Welcome to the inetsovety.ru blog! For a long time already I wanted to write an article about what should be the password for the account, so it was very difficult to crack it. In this article, you will learn how to create a complex password. We will consider techniques that will help not only to make the password safe, but also not difficult for you to remember.
Now we can’t imagine our life without the Internet. Almost every site asks for registration. The most popular resources are social networks. Every day, millions of users are logged in to their accounts. We run the risk of making a lot of mistakes - sending important data in messages. Well, when there is a complex password for a VK or other popular social network, it helps to protect yourself from intruders.
Several password complication methods
What should be the password? This question is asked by hundreds of Internet users. The following types of passwords are distinguished:
- combined (combination of previous options),
- use of register.
The first three species do not inspire confidence. These are too easy ways to create a password. Inexperience, we make mistakes and put them down. Okay, this will be a “password” for an account on a forum or other similar place. And, if this is the entrance to the bank’s office, all your money will be lost. The only thing that saves is the security service of such sites has developed a system for rejecting light passwords.
Letters, numbers and symbols.
A combination of letters, symbols and numbers is the most secure form of password. You need to seriously smash your head to guess it.
Experienced "users" advise beginners to use this particular combination. Also, do not make it too short. A long combination will allow you to keep your data and correspondence safe from third parties.
The main thing is not to use common phrases below:
These and other similar keyboard character sets guarantee hacking. Not only to you they come first to the head, but to hundreds of people. They will not even be calculated by a special program, but usually by a detractor.
How to choose a password for mail or another type of authorization? This issue is worth doing on your own. To help come a few more options for complicating the password.
Before entering a username and password, you should pay attention to the sensitive case of some forms. The combination of uppercase and lowercase letters will make the password more reliable.
When writing a secret word, think about its diversity. Alternate uppercase and lowercase letters, one or more pieces. This method will seriously upset network villains.
The most offensive if you yourself forget the order. On the recommendation of experienced users, the first character should be capitalized, the second - lowercase, and then alternate one at a time. This advice is better to take note so as not to rack your brains later.
You can do without implementing the registry features in the password, but this is still another way to increase the password complexity.
The date of birth that any user will remember is the most banal and easiest way. If you beat it correctly, then you can get a good option. Using the “changeling”, many managed to create a winning password, which is unlikely to be undecided.
The method is based on writing the characters in reverse order. Choose any date, for example, when you were born and type on the contrary. If the phrase "081978" is conceived, then turning over, we get "879180". It’s quite simple to remember how such a password is written.
Consider other more complex ideas. Suppose the basis of the password is your first and last name. We dial, already knowing the technique using the register - “PeTrPeTrOv”. Now apply the tactics of the “shifters”. We apply the date, for example, when the user was born - February 21, 1982. Plus, let's add characters. At the end we get the following password example - “PeTrPeTrOv! 28912012”. The result was stunning, because for the "user" it is simple and easy, but not for attackers.
Check the strength and security of the password using online services:
What kind of password should it be? Find out another great way. We will consider the principle of encryption. In fact, all the methods discussed earlier have something in common with this. Here we show what passwords are by encrypting phrases.
We take the most meaningless and unique phrase, which is easily stored in memory. Let there be "cosmic cockroaches." You can use any lines from songs and poems, preferably not very well-known.
Then we apply the code to our phrase. Consider a few valid ways:
- rewriting the Russian word in the English layout,
- replacing letters with characters that are similar in appearance (for example, “o” - “()”, “i” - “!”, “a” - “@”),
- removal of paired or unpaired characters,
- throwing out consonants or vowels,
- addition with special characters and numbers.
So, we’ll think up a few words with a meaning - “cosmic cockroaches”. We take 4 letters from each, we get "cosmtara". Switch to English and retype - “rjcvnfhf”. We complicate by starting the cipher with a capital letter and adding characters.
Here's what the password should be like for the example of the originally conceived phrase - “Rjcvnfhf @ 955”.
Invented a reliable combination with a large number of characters. Password strength is checked using special services, for example, passwodmetr.com. The combination, as we managed to not just guess the scammers, so the user's personal data is not involved. But for the "user" such a "password" is a find, since remembering such a strong password is not difficult.
For those who do not want to spend too much time thinking, developers have long invented complex password generators. This method provides some degree of reliability. The "passwords" invented by your own mind are still considered the best.
What is a generator and how to use it? This is a smart program that displays random passwords - completely random combinations were made. He uses many of the methods considered, but he does not take into account the “shifters”.
The complex password generator is downloaded from the network. For example, take keepass. Like any other generator, it’s not difficult to work. The application starts and the generation itself by pressing a special button. After the operation, the PC issues a password option. The only thing left is to enter the resulting combination in an unchanged form or with additions.
Hard passwords invented by an iron friend are very difficult to remember. Rarely, those who keep them in the mind often have to write down. There are usually many passwords, because we don’t sit on one site and are constantly registering again and again on other resources. Therefore, to store a bunch of such information is not convenient for everyone. You can completely lose all the papers with notes.
There is one way out with storage - print them in a computer file. This is one of the most reliable cases. One has only to remember that the PC system is not eternal and also becomes worthless.
New Internet users face some difficulties. They do not know what a username and password are, I want to set an example as such. The login is most often the email address, and the password is invented by the "user". With a secret combination for the graph "password" have already figured out. What the login looks like and our recommendations for choosing it, read the link http://inetsovety.ru/kak-sozdat-login/
All methods for creating complicated passwords have already been discussed above and you can create an email password that will reliably protect your data from third parties.
Beware of phishing sites with which scammers steal data to access sites. Read more about security measures here.
I’m offering you some tips for creating passwords:
- Do not mention personal information about the user (full name of relatives, pet names, phone numbers, addresses, birth dates and more),
- you can’t use Cyrillic in the password,
- do not use phrases that are easily calculated using a dictionary of popular passwords (yastra, love, alfa, samsung, cat, mercedes and other similar, as well as their other derivatives and combinations),
- take into account the length of the characters - preferably at least 10,
- complicate the password with a combination of all kinds of methods - upper and lower case letters, numbers, symbols,
- do not use the most frequent passwords - templates, think in an original way (a robot that calculates your password cannot be as smart as a person).
Remember all the recommendations made when you need to come up with a strong password. Given them, you will seriously protect yourself from trouble. Good luck in hard business.
How hackers crack passwords
I immediately recall the Sherlock series (season 4 in January, cheers), where our ingenious detective was able to solve a very non-trivial password on the phone Iren Adler in just a few attempts:
If she had chosen any random combination of four letters and numbers, it was unlikely that even Sherlock Holmes would have succeeded. In general, filmmakers love to insert such scenes (remember any other password guessing movie), but the most interesting thing is that in life this kind of thing even works. This hacking method is called logical guessing - and is based on known user information.
If the attacker knows name, surname and date of birth - He can sort out possible combinations in a few minutes and crack the password that uses this information. Well, surely you use at least one of these? :)
By the way, do you know what passwords are found often? On the net, I found a plate with examples of the most popular passwords:
As you can see, these are basically simple combinations of numbers and letters. The frequency is not specified here, but it is permissible if at least 1% of users use a primitive password 123456 - how many accounts will a hacker be able to crack on a large service? And if you drive away all known popular passwords? That's it…
By the way, there are special password dictionaries that can be downloaded from the Internet. Fortunately, popular sites have long been requiring users to at least minimize input complexity - use uppercase and lowercase letters, at least a couple of numbers and check that the password is not in the same dictionaries.
However, this may not be enough if the hacker has large resources and special programs. So-called brute force method allows you to guess passwords by simply sorting out all possible combinations; modern computer capabilities allow this completely.
The more different characters are used (uppercase and lowercase letters, numbers, periods / dashes / commas, etc.) and the longer the password, the more time it will take for the computer to check all possible options. How much? Suppose that the password uses only lowercase English letters and numbers, then the situation is this:
As you can see, a password of less than 7 characters can be cracked in one day, and a 7-character breaks in a week, if the hacker is lucky - even faster. In general, the password complexity for the brute force method looks something like this, I think the conclusions are obvious.
However, even if you create a good, complex password, there are workarounds ways to hack it. For example, a letter arrives in the mail with a phrase like “send your password for verification to withdraw money”, of course, this should never be done! Administration of any site or service never will not ask for your password, they already have it in the database.
Another way to get a password is to “spy” it somehow. As a child, when I went to a computer club, this was a real problem - around a lot of people and enter the password from your game account so that no one would spy it, it was not easy. Cases of theft of game currency and gizmos happened :)
Attackers can also hook on your computer trojanwhich records what you enter from the keyboard. To protect against such an attack, of course, you need to use antivirus.
Well, now you know the easiest ways to hack your data. How to protect yourself from them and create a complex and strong password?
How to create and remember a strong password
As we have already found out, the password must be at least 8 characters long, and it is very desirable that different types of characters be used in it:
- lower case - a, b, c ...,
- capital letters - A, B, C ...,
- numbers - 0,1,2…,
- punctuation marks - comma, dash, question mark, etc.,
- Special symbols - @, #, $,%, etc.
You can check the password complexity, for example, on the Kaspersky Lab website, it looks pretty lively:
It’s not necessary to create a password manually, there are a lot of sites where you can do this, just enter the query “password generator” in the search engine - you will be given a large list. Of course, the question arises - does the particular site record the entered passwords? Even so, you still need to know the login, and it’s not known where you will apply the combination.
In order to calm down your paranoia, you can generate a password on the site, and then change a few characters in it - the complexity will not change, and the risk of hacking by brute force will still be very low.
There is only one problem with the generated passwords - remembering at least one is quite difficult, but ideally each site needs a unique. One of the best ways to simplify your task is to use words in your own language in the English layout, diluting them with numbers and signs.
Here is an example of a simple to remember, but very high-quality password. Take the Russian noun “iron” and the logically unrelated verb “green”. For example, let’s say the year of birth of the famous writer Leo Tolstoy, 1828. Let’s spice it up with an exclamation mark!
Mix a bit - and get such a password - en.u18! ptktyttn28. I wrote down Russian words using the English layout, broke the year of birth into 2 parts and substituted at the end of each word, and in the middle an exclamation mark. It seems to be nothing complicated, but the password is very high quality:
You can think of other similar ways to create a password - all of them will give excellent results. However, this still does not help to follow the rule. 1 site - 1 password, it is difficult to remember more than five combinations and not start using them several times. It turns out that you need a place to store important data.
Password Storage Software
Separately, I want to say that writing on a piece of paper and sticking it to the monitor is an idea so-so :)
It is possible, for example, to write passwords in a notebook, but this is not very convenient - each time you need to enter the password manually and carry it everywhere with you. And anyone who sees you looking at a notebook and typing something on a computer will quickly understand what's what and may try to steal it.
Nevertheless, in my opinion, it is more practical to use a specialized program for storing passwords. Firstly, they can be stored right in the browser - after the first introduction you are asked whether to save or not:
This is quite convenient, and access to the repository is not so simple - the main thing is to update the browser on time, vulnerabilities are constantly eliminated. Of course, there are also disadvantages - if someone else uses the computer, he can easily use the saved passwords.
It is quite possible to store in the browser not very important data - from any accounts on the forums or free services, breaking them will not do you much harm.
More valuable data should be stored with at least additional security features. There is a special extension for browsers Lastpass, which does roughly the same thing as the browser itself, but better. The store itself can be locked with a password, you will need to come up with just one using the “green iron” method and remember it.
The minus of LastPass is that your passwords are still located on third-party servers, and if they are hacked (and hacking stories of the largest corporations indicate that no one is safe), the data will leak to the attackers.
I got a more encouraging experience while working with a regular program for storing passwords under Windows - Keepass. It is free and based on open source, which means that many programmers checked it and did not find hidden moves to steal data.
She is English-speaking, perhaps this is the only minus that I have found so far. The meaning is this: all passwords are in the database, which is protected by a separate password and key file:
The Master Password must be very complex, but since it is one, remembering it is easier. The password database looks like this:
I now have several groups of passwords - Mail, Forex, Social networks, etc., in each of them there are various records. In principle, everything is arranged quite simply, especially if you know English.
You probably would like to receive detailed instructions for using KeePass. Let’s say so - if at least 5 different people in the comments ask you to write an article or ask something about a program for storing passwords, I will assume that the audience is interested and will do it next week :)
And that’s all! So you find out the basics of creating and storing strong passwords. Давайте-ка проверим, как обстоят дела у читателей Вебинвеста :) Нужен такой сайт, которым бы пользовались все… думаю, социальные сети подойдут. Итак, прошу вас с помощью голосовалки рассказать о том, насколько сложный пароль вы используете для любимой соцсети:
Надеюсь, что после моей статьи ситуация сдвинется в лучшую сторону. Особенно если вы поможете распространить статью среди ваших друзей и коллег:
Друзья, вообще вы как, ответственно относитесь к паролям? Или считаете, что не стоит слишком забивать голову, заморочки того не стоят и можно обойтись достаточно простыми? Оставляйте свои мнения в комментариях.
