Cracking a user password usually depends on the complexity of the password itself. Many users tend to set simple and easy-to-remember passphrases on their devices, especially on a wireless network. However, a complex password will create difficulties for the penetration tester or hacker. Complex passwords have the following characteristics:
- They contain uppercase characters
- They contain lowercase characters
- They contain numbers
- They contain specific symbols
- They are over 12 characters in length
- They do not contain a name
- They do not contain a date of birth
- They do not contain a vehicle's plate number
The following is an example of a complex password generated by LastPass (www.lastpass.com), a password manager:
The idea is to ensure that nobody can guess or compromise your password easily. If a malicious user is able to compromise another person's user credentials, the attacker can wreak havoc on the victim's network and/or personal life.
In the following section, we will describe techniques that can be implemented on an enterprise network to improve its security posture.