How to Improve the Strength of Your Password

In the last 72 hours have been exposed 6.5 million LinkedIn users passwords to those who have added 1.5 million users of eHarmony and any number of Last.fm users . In all three cases, the solution is to encourage users to update their passwords and, in fact, in the case of Last.fm request is extended to all service users (regardless of whether your password has been leaked or not).Seeing how the landscape, it may be a good time to take a moment to update your passwords and bet on robust combinations that are not easy to break because, basically, the user is the last line of defense that can prevent theft your account or something much worse.

Weak password and strong password

A password is a combination of characters that we use to access a particular service and verify our identity because, theoretically, the password is something personal and not transferable . If the bad practice of sharing our password, write it down on the last page of our notebook or directly write on post-it that we stuck on our computer screen, we add the choice of a simple password, cut or formed easily guessed words, our account will be at the mercy of anyone with no good intentions.

What is a weak password? We consider a weak password to anyone who is vulnerable and therefore capable of being ascertained without great effort. This group could include default passwords generated (root / root, user / user, admin/123456, etc.), passwords too frequently despite his weakness and that, therefore, are part of lists and libraries or passwords formed with personal data (birth dates, names of family, pets, etc).

By contrast, a strong password is a long string of characters that have been generated either randomly or only the user is able to ascertain and, therefore, try to find it out is time consuming and computationally (putting it more difficult for an attacker .)

Surprisingly, despite the cases of theft of accounts that have emerged in recent months, there are people who use weak passwords as “123456”, “qwerty” or “superman” (which incidentally have the dubious honor of being part of the 25 worst passwords of 2011 ).

The personal information

Why not consider using personal information? Today, our data are on multiple websitesand, for example, on social networks like Facebook your birth date or our relatives (siblings, spouse, etc.) are quite visible in our profile if we have not taken appropriate steps to properly configure our account . If we add that there may be cases that people within our circle might want access to our accounts, use our password data available to them can be counterproductive.

However, the danger is not only on the network or in our circle of acquaintances, through social engineering , someone skilled than posing as a pollster could sonsacarnos information that could be used to try find out the passwords we use.

As I mentioned not long ago a coworker who, precisely, works in the field of information security, try to avoid getting into situations like this:

I lost my password, I have to rename my dog

The foundation: characters, symbols and numbers

To mount our password, of course, we have a common foundation: letters, symbols and numbers that must combine properly and keeping a balance between strength and ability to memorize (because if we have to write it down on paper that we lose or we can subtract , all the effort will not help).

Depending on the service you want us to register or change the password, you will surely find different criteria in providing the types of characters are acceptable and, moreover, need not coincide with other services. Overall we will have:

• Letters, both uppercase and lowercase
• Numbers
• Symbols and special characters (although not all services are supported): {} () [] <> | \ / _ – + = ~ “‘` * ^? ! @% & # $
• Punctuation marks (,.: 😉

Safe combinations

How do we combine the characters available to mount a strong password? For this there is no fixed rule, since the passwords are personal, although we can follow a set of guidelines to generate a strong password without dying in the attempt.

To begin, we should take into account a number of top form when our password:

• Mix at least 3 or more groups of characters, ie, combine uppercase and lowercase letters, numbers and special characters.
• The length of the password, at least, should be 8 characters (but not too long not to provoke rejection in use)
• Minimize the number of repetitions of characters or obvious patterns or sequences (abcd, qazwsx, 23456, etc)
• To facilitate the reminder we use numbers to replace letters, for example, substitute the letter ‘o’ for the ‘0 ‘or’ e ‘for ‘3’

One way to generate your password might be to use a Web service generating random passwords ( Password Safe , Contrasena.com , Generate Password , etc) but you may encounter problems when it comes to memorize the sequence so we must think of something we can remember .

We can start thinking of several words that are easy to remember or a complete sentence, delete the spaces between words, insert symbols and abbreviations of words (‘+’ to ‘more’), using capital letters, replace some letters with numbers or insert digits in mid-sentence or end. Another possibility is to think of a phrase that is easy to remember, stay with the initials of each word and use it as the root of our password changing will complete since some letters to uppercase and attaching special characters and digits.

Verification methods

Many services and applications we usually indicate the strength of our password when we are entering (eg Drupal) but we can also measure the strength of your passwords with some services available online and can guide us to improve our combination of characters (eg How Secure is my password? or the Microsoft Password Strength Checker )

Do not fear these services because they do not store the password, calculate the strength while the write (thanks to a JavaScript) and also unaccompanied by a username or an email does not help much.

Guidelines to consider

Once we get used to use something stronger passwords, the next step is to establish within our dynamic this discipline and also consider the following :

• Our password is a precious commodity and opens the door to our email, our bank account, our profile on Facebook or Twitter, that is, we keep it safe.
• It is important to keep a different password for each service you use or at least add a suffix to differentiate them (yes, that is not too obvious because then we will be exposed)
• We must change our password regularly, eg every two months at the latest
• Not too much recycle passwords, i.e. avoiding reuse and always want to introduce some variation reuse (new digits, for example, but without using an incremental sequence “xxxx1” “xxxx2”)

Shortlink:

Posted by Paracha on June 11, 2012. Filed under Articles, IT, Networking. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry