home Browsers What complex password can be put on the phone. How can you come up with a strong password? Password Cracking Methods

What complex password can be put on the phone. How can you come up with a strong password? Password Cracking Methods

Password is the only thing that truly protects all our important data from hacking. There are many ways to hack user accounts and gain access to confidential, personal, business, financial information. This is especially true for business owners who are concerned about the security of their data. It is often enough for attackers to break into the mail of one employee to gain access to important business information of an entire company. That is why it is so important to educate employees about online security, in particular, explain what passwords are and how to create a password correctly. And this is no less important for individual users who use the Internet to communicate and make payment transactions by entering their bank card data.

How to create a password and why are light passwords ineffective?

Most users do not wonder how to come up with a password. If you have easy password, rest assured, sooner or later you will be hacked. What is a light password and why is it so susceptible to hacking? As a rule, this is a combination of a word and a number. Most often, users choose their last name and date of birth as a password. For example, Ivanov1976. If they plan to hack you, most likely, this combination will be entered first. Any dictionary words also turn out to be ineffective, since dictionary search of passwords is another common attacker's technique. Within a few hours, the password will be cracked.

What password to come up with? First, it's long. If your password contains less than eight characters (Latin and numbers), this means that the number of possible combinations of them is 78,364,164,096 and by brute force combinations (using a special program) such a password will be cracked in a maximum of 9 days (if the brute force rate is 100,000 passwords per second). Add one more character and it will take an attacker 11 months to do it. Therefore, strong passwords contain more than 8 characters that combine upper and lower case letters, numbers, and special characters.

Today, almost everyone is aware of the need to have complex passwords for each of their accounts, but most still continue to neglect the elementary principles of security on the Web. Even the most complex password can be stolen if you lose your vigilance and enter your data on phishing sites (in other words, fake sites), save passwords in the browser (may be stolen by a trojan), or download programs of dubious origin (this could be a keylogger that will steal all user-entered data). Simply put, anyone can become a victim of Internet scammers. However, being aware means being armed. If you are careful and careful, and also know how to come up with a complex password, you can protect yourself from intruders.

How to create a complex password?

So, we have already found out that complex passwords contain more than 8 characters. It must be uppercase and lowercase letters (that is, small and large), numbers, and special characters.

To answer the question of how to create a password, the easiest way is to offer to use the online generator that you will find on our website. It will create for you several variants of combinations of Latin letters, numbers and symbols. The program creates passwords in absolutely random order, and you can be sure that your password will be unique. But if you want to further uniqueize it, you can replace any of the characters with whatever you like. Of course, remembering such combinations is quite difficult, and most often the only option is to write down such a password in a notepad that will be available only to you.

Strong and complex passwords: creating

However, you can come up with a complex password that is easy to remember on your own. There are several standard scenarios for this.

1. Choose two words in Russian - let it be a noun and a verb. For example, " curtain" and " embroider”, Add to this the year of birth of your favorite writer, artist, musician. Let it be 1924 . Add any other character - for example, %. Now let's write it all together Curtain19%Embroider24” (in any order). And finally, we write it down in Latin. It turns out Uahlbyf19%Dsibdfnm24. It will take forever for an attacker to guess such a password using brute force.
2. The second way how to make a complex password is take a line from a poem or tongue twister. Take two letters from each word and write in Latin using uppercