Cyber Security: Passwords

3 min read

Deviation Actions

violinsane's avatar
By
Published:
1.2K Views
Hi friendlies,

So in the interest of virtual safety, I've decided to make a journal on everyone's favorite topic: cyber security :sleep:

Okay, okay, so maybe it's not the most exciting thing out there, but it is really important and I wanted to clear up a few things that a lot of people seem to be either unaware of or confused about.

1. Password Complexity
There seems to be a lot of misinformation regarding how you should choose a password. We all know that a good password is long, complex, and memorable. Unfortunately, getting all three traits can be pretty hard. I've seen lots of advice which goes something like, "Pick a word and then substitute symbols and numbers for some of the letters." BAD BAD BAD!  A quick perusal of rockyou.txt (massive list of common passwords) should make it clear why that might not be a good idea. A "random" password is by far the best approach. How then to make it memorable? Well, something I've found to be helpful is to choose a password that "feels good" when you're typing it. Much easier to get muscle memory to kick in if you're not stuck in one half of the keyboard. And hey, guess what? That often means it's a more random sequence.

2. Password Length
Most recommendations seem encourage a password length of at least 6 characters. That's a minimum recommendation. You really should pick a password that's longer than that. Unfortunately, it seems that most people don't. Again referencing the distribution of passwords in rockyou.txt, you'll see that most passwords are exactly 6 characters in length. Instead, go for longer passwords. In some high-security operations, the minimum acceptable password length is 14 characters. Try breaking your password into a couple of smaller password "chunks" to make it easier to memorize.

3. Compromised Passwords
If your password becomes compromised (or you even just suspect it), change it immediately. It doesn't matter what site you use it on, change it. A very common way that your password can be exposed is by logging into a site. If you've accidentally typed your login and password as one long string into the username field and then hit 'Enter' ('Return'), chances are your password is now compromised. Sign-in logs are often stored in plain-text files and your login might show up in the log looking like this:

Username:                                        Password:
CodeNinja%Xtb&n9P?x^4

Not too hard to make the leap of intuition that that's a username concatenated with a password. A few attempts should be enough to determine what your password is.



I could go on for about this for ages, but I figure that's enough for one night. Cheers and be safe!
© 2015 - 2024 violinsane
Comments0
Join the community to add your comment. Already a deviant? Log In