No matter how responsible people are, they create passwords according to their thinking patterns, and attackers know this. Research and analysis of passwords have shown that 40% of them can be guessed using software methods. Often, a person, inventing the right password, indicates something directly related to him or his environment.
Today it isn’t easy to meet a person who would not have to use passwords when working with computers or mobile devices. Social networks, numerous shops, online casino India, services, and events ask you to register, enter your name contact information and come up with a password. Let’s figure out what the right password is for composing it and storing it securely correctly.
Table of Contents
What a lousy password will lead to the right password
A lousy password seems to be a lot of private users and small companies. Unfortunately, an irresponsible attitude towards passwords has negative consequences, even at international organizations and structures. Here are some examples of careless attitudes towards data protection:
- Nutella advised subscribers to use the word Nutella as a strong password.
- A White House staffer forgot a piece of paper with an unsecured email password at a bus stop.
- A student from India interned at Google and could access the company’s satellite through the admin panel simply by leaving the login and password fields blank.
- Data from more than 14 million Texas voters in the United States became available online simply because the server was not password protected.
- United Nations employees store documents in Trello and Google Docs, which are not password protected. The links make them available to anyone who wants them.
What to do? Fix the bugs! They can be divided into three groups: critical, serious, and defective.
Critical errors in the right password
They cause fatal consequences. They are the result of an indifferent attitude towards data security.
People keep using primitive passwords, which can be grouped:
- Two-word passwords: dindin, alexalex;
- Words with numbers at the end: sam1994, football2018, login1234;
- System default passwords: guest, user, default;
- Words with replacement of letters with digits or special characters: 0ldboy, p@ssword;
- Keyboard character strings: qwerty, “123456”;
- Well-known numeric combinations: “112”, “0911”, “777”, etc;
- Same passwords for all programs and services.
Users may have the same login and password for all social networking sites and a dozen different sites. However, it is not secure, so it’s better to do it this way:
- For critical resources (email, payment systems, messengers, and social networks), use complex and lengthy passwords with random combinations of upper and lower case numbers and special characters. Example: S9Scap$iDPRZ.
- Passwords length is more important than complexity for essential resources (learning sites, alternative mailboxes). Example: hrGbWzeCjZSqUl.
- For resources that are not particularly important, think of simple but not primitive passwords. Example: metHalPh.
To avoid remembering dozens of passwords, you can use a particular manager that stores them in an encrypted form. True, it must also be protected by a master password, and think about where and how it will be held. There is another tip – change the characters in the passwords for unimportant resources and do not repeat passwords for particularly important.
Openly recorded logins and passwords.
Several experts recommend not writing down passwords, but most likely, you will forget them. In that case, you can write them down, but don’t keep written down passwords inaccessible places:
- Taped on your desktop or hidden under your keyboard office equipment.
- On the computer’s desktop in text files, better hide it in an archive with password protection.
- On the browser (especially for critical programs and services).
Easily recoverable passwords.
Attackers may not take the direct route: they will try not to hack but to restore password access to the resource.
In this case:
- Securely protect your recovery email account;
- Choose a secret question that only you know the answer to;
- Discredited and expired passwords.
If there are any doubts that the password has been used by malefactors or has remained unchanged for a long time, you should change it as soon as possible – before the service detects an attempt to crack your account:
- Changing your password automatically increases the time it takes to break it.
- An intruder will stay in the system with a discredited password will be limited.
- Serious mistakes.
- Lead to serious negative consequences. Are the result of ignorance in data protection.
The length of the password takes priority over its complexity because, in this case, the number of brute-force variants increases. In the book, Perfect passwords, Mark Burnett, a researcher in the security field, argues that a password that is 12-15 characters long is more secure than a short password made up of a random sequence of characters.
Instead of racking your brains over a complex password (which you might later forget), it is better to take a simple and long one and add, for example, some letters or numbers to it. Use bREsTeMPosParDATIckl instead of T@MQ36n^iL.
Very complex passwords or the right password
Two factors determine complexity:
- Ease of guessing. It depends on how the password is stored and for what purpose.
- The average number of attempts to guess the correct password. Depends on the length, character order, and method of password creation.
- Very complex passwords (evaluate the example – mrCmTF%Lz^Y*k#o@prjL2O) are hard to remember. Consequently, they begin to be written down on paper, smartphones, or computers.
Meanwhile, American cryptographer Bruce Schneier recommends writing down such passwords on small pieces of paper and keeping them in your wallet. Mnemonic passwords, which are easy to remember, can help solve the problem of using very complex variants.
Illiterate use of special characters
Almost all services require that you use letters, numbers, and special characters when creating passwords. It is an adequate requirement, but users unevenly distribute them in the password. According to the source, users put digits and special symbols at the end of the password and capital letters at the beginning – Okn@333. An example of evenly distributed characters in the password – kIs$t0cHk@.
Ignoring alternative means of protection
Relying solely on a complex password for the essential services is not an option. Subtle phishing methods, such as asking a friend in a private message to vote for him by clicking on a link, will negate this method of protection.
You can use two-factor authentication: enter a password and receive an SMS with an access code to the resource.
Frequently changing passwords
If you are constantly creating new passwords, either voluntarily or at the request of your superiors, sooner or later, you will start making each successive password easier to remember. For example, putting a number at the end – “h0lst1”, “h0lst2”, etc.
It is better to make up long passwords right away and keep them for a long time. Then, if you have any doubts about security, change them right away.
Changing passwords frequently
If you have created a solid and complex password, do not think that it will immediately rush to crack “to the finish. For example, banks use severe security measures, so breaking attempts often make no sense.