Agree that at present it is difficult to imagine computer life without constant entering of the password. Password we need everywhere – from the inclusion of the computer, registrations on various sites and forums, access to your mailboxes and ending with the creation of accounts (pages with personal data and settings) in payment systems and sending/receiving payments electronically.
And if a one-time registration on any random site (for example, only to download the game) can not hesitate to specify any password (even “123456”), when you create a permanent account on an important site (especially if it is associated with monetary transactions) password must be very reliable.
Otherwise, the password can be hacked by an attacker, and the personal data can be used to communicate online on our behalf (at best) or to obtain loans or open accounts. Therefore, it is better to take care of protection in advance, and today to change all your “weak” passwords to more reliable.
In this article, let’s understand what a strong password is and talk about the basic rules for creating and storing passwords.
How can you hack the password? And why the password can’t be any? After all, it would seem, as you can guess the password, which is invented by me?
It’s pretty simple! In most cases, no one guesses anything! The most popular way of hacking – it is common through all the possible options, the so – called method of “brute force” or brute force (eng. brute force). The default passwords (“123456”, “111111”, “789456”, “qwerty”, “fiapr”, “QWERTY”, etc.) is checked first, and then there is a basic substitution of all symbols.
Of course too much is done manually and with the use of special programs that are able to quickly sort through a huge number of different combinations.
For an example:
Password “09071985” (date of birth) will be picked up in 1-2 seconds;
The password is “Andrew” will be picked up in 4 seconds
The password is “Andrew” will be picked up for 3-4 minutes;
Password “1n2f4g8y0” will be picked up in 4 days;
Password “EC3+gHFBI” will get 12 years;
And the password is “kKC%5426hMIN” will get a few million years.
What conclusions can be drawn at this stage?
Conclusion 1. The password should not be short.
Having a password of less than 8 characters is generally undesirable, and it is even better that the password contains 10-12 characters or more.
Conclusion 2. The password should not contain only numbers or only letters (especially repetitive ones). It is best when letters and numbers alternate, or even better if special characters or punctuation characters are added to the password.
Conclusion 3. It is important to use the same password contain upper and lower case (large and small). This is done using the Shift key.
Another password cracking method is the analysis of data about the person. Knowing information about a person, it is easier to pick up his password.
All information about the person is collected (whether manually, or with the help of special programs), and then checked in various combinations.
For example, a long password “andrejkushacov” to move by brute force of approximately 150 thousand years, but if the attacker knows whose password is, this password will be checked among the first. And what’s the use of such a password?
In addition, in this way, attackers can not pick up the password itself, but a “secret question”, which is often used to recover the password. Often it is easier for an attacker to click on the button ” Forgot your password?”, and then to pick up a secret question, proceeding from the available data on the person, and to receive the treasured password.
And where is the easiest way to find out about a person? Of course in social studies.
It is very easy to go to the site “Odnoklassniki” or “Vkontakte” and find out about the person’s name, surname, year of birth, the names of children, wife/husband or Pets. You can learn quickly and almost all the way down to favorite bands, colors, or favorite phrases, and sayings.
And if Sasha Petrov to enter the account ” Odnoklassniki “password is used” SashaPetrov”, it is at least the top of carelessness. And then we are surprised that friends receive messages on our behalf with requests to replenish the account of an unknown phone or borrow money (for example, transfer to the specified card).
We draw conclusions further:
Conclusion 4. Do not use a password that contains any information about you or your family-all kinds of memorable dates (birth, wedding, etc.), the names of relatives, apartment numbers, documents or phones. It is also unacceptable to use any combinations made up of personal data.
Conclusion 5. The password should be meaningless, so it is better to give up the password, which is any existing dictionary word (in any language).
Conclusion 6. Do not use “secret questions”, the answers to which can be easily found or picked up.
Now a little about the storage of passwords and numbers.
Let’s say we created a strong password and even memorized it. Remember the second password will be more difficult, the third even more difficult…
For this reason, many users when registering for various websites use the same password or create passwords like “password1”, “password2”, “пароль3” or “парольMail”, “parolee”, etc. But this is unreasonable, as when hacking this password, the attacker will get access to all our accounts.
Of course, it is impossible to remember several passwords consisting of a random set of characters, so you need to somehow write down and store passwords, but…
Agree, it’s stupid to create a strong password, and then write it on a sticker and stick to the edge of the monitor. And after all many do so and that the most interesting do it not at home, and in offices. I have personally seen this in the tax office!!! But in this computer can be a whole database with information on taxpayers. Here is the answer to the question, where did the scammers passport details to obtain loans.
The same sense you get when you put in plain sight the notebook, the cover of which in bold letters says “MY PASSWORDS” or on the Windows Desktop to place a text file with the same name.
Conclusion 7. You must use a unique password for each individual Internet service, forum, site.
Conclusion 8. Don’t keep passwords in sight of everyone.
Conclusion 9. Do not store passwords on the Internet or on your computer as a text file.
If an attacker gets access to our computer (it is not as difficult as it may seem), it will be even easier to find a file with passwords for him (at what anywhere on the hard disk).
Treat passwords and “secret questions” it is necessary so seriously as to information that protects these passwords, so never tell ANYONE your password. Keep your password secret from your loved ones (especially children) and friends. A possible exception may be the password for the General Bank account (family), if other family members must have access to this account.
Keep passwords only in a safe place! This is important not only from the point of view of theft of the password by strangers, but also from the point of view of accidental loss of the password (by our negligence or inexperience).
The terminal 10. Do not store passwords with the built-in password keepers.
First, you can never be sure of the reliability of such a “guardian” and that the browser itself does not contain “holes” in protection. Malefactors first of all look for “holes” in browsers since browsers are used by all.
Second, if there is a malfunction of the browser or the entire system, it is very likely that we will lose access to all passwords that are stored by a browser as though it is not hacking, but also frustrating.
The output 11. Make copies of passwords.
If you use special software to store passwords, do not forget to periodically back up databases with passwords. If you store passwords on a piece of paper, make a second copy of the sheet (or notebook) and store the original and the duplicate in different (secluded) places.
Conclusion 12. Do not enter passwords in third-party programs, on third-party sites, and do not send passwords by mail (even on request from the support service or the site administration). The administration of the REAL site will never ask for your password so if you receive such a request, it is likely the work of scammers.
Conclusion 13. Try as little as possible to enter passwords using other people’s computers, especially in public places (Internet cafes, terminals, etc.). It is not desirable to enter passwords on someone else’s computer to log into the account of payment systems or use Internet banking, because it is possible that this computer uses a device or a program to remember the sequence of keystrokes (keyloggers).
Conclusion 14. Periodically change passwords (especially if you used a password on someone else’s computer). The stronger the password, the longer you can use it. A strong password of 12-14 characters, based on the recommendations described above, can not be changed for several years.
Save your passwords of the Lord.