Oct 15

Best Passwords

Personal Gadget No Comments »

No sane person would ever like someone else reading her email. Or for that matter some other person using her password and breaking into a financial institution. You should, therefore, choose a strong, secure password in such a manner that would be a hard nut to crack for others and easy for you to remember. The more random and mixed-up you make it, the harder it is for others to crack. Mind you, if your password is compromised, the password crackers will even take over your identity.

A password, if too short, is vulnerable to attack if an attacker gets hold of the cryptographic hash of the password. Present-day computers are fast enough to try all alphabetic passwords shorter than seven characters. We can call a password weak if it is short or is a default, or which can be rapidly guessed by searching a subset of all possible passwords such as words in the dictionary, proper names, words based on the user name or common variations on these themes.

On the other hand, a strong password would be sufficiently long, random, or which can be produced only by the user who chose it, so that ‘guessing’ for it will require too long a time.

For maximum security, the user should follow some simple guidelines:

1) Passwords should preferably be at least 8 characters long and not more than 14.

2) Passwords should contain a mix of numbers, letters, and special characters (%&3ac_ht4@m7).

3) Passwords should not contain a dictionary word from any dictionary, be it French, Spanish, medical, etc.

4) Each password should be different from the user’s User-ID and any permutation of that User-ID.

5) New passwords and old passwords should differ by at least 3 characters.

6) Avoid picking names or nicknames of people, pets, or places, or personal information that can be easily found out, such as your birthday, address etc.

7) It’s wise to stay away from common keyboard sequences, such as dfgh678 or abc345 .

8) Never form a password by appending a digit to a word. That can be easily guessed.

9) Avoid writing your password down or storing it on your computer.

10) Never share your password with anyone else.

Passwords provides detailed information on Best Passwords, Change Passwords, Password Generators, Password Protection and more. Passwords is affiliated with Electronic Keyboard.

Related posts

Tags: , , ,

Sep 21

Change Passwords

Personal Gadget No Comments »

All passwords should be changed regularly. A change in password could also be necessitated by the fear or reality of a user’s current password being compromised. As a precautionary measure, any system should provide an encrypted method for changing a password. If a new password is passed to the system in an unencrypted form, security can be compromised before the new password can even be installed in the password database. And if a compromised employee or other intermediary gets hold of the new password, there is little to gain from changing a password. There are some web sites that include the user-selected password in an unencrypted confirming e-mail message.

Today, automatic issuance of replacements for lost passwords is mostly done with the help of identity management systems. To verify the user’s identity, questions are asked and answers are compared with the ones previously stored. Some samples: “Where were you born?” or “What is your favorite soccer club?” or “Who is your favorite actress?” There is a possibility that in a number of such cases the answers to these questions can be guessed, found by research, or determined with the help of social engineering. Although many users have now learnt not to reveal a password, there are a few as well who consider the name of their favorite soccer team to need similar care.

If a user is forced to change his passwords frequently, then a valid password in the wrong hands will eventually become unusable. Though not yet universally used, many operating systems provide such features these days. The security benefits of these systems are limited, as attackers often exploit a password as soon as it is compromised. In several instances, more so with administrative or “root” accounts, it has been found that once an attacker succeeds in gaining access, he/she makes alterations to the operating system that will allow him/her future access even after the expiry of the initial password.

Again, if forced to change a password too frequently, a user may forget which password is current, and there is almost always a possibility that he will write his password down or reuse an earlier password. Such steps are most likely to cancel any added security benefit. It is imperative that human factors be duly considered before implementing such a policy.

Passwords provides detailed information on Best Passwords, Change Passwords, Password Generators, Password Protection and more. Passwords is affiliated with Electronic Keyboard.

Related posts

Tags: , , ,