Tips on how to choose a safe password

Monday, September 20, 2010 , , , 0 Comments

green-safe-lock-icon-representing-safe-password

Easy to remember is easy to steal, it is as simple as that. Many people think that it is OK to have a simple and easy password, not even thinking a way to choose a safe password. Having as easy password is risky especially when your password protects some sensitive information like credit card number, account number, etc.

A large number of security attacks start with a stolen password. Which makes it extremely important for a user to know how to set a safe password. From security point of view a safe password is a combination of random numbers, letters, and other characters. Passwords like these can be hard to remember so people write them down, which is a bad habit (as bad as a weak password). So, it is important to have a password that can be remembered and can be categorized as a safe password and this tutorial will show you how.

How not to choose a password

People make some very common mistakes while choosing their passwords and end up with some pretty weak passwords that are easy to hack. Before going any further I think it is important to describe some common mistakes that should be avoided while choosing a password.

  • Never use your own name (or username) as password.
  • Name of a relative, friend, pet, actor, or some other name should not be chosen. As, they are easy to guess when a person is going for a targeted attack.
  • Don't use the name of your favorite book, movie, play, location, etc. These are the first obvious guess of a hacker when they are trying to break into the account of someone that they know.
  • Any information that is personally relevant to you is again easy to guess. So, things such as address, SSN (Social Security Number), etc. should never be used.
  • Any single word in a language is vulnerable even spelled backwards.
  • An obvious misspelling like, f00tball (where number 0 is replace by letter o) or any similar can be guess specially in dictionary-attacks.
  • Never write down your password, specially for root accounts.
  • A name that appears or is near the monitor of the system falls in the category of don't do while selecting a safe password.
  • Ascending or descending order of numbers are fairly weak.
  • A string of same characters or characters that appear in the same row of a keyboard should never be user.

How to choose a safe password

Now that we know what not to do, lets move on what to do when choosing a good password. I'll use a two step process that will involve selecting a base for the password that will make it easy to remember and in step two I will modify it making hard for password cracking tools to crack it. Passwords created in this way are extremely safe and can't be hacked easily, so the following method is advised.

Step 1: Selecting a good base

First step is selecting a good base that is a string of characters that are easy to remember and must not appear in any language's dictionary. You can start with choosing a sentence and then combining the first letter of each word for example you can use sibfhh using smoking is bad for human health.

Another way of selecting a base is to combine two different words making a single word that does not appear in the dictionary for example you can use ruitpunc (by combining Fruit and Punch), now ruitpunc is not a part of dictionary so it a good choice and it is easy to remember too. So, it is also a good base.

Step 2: Modifying the base

Once you have selected a strong base using the method given in the first step now it time to make it more hard for the cracker to crack in. The aim of these modifications it to make the password move away from the original base. You can try one of the following modifications:

  • Add random punctuations, number, or control characters
    Start modifying the base by adding punctuations, number, or even control characters to it. We can modify our initial base sibfhh as si#bfh@h. Make sure to use the modification in between the base rather than at the end or start.
  • Change case at random
    This modification may not be all that effective on some systems which don't support case-sensitive passwords. But most of the system do, and it is important enough to employ it. In this way we can further modify the base as sI#bfH@h.
  • Reverse order of one base word
    If pair of words are used, you can reverse the order of anyone of them or you can change the order of any two letters at random for example we can modify sI#bfH@h as sI#fbH@h. Again it is not that effective but it will increase the search time of the cracker.

Once you are done with all these steps you will be left with a very very strong and safe password (sI#fbH@h in this case). This password is easy enough to remember and is hard for a cracker to crack. But, remember not to make password too hard to remember for yourself and you will be fine.

Iqrash Awan

Some say he’s half man half fish, others say he’s more of a seventy/thirty split. Either way he’s a fishy bastard.

0 comments:

Subscribe to: Post Comments (Atom)