How to survive the chaos Mon password, but also take security seriously?
The purpose of this guide is to make it easier for users to define a good password. We use the password "everywhere", and it can be difficult to be motivated to use a password that is secure enough. This guide will try to tell what is a secure password, and provide tips on how to more easily remember the password, plus give tips on applications that can be used to manage your passwords.
Many users do not take passwords seriously
Several surveys show that many users are not very concerned with the proper password policy, which makes computer intrusion easier.
- A survey conducted by security firm BitDefender shows that 75 percent of the username and password used in social services, is identical to the username and password used in the e-mail. The survey reveals that it is very easy to find the username and password in blogs and other social services, and use these to gain easy access to other email accounts.
- According to researchers at the Georgia Tech Research Institute, it has become easier with hacked via bad password. This is especially the use of short passwords. The reason is that computers have gradually gotten more powerful components that make it easier to reveal the password with brute force, ie the guesswork of various combinations of a password.
Tips on choosing a password
There are several methods that attackers use to reveal a password. They often use applications that make it possible to systematically set to work, if it is about brute force or dictionary method.
"Methods are as follows:.
- "Brute force" is to guess all possible combinations of characters until the correct password is found. The more characters a password has, the longer it takes before an attacker can reveal any password with this method.
- "Dictionary Method" is all about using dictionaries, and any other sources to find correct password. It is in other words, whether valid words that are in use in one or more languages, such as "password" or "password" or any word found in a dictionary. There is also talk about the characters that are easier to type on the keyboard, for example, 1234, qwerty or asdf.
Other
options are quite numerous, but they are often situational. These are some examples:
- if password has been written down on paper, this may be in unauthorized hands.
- Stored in an unencrypted file. A malicious program can be used to steal such
- Keylogger programs can be used to listen in on your keyboard.
- Unauthorized persons may be physically present, and thus see when entering the password
- A video camera can be used to monitor key process, and thus reveal a password
Based on these various methods, we can give the following advice on choosing a good password, and a good password policy:
- Do not use a word that is in common use, such as a word found in dictionaries or names of people or animals.
- Use combination of letters, numbers and mix of uppercase and lowercase letters.
- Avoid repeating the same character many times in the same password.
- Avoid using combinations of characters that is easy to type, for example, 12345678, qwerty or asdfghjk.
- The longer a password is, the better. There should be minimum 8 characters, and preferably 12 characters or more.
- Avoid using the same password for many different services.
- A password should be changed regularly
Use your own password phrase
should not be written down on paper, and therefore you should create a password that is relatively easy to remember. A good tip is to put it into a phrase, such as the "Lives of 4 and a half million people in Norway, making the password dBo4oeHmMiN
Password Generator
There are a variety of programs and services that can be used to create passwords with random characters based on user's criteria. The problem with these services is that it is harder to remember your password, than if you make a password based on their phrase, but the use of programs that remember these passwords, the handling easier.
Password Analysis
There are many websites that provide analysis of the password, it means you can enter an example of a password, and the site tells you how secure a password is. You should basically do not enter an actual password, which you actually intend to use, but would like something similar. The purpose of such services is first and foremost to provide the user with a better general understanding of how a good password might look like.
Microsoft.com
tells you how secure a password is from the from the "Weak" to "Medium", "Strong" and "Best", where "Weak" is a bad password, while "Best" is a good password. Microsoft believes that a password should be 14 characters or more characters.
use Javascript to estimate the time it takes to reveal a specific password. The test is based on a possible brute force attack, meaning the attacker tries all combinations until the password is found. The more characters in the password, the longer it takes the disclosure.
Passwordmeter.com
make an analysis of a password. The analysis starts at the first sign, and continue on an ongoing basis as you enter more characters.
Photo: keepass.info
Applications
Here you will find programs that make it easier to manage your passwords. These are programs that for example can be used to remember many passwords, and who thus can make everyday life easier. It may be mentioned that a browser usually have a separate function that can be used to remember passwords for Internet services
KeePass
We will first review of the program KeePass because it is free, easy to use, and it is based on open source. The program is basically designed for Windows, but there are unofficial versions for Linux and Mac. All passwords can be stored in one encrypted (AES) database with a password so that you only need to remember one password, and it is the program that keeps track. The database can be synchronized between multiple computers on a network. KeePass may also be used from a memory stick, and can run on Windows computers without installation required. There are also a number of add-ons for KeePass.
KeePass can be downloaded from keepass.info,
New database is created via the menu File, New. Here you create a Password Mast, that is the only password you need to remember when using the application KeePass.
You will now see a new window with a folder structure, and the ability to create passwords that the program will keep track of. Select Edit, Add Entry, or the keyboard shortcut CTRL + Y to enter a new password. You can enter a title and description of the post to get the password.
Other programs and services
- Last Pass is web-based password manager that can be used to store netpage login`s in one place. The user only needs to remember one master password. If you log onto a new site, the program will automatically suggest that the password is remembered. The program can also be used to fill out forms on web pages automatically.
- Passwordsafe free password manager that works with both Windows, Mac and Linux. The passwords are stored in a database that is encrypted, and can be synchronized to other computers.
- Clipperz is an online service. You can access your passwords from any computer connected to the net.
- Mitto is another web-based password manager that can be used to log onto different websites.
- Roboform is a password manager that can be used to log onto the website via a click. A password is used for all logins, and the information is encrypted using AES encryption. The program can also be used to fill out forms on web pages automatically.
- Roboform2go
.is portable version of Roboform, a password manager that can be used directly from a memory stick. The program will be linked to Internet Explorer or Firefox (the program supports only the two browsers), and allows for automatic logging into sites via a toolbar. The process does not for some predict when the stick is removed. The program can be used to fill out forms on web pages, and it uses AES encryption. The free version allows up to 10 logins
Beezie out
0 Comment`s:
Legg inn en kommentar