#!/bin/blog

Passwords Nowadays

Passwords are rather important nowadays. Yes, back in the past they were not that important, and Richard Stallman advised to use the empty passwords once the access control system has been implemented, and showed the password database can be cracked easily. He has sent all the users the message like "Hi, I see you are using the password %user_password%, why not using the empty string?", so just pressing the key on the logon to proceed.

This was a good idea not to identify yourself with the coded string in pre-WWW world, but unfortunately we live in the world when you are just not allowed to do that, and basically it is not safe anymore. We will try to describe some basic tips to help you with the account protection. These rules are a bit obvious, but still not followed by millions of people.

Don't use only one collections of symbols

Basic password accepts Latin symbols, digits and special characters. Make sure you are using at least 3 out of 4 in the password, and its length is above 10-15 characters. And be sure to use both upper-case and lower-case symbols. Passwords are case-sensitive, so "Password" and "password" are different ones. This leads us to the second obvious rule

Avoid the mentioned below

Try to avoid vocabulary words and the passwords that have a symbolic meaning to you

This rule is applied to the case of the long string. If you are being cracked by someone who knows you, your birth date (most users put this information open on the Web) and so on - this one will be tried. And if you are using them - you might be cracked easily.

In other cases you should avoid the ordinary vocabulary words (password, dog, cat and so on). These would be tried as well.

Don't use the neighbor keys from the keyboard

If you think the passwords like "Qwerty123" or "Zxcvbnm456" are protected enough - you are wrong. In the summary prepared every year these passwords (as well as Password, p@ssword and so on) are among the widely used. People never teach. You should avoid the repeated combinations of the symbols. So we advise to avoid the usage off "666", "zzz" or even "***" (Shift+8 three times). If you think to use this characters to make the cracker think he has failed to crack the password, you are wrong and lyig to yourself.

But what to use? How to remember the password?

The best option is to use the generated passwords. There is the GNU/Linux utility pwgen. It generates the list of password with a set parameters. You might use the similar one with the DuckDuckGo search engine or use some different web-sites, but keep in mind not to put anywhere you login account for that. There should be just a field and options to use the uppercase, digits, special characters etc.

Of course the generated password will look like "qD2^w(xb$i2!dVhJ" (just generated in DDG), so one won't be able to remember it all the time, so some people advice to use vocabulary words but in a different way. They suggest using a passphrase. This one can contain the sentence or just few words. This will include the space character, Latin symbols (both upper-case and lower-case) plus might include digits. And this would much easier to remember. But the decision belongs to you. You might choose any option you like. We are just advising.

Use multi-factor authentication

One obvious step is to cope with your laziness and use the multi-factor authentication. RSA token, text message, e-mail, biometrics. There are a lot of options. But if you are asked to use it or not, you ought to choose the "Yes". Especially if we are talking about the financial systems like banking, PayPal etc. This will take few minutes more but you will be sure you money is more protected.

How to keep the passwords

The safest storage for this is just above your neck. The first one to look for the password. Applications might crash, the OS might be broken or infected. There are a lot of options to lose the access to your password manager. You may use the paper notes, they are protected from remote crackers, but not protected from the local eyes.

For those who use absolutely random passwords in 20+ locations, and have at least 16 characters in each the option to remember all of them is not reasonable, so they might think about the storage to keep the passwords (or use the multi-factor authentication when the second logon is protected and keeps changing every minute (like RSA token). We at MAKH.IT are using the KeePass (KeePassX). This is the multi-platform utility and has proven to be safe enough, but we need to clarify one thing. We don't keep any really important password there. Just low-priority accounts there. Like an extra logins for some forums, lose of which won't affect our everyday activity.

Summary

The password is the wall to keep you life more protected. You may follow our advises, you might suggest some other rules, probably we have forgotten something, but it is not a must. If your account has not been cracked - you may still be using the current passwords, but remember not to click any suspicious links, as the credentials might be leaked.




Leave your response!