, as revenge for the Brasilians having signed new alliances with Vladimir Putin and the Russian Government. Moreover, do you believe that all of these cyber attacks targeting Brasil occurring over the same exact timeline of the US’s attacks against Venezuela were any coincidence?

It is my firm belief that the US Government used these groups and these tactics not only to expose information on the Brasilian Government and its members, but also to show them how weak their cyber security practices were. As we already know, the USA does also have a long and extensive history of “meddling” in South America as well. Many of these attacks were no different, they just didn’t have computers in the 60s and 70’s.

Read More – Declassified Documents from CIA Reveal US Political Interference Throughout South America During Cold War: https://roguemedia.co/2019/04/20/newly-declassified-documents-from-cia-depict-interesting-timeline-of-us-political-interference-meddling-in-south-america-throughout-the-cold-war/

How To Write Un-Hackable Passwords

Before we begin, why should learning how to write strong passwords be of much more importance to you? Believe it or not, it is a statistical fact that more people are hacked as a result of weak passwords than any other single factor. This is also why encryption – aka passwords – should be much more important to you. With that said, learning how to read, write and remember strong passwords is not nearly as hard or complicated as people might think, in fact it is rather easy once you understand the core concepts.

Lesson 1 – Password Length:

To unlock someone’s password, “law enforcement authorities” and/or “hackers” will either run something known as a “Brute Force Attack” or “Dictionary Attack” against it, in an attempt to break or de-crypt the numbers, letters and symbols contained within the password itself. One by one over time, these software programs will slowly decrypt the password, just like cracking the numbers to open a vault or safe.

Quite simply, the more complicated/randomized the sequence of numbers, letters and symbols in your password are, and the longer the password is, the longer it takes hackers to break. Moreover, each letter, number or symbol you add on to the end of your password literally makes it exponentially harder for even the most sophisticated programs to crack. For example, here are estimates from the FBI regarding how long it takes them to crack lengthier encrypted passwords.

  • seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
  • eight-digit passcodes will take up to three months, and on average 46 days, to crack
  • nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
  • 10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
  • 11-digit passcodes will take up to 253 years, and on average 127 years, to crack
  • 12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
  • 13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack

Lesson 2: LEET or “1337” Language:

L33t Language is a way of replacing letters with numbers and symbols in everyday sentences and it is perhaps the most basic form of encoding used to encrypt messages. To understand how it works, here are some quick examples:

Normal Statement: BankruptMedi4 or TheDailyProletariat or Elitepassword or Activism

L33t Version: 84nkru97M3di4 or 7h3D@i1y9r0L37@Ri@7 or 31it3p4$$w0rd or 4ctivi$m

It doesn’t necessarily have to be that complicated and you don’t necessarily have to replace as many letters with numbers and symbols, those are just examples of how it works. You can run a dictionary attack at “84nkru97M3di4” or “7h3D@i1y9r0L37@Ri@7” all day long, go ahead – have fun. To make the password even stronger mix in capitalized and un-capitalized letters throughout.

I think I have explained the concept easily enough? To make an un-hackable password simply take a name, phrase, short sentence – et cetera – that is personable to you and convert it into l33t language, then use that as your new password. Not only will it be impossible to break, but it should be fairly easy for you to remember. And as always, use two-factor-authentication whenever possible.

Lesson 3: Two-Factor Authentication

I’ve always understood that 2-Factor Authentication (2FA) is a concept lost on most “normal people” in society right now, but a new statistic really puts it all into perspective. This would be the news that, according to Google’s own statistics, less than 10% of all Gmail or Google business owners currently have enabled 2-Factor Authentication for their online accounts. Considering that Google is estimated to host well over 2 billion accounts globally, this means that there are over 2 billion insecure accounts floating around the internet right now – and that’s just from Google alone!

This is not to mention the fact that there are literally billions of email addresses, along with their passwords, currently available on the Deep Web and DarkNet for search. For example, there are single websites around the internet that are currently selling the log in credentials of 1.4 billion people and if anyone of those people simply just enable 2-factor authentication for their accounts, all the information stored on those would become utterly useless.

Responding to the news last week Grzegorz Milka, a Google software engineer, said that the company’s latest statistics “demonstrates the lack of awareness of cyber threats and the way to mitigate them.” Adding that he believes more people don’t or haven’t “configured 2-Factor Authentication for their accounts” because “many users believe 2FA can make their experience worse,” or at least more of a hassle. To do everything they could to mitigate the problem from their end, Google also took the occasion/platform to release a 2-Factor Authentication tutorial of their own, imploring Google users to immediately begin securing their accounts in this way.

Google 2FA Tutorial: https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome

As for what 2-Factor Authentication is, does or means, it’s not nearly as complex or complicated as people think. In fact, it only adds about 10 seconds to the amount of time it already takes you to log into your accounts anyways. Essentially, as soon as you type in your password and press enter you will receive a text message on your phone, which will have a short code for you to type in. Without that secondary code no one is allowed to login, even you. That’s it – literally. That’s the amount of “hassle” it will take you to begin practicing strong cyber security in the future. Again, despite the simplicity of it all, less than ten percent of people in society have taken this step.

2-Factor Authentication should be available for nearly every App or account you own, and you can find/enable it by searching for it in your account(s) settings. As I also once explained in a different article on this subject earlier last year, even if someone already knows your password, “close to 100% of hackers will be prevented from successfully hacking into your social media accounts if you simply enable 2-Factor Authentication” for them – and I still believe this holds true today.

Interestingly/Coincidentally Enough?

As I was in the process of writing this article I got a text message informing me of new log in codes to verify, because someone had somehow managed to brute-force their way past my password – which no one has ever been able to do before. Put another way, my site was literally saved from being hacked/hijacked by malicious cyber actors, all because I once enabled 2-factor authentication on my account(s) months ago. To put the importance of 2-Factor Authentication into focus, I’ve invested thousands upon thousands of hours of my personal time into this website, and it took me less than one minute to turn on and verify 2-Factor Authentication for it – certainly worth the time/effort!