Mastering Security, Part 1: How to Manage and Create Strong Passwords

WonderHowTo

• Resurrecting a Video Game Magazine: PC Gamer Digital
• Scrabble Bingo of a Day Weekly Roundup: Shlemiels, Cynosures and Yanquis
• Mastering Security, Part 1: How to Manage and Create Strong Passwords
• Get Inspired! 20 Amazing Examples of Aerial Photography
• How to Automatically Organize Your Torrents with Batch Scripting

I’ve seen countless tutorials on how to emanate a “strong” password. This creates me laugh. These titles indicate “one” password, that is wrong in and of itself. A chairman should have many passwords, all different, and all intensely long. People might ask how they’re ostensible to remember extensive passwords and since their stream cue isn’t good enough. Well, I’m going to uncover you.

In this Power Byte, I’m going to uncover we what goes into creation a clever password. we will make a password, moment it in a hashed form, afterwards uncover we how we can make a cue stronger. After, we are going to examination some protected practices and techniques to use for gripping passwords safe, and formulating a good cue government plan.

How Passwords and Accounts are Compromised

Passwords and accounts are compromised in a series of ways:

• A website gets hacked with your cue crush in a database, and it is comparatively short, so simply crackable.
• You wrote it down somewhere, and someone stole it.
• You have a cue that can be guessed simply (birthday, anniversary, etc).
• Your cue liberation information on your email is something anyone could find out (first pet’s name, favorite place, where we were born, etc).
• You store your cue in your browser.
• You tell people your password.

These are all bad practices. A chairman who knows anything about you, or even a many inexperienced hacker could get into your accounts and means some critical trouble.

Safer Practices Why They Are Safer

1. Don’t use a same cue anywhere.

If we use a same cue for everything, someone who gets your cue to a stupid flash-game site could get on your email. Once an assailant has your email, it’s over. They can reset your passwords for anything. Bank accounts, PayPal, Facebook. All of it would be left forever, with small or no possibility of removing it back.

2. Don’t roller a web on unencrypted wireless.

Anyone on a same network as we with a packet sniffer could get your login certification for any websites we revisit that don’t use SSL/TLS (Secure Socket Layer/Transport Layer Security), that leads me to…

3. Don’t roller a web but regulating SSL/TLS encryption on logins.

Make certain each site we record in to has “https://” in front of it on a URL. This means that a tie is encrypted and secure (for a many part). Your certification can't be sniffed with a parcel sniffer, however, if someone achieved a man-in-the-middle conflict on you. With a apparatus like SSL strip, we would still be vulnerable. However, that takes time and skill, so we can rest positive that it’s distant some-more secure than nothing.

4. Use present module that hackers can’t feat easily.

Make certain you’re regulating a latest chronicle of each program. Some programs will have remote exploits that hackers can use to take an unencrypted chronicle of your password. This happens many ordinarily on present messengers and browsers (people who don’t save their passwords are not vulnerable).

5. Don’t use open wireless but tunneling, or regulating a VPN (Virtual Private Network).

Sending your encrypted trade behind home, and regulating your home network as a hovel is always a good idea. A VPN for a Windows mechanism works great, and a VPN server and customer are built-in to Windows 7. It will encrypt all your traffic, and make your home mechanism ask pages on a internet, creation your trade secure, and un-sniffable.

6. Don’t use cue liberation questions.

The cue liberation in emails is an easy approach for enemy to get in—that is, if a information is accurate. we advise regulating feign information for confidence questions, if we contingency use them.

7. Don’t use a same email for everything.

I use a opposite email for everything. This ensures that, by chance, if one comment becomes comprimised, a rest of my accounts are safe. This also protects opposite spam for accounts that are used for particularly business, family, or gaming websites.

8. Use prolonged passwords.

I can’t highlight this enough. You need to use passwords longer than 12 characters, with full ASCII. Computers can now use their GPUs (Graphics Processor Units) to moment encrypted passwords. GPUs are FAR faster during enormous passwords than required mechanism processors, since they are bettter matched for formidable math functions. CPUs are some-more ubiquitous purpose. we burst a crush of “p3nCi15″  (a395c93efb5c2eb0cfa57189a2320bd4) in reduction than 30 seconds with one nVidia GPU. Some people have adult to 16 GPUs that can moment passwords concurrently (and they are a lot faster than a one we used). Your passwords are in difficulty if any website we used ever gets hacked and a database information leaks, since your crush will be in there. Using “1337-5p34k” (elite-speak) is not secure unless a passwords are long.

Why “1337-5p34k” Passwords Fail

Lots of people make passwords that are usually brief strings of letters transposed with “Elite Speak” characters. That is, replacing certain letters like “s” with “5″ and so-on. These are diseased becase they are short, and contained in many dictionaries. For example, this dictionary from Packet Storm.

Great Techniques for Managing Passwords

Having outrageous passwords can be tough to remember. My passwords are unfit for normal humans but detailed memory to remember (50-200 impression full ASCII passwords, even my bank PIN is a limit of 12 digits).

I use a TrueCrypt enclosure to store my cue in a content file. This enclosure is heavily encrypted with AES-Serpent-Twofish algorithms, with my usually memorized 35 impression cue as a pivotal to open it. There is no approach famous to mangle this encryption, so do not forget a password. I’ll uncover we how to set it up.

1. Download TrueCrypt.
2. Go to a Download folder and double-click a installer.
3. Click by a customary Next Next Done wizard, zero needs to be altered unless we don’t wish desktop icons.
4. Watch this video on how we set adult a container:

5. When that’s all set up, click Browse and find a enclosure we usually done and Mount it.

6. Type in a cue we done and a volume will mount. Make a .txt record with all of your passwords inside of a volume, and afterwards we never have to remember passwords!

I advise creation several copies of your encrpyted cue container. Put it on ride drives, removable HDDs, and maybe toss it inside a fire-proof safe. You can never be too careful.

Photo by Wes Novack

Via Mastering Security, Part 1: How to Manage and Create Strong Passwords on power-byte.wonderhowto.com.

Read some-more posts on WonderHowTo »

Article source: http://www.businessinsider.com/mastering-security-part-1-how-to-manage-and-create-strong-passwords-2011-10