In the last 72 hours have been exposed 6.5 million LinkedIn users passwords to those who have added 1.5 million users of eHarmony and any number of Last.fm users . In all three cases, the solution is to encourage users to update their passwords and, in fact, in the case of Last.fm request is extended to all service users (regardless of whether your password has been leaked or not).Seeing how the landscape, it may be a good time to take a moment to update your passwords and bet on robust combinations that are not easy to break because, basically, the user is the last line of defense that can prevent theft your account or something much worse.
A password is a combination of characters that we use to access a particular service and verify our identity because, theoretically, the password is something personal and not transferable . If the bad practice of sharing our password, write it down on the last page of our notebook or directly write on post-it that we stuck on our computer screen, we add the choice of a simple password, cut or formed easily guessed words, our account will be at the mercy of anyone with no good intentions.
What is a weak password? We consider a weak password to anyone who is vulnerable and therefore capable of being ascertained without great effort. This group could include default passwords generated (root / root, user / user, admin/123456, etc.), passwords too frequently despite his weakness and that, therefore, are part of lists and libraries or passwords formed with personal data (birth dates, names of family, pets, etc).
By contrast, a strong password is a long string of characters that have been generated either randomly or only the user is able to ascertain and, therefore, try to find it out is time consuming and computationally (putting it more difficult for an attacker .)
Surprisingly, despite the cases of theft of accounts that have emerged in recent months, there are people who use weak passwords as “123456”, “qwerty” or “superman” (which incidentally have the dubious honor of being part of the 25 worst passwords of 2011 ).
Why not consider using personal information? Today, our data are on multiple websitesand, for example, on social networks like Facebook your birth date or our relatives (siblings, spouse, etc.) are quite visible in our profile if we have not taken appropriate steps to properly configure our account . If we add that there may be cases that people within our circle might want access to our accounts, use our password data available to them can be counterproductive.
However, the danger is not only on the network or in our circle of acquaintances, through social engineering , someone skilled than posing as a pollster could sonsacarnos information that could be used to try find out the passwords we use.
As I mentioned not long ago a coworker who, precisely, works in the field of information security, try to avoid getting into situations like this:
I lost my password, I have to rename my dog
To mount our password, of course, we have a common foundation: letters, symbols and numbers that must combine properly and keeping a balance between strength and ability to memorize (because if we have to write it down on paper that we lose or we can subtract , all the effort will not help).
Depending on the service you want us to register or change the password, you will surely find different criteria in providing the types of characters are acceptable and, moreover, need not coincide with other services. Overall we will have:
How do we combine the characters available to mount a strong password? For this there is no fixed rule, since the passwords are personal, although we can follow a set of guidelines to generate a strong password without dying in the attempt.
To begin, we should take into account a number of top form when our password:
One way to generate your password might be to use a Web service generating random passwords ( Password Safe , Contrasena.com , Generate Password , etc) but you may encounter problems when it comes to memorize the sequence so we must think of something we can remember .
We can start thinking of several words that are easy to remember or a complete sentence, delete the spaces between words, insert symbols and abbreviations of words (‘+’ to ‘more’), using capital letters, replace some letters with numbers or insert digits in mid-sentence or end. Another possibility is to think of a phrase that is easy to remember, stay with the initials of each word and use it as the root of our password changing will complete since some letters to uppercase and attaching special characters and digits.
Many services and applications we usually indicate the strength of our password when we are entering (eg Drupal) but we can also measure the strength of your passwords with some services available online and can guide us to improve our combination of characters (eg How Secure is my password? or the Microsoft Password Strength Checker )
Once we get used to use something stronger passwords, the next step is to establish within our dynamic this discipline and also consider the following :