See you in the new articles of Webinvest! Winter is coming ... please don’t be ill.
The output may be the reverse way of generating. You create a completely random password in random.org, and then turn its characters into a meaningful catchy phrase.
Often, services and sites give users temporary passwords, which are those very random combinations. You will want to change them because you cannot remember, but if you take a closer look, it becomes obvious: you do not need to remember the password. For example, take the next option with random.org - RPM8t4ka.
Although it seems pointless, our brain is able to find certain patterns and correspondences even in such chaos. To begin with, you can notice that the first three letters in it are capitalized, and the next three are lowercase. 8 is twice (in English twice - t) 4. Look a little at this password and you will surely find your own associations with the proposed set of letters and numbers.
If you can memorize meaningless sets of words, then use this. Let the password turn into revolutions per minute 8 track 4 katty. Any conversion on which your brain is better "ground" is suitable.
Random password is the gold standard in information security. It is by definition better than any password invented by man.
The minus of acronyms is that over time, the spread of such a technique will reduce its effectiveness, and the inverse method will remain equally reliable, even if all the people of the world have been using it for a thousand years.
A random password will not fall into the list of popular combinations, and an attacker using the mass attack method will pick up such a password only with brute force.
We take a simple random password that takes into account uppercase and numbers - these are 62 possible characters for each position. If we make the password only 8-digit, then we get 62 ^ 8 = 218 trillion options.
Even if the number of attempts within a certain time period is not limited, the most commercial specialized software with a capacity of 2.8 billion passwords per second will spend an average of 22 hours on the selection of the desired combination. To be sure, we add only 1 additional character to such a password - and it will take many years to crack it.
A random password is not invulnerable since it can be stolen. There are many options, from reading keyboard input to a camera behind your shoulder.
A hacker can hit the service itself and get data directly from its servers. In this situation, nothing depends on the user.
One reliable foundation
So, we got to the main thing. What tactics using random password to apply in real life? From the point of view of the balance of reliability and convenience, the “philosophy of one strong password” will show itself well.
The principle is that you use the same basis - a super-reliable password (its variations) on the most important services and sites for you.
Remember one long and complex combination of strength for everyone.
Nick Berry, an information security consultant, allows this principle to be applied, provided that the password is very well protected.
The presence of malware on the computer from which you enter the password is not allowed. It is not allowed to use the same password for less important and entertaining sites - simpler passwords will suffice for them, since hacking an account here will not entail any fatal consequences.
It is clear that a reliable foundation needs to be somehow changed for each site. As a simple option, you can add a single letter to the beginning, which ends with the name of the site or service. If you return to that random password RPM8t4ka, then for authorization on Facebook it will turn into kRPM8t4ka.
An attacker who sees such a password will not be able to understand how the password for your bank account is generated. Problems will begin if someone gains access to two or more of your passwords generated in this way.
Some hijackers generally ignore passwords. They act on behalf of the account holder and mimic the situation when you forget your password and want to restore it for a secret matter. In this scenario, he can change the password of his own free will, and the true owner will lose access to his account.
In 2008, someone got access to the email of Sarah Palin, Governor of Alaska, and at that time also a candidate for the presidency of the United States. The cracker answered a secret question, which was: “Where did you meet your husband?”
After 4 years, Mitt Romney, who was also a presidential candidate at the time, lost several of his accounts on various services. Someone answered the secret question about the name of the pet Mitt Romney.
You have already guessed the essence.
Public and easily guessed data cannot be used as a secret question and answer.
The question is not even that this information can be carefully fished out on the Internet or from those close to you. Answers to questions in the style of "animal name", "favorite hockey team" and so on are perfectly selected from the corresponding dictionaries of popular options.
As a temporary option, you can use the tactics of absurdity of the answer. If simple, then the answer should have nothing to do with the secret question. Mother's Maiden Name? Diphenhydramine. The name of the pet? 1991.
However, such a technique, if it is widely used, will be taken into account in the relevant programs. Absurd answers are often stereotypical, that is, some phrases will occur much more often than others.
In fact, it’s okay to use real answers, you just need to choose the right question. If the question is non-standard, and the answer to it is known only to you and is not guessed from three attempts, then everything is in order. The plus of the true answer is that you will not forget it over time.
Personal Identification Number (PIN) is a cheap lock that our money is trusted with. No one is worried about creating a more reliable combination of at least these four digits.
Now stop. Right now. Right now, without reading the next paragraph, try to guess the most popular PIN. Are you done?
According to Nick Berry, 11% of the US population uses a combination of 1234 as a PIN code (where it is possible to change it yourself).
Hackers do not pay attention to PIN codes because without the physical presence of the card, the code is useless (this can partially be justified by the small length of the code).
Berry took the lists of passwords that appeared after leaks in the network, which are combinations of four digits. It is very likely that the person using the 1967 password chose it for a reason. The second most popular PIN is 1111, and 6% of people prefer such a code. In third place is 0000 (2%).
Suppose that someone who knows this information has a bank card in their hands. Three attempts before blocking the card. Simple math allows you to calculate that this person has a 19% chance of guessing the PIN if he consistently enters 1234, 1111 and 0000.
Probably, for this reason, the vast majority of banks set the PIN codes for the issued plastic cards themselves.
However, many protect smartphones with a PIN code, and there is such a popularity rating: 1234, 1111, 0000, 1212, 7777, 1004, 2000, 4444, 2222, 6969, 9999, 3333, 5555, 6666, 1313, 8888, 4321, 2001, 1010.
Often, a PIN represents a year (year of birth or historical date).
Many people like to make PINs in the form of repeating pairs of numbers (and pairs are especially popular, where the first and second digits differ by one).
The digital keyboards of mobile devices bring to the top combinations like 2580 - to dial it, just make a direct pass from top to bottom in the center.
In Korea, the number 1004 is consonant with the word angel, which makes this combination quite popular there.
The basis of the password is any nursery rhyme or reading room. It is desirable that it was found only in your area and was not well known. And better than your own composition! Although any children's rhyme is suitable, the main thing is that the lines tightly sit down from a young age in your head.
The password will consist of the first letters of each word. Moreover, the letter will be written in upper case, if it is the first in the sentence. Replace some letters with similar spelling numbers (for example, “h” to “4”, “o” to “0”, “z” to “3”). If you don’t want to get too confused with replacing letters with numbers, look for a reader that already contains numbers. Do not forget about punctuation marks separating words and sentences - they will come in handy.
And she ran after the hare.
Who does not believe - come out!
Replace the letters "h", "h" and "o" with similar numbers. The second, third and fourth lines begin with capital letters, and therefore are written in upper case. We include four punctuation marks. Of course, we write in Russian letters, but in the English keyboard layout.
17 character password is ready! It may not be perfect, as it contains repeating characters, consecutive lowercase letters and numbers. But to call it simple certainly the language will not turn.
The scheme is similar to children's counters. Only as a basis do you take the phrases of thinkers, celebrities, or movie heroes that you like and remember very much. You can complicate your life a little by replacing the letter "h" not with "4", but with "5", for example. There are never too many confusing maneuvers!
There is a huge family:
River, field and forest,
In the field - every spikelet ...
Replace the letter "h" with "8", do not forget about the upper case and punctuation marks.
Jargon and terminology
This implies the use of professional jargon, understandable to an extremely narrow number of people. These words are much farther from the average person than criminal sayings, widely covered on television and the streets of any city.
For example, you can use a hospital statement or a catchy medical definition.
Cyclopentaneperhydrophenanthrene is a 28-letter term. It turns out a bit long, therefore I propose to throw out the vowels and dilute the remaining consonants in upper case.
Of course, your birthday or the day you started your family life is not the best basis for a password. An event should be of exceptional importance, and only you should know about it. For example, it may be the day when you first ate chewing gum, ran away from a lesson or broke a heel. Since the basis of the password will be numbers, it is not superfluous to mix them with letters.
Replace the dots separating the day, month and year with any letter, for example, a small English “l”, which is very similar to the fairly often used separator “/”. Between the dates we put the underscore symbol “_”. We replace zeros with the letters “o”.
Use the unlock technology of the smartphone on your keyboard as well. Invent any shape and “swipe” your finger along its contours.
Do not forget to go through the numbers, change the horizontal and vertical direction of movement. And, unlike me, show imagination!