How much thought do you put into your password?

Submission by @The-Mitigator (Telegram & Discord)

Password Protection

Despite being the most commonly used tools to restrict access to computer systems and online profiles, passwords are hardly taken into consideration. Seen as not much more than a hurdle, people generally don’t put much care in creating a strong password. Yet, they are only effective if chosen with care. Most computer users choose passwords that are easy to guess: The name of their significant other, a child or a pet, words related to jobs or hobbies or consecutive keyboard characters.

Hackers know and exploit these clichés, so a cautious user should not use them. Many security systems do not allow users to use real words or names as passwords, thus preventing hackers from using dictionaries to brute-force them.

Refresh your Passwords

Even the best password should be changed periodically. Combine letters, numbers and symbols. The more diverse the character types of the password, the more difficult it will be to guess. In computer systems, maintaining a good security policy of creation, maintenance and replacement of keys is a critical point to protect security and privacy. Many passwords are easily obtained because they involve the user’s name or other family data and, in addition, this is never (or rarely) changed. In this case the attack is simplified and only involves some trial and error.

Other times systematic attacks are carried out (even with several computers at the same time) with the help of special programs like Rainbow Tables, Dictionary attacks among others that test millions of possible keys, in very short times, until finding the correct password. Dictionaries are files with millions of words, which can be possible passwords of users. This file is used to discover this password in brute force tests. Currently it is possible to find large dictionaries oriented even to a specific area in accordance with the type of organization.

Rules of Choice of Keys

In choosing a solid and secure password, try the following:

• Do not use passwords that are words or names, even if they are not native to your current country of residence

• Do not use fully numeric passwords with any meaning (phone number, date of birth, car license, etc.)

• Do not use known technical terminology

• Choose a password that mixes alphabetic (uppercase and lowercase) and numeric characters

• Must be long, 12 characters or more

• Have different passwords on different machines and different systems. It is possible to use a base password and certain logical variations of it for different machines. This way, even if a password of a system is compromised, the other systems remain relatively safe

• Combine short words with a number or punctuation character: soy2_yo3

• Add a number to the acronym for greater security: A9r7R5G3d1P

• Choose a word without meaning, although pronounceable: taChunda72, AtajulH, Wen2Mar

• Do not allow any account without a password. If you are a system administrator, review this fact periodically (audit)

• Do not keep passwords by default of the system. For example, change the accounts of Administrator, Root, System, Test, Demo, Guest, InetUser, etc.

• Never share the password with anyone. If it is done, change it immediately.

• Do not write the password anywhere. If it is written, it should not be identified as such and the owner should not be identified in the same place.

• Do not type the password if someone is watching. It is a tacit norm for a benevolent actor not to look at the keyboard while someone types their password.

• Do not send the password by email or mention it in a conversation. If it absolutely needs mentioning, never explicitly say “my password is …”

• Do not keep a password indefinitely. Change it regularly. Have a list of passwords that can be used cyclically (at least 5).

Passwords are an annoying part of online life, but they will not disappear anytime soon. While the password policies of the last decade have caused more harm to the user than security, our research is helping to find ways to create passwords that really work for the average user while keeping us safer.

Odin Blockchain Community

Written by

A place for the community of the Odin Blockchain to post relevant articles.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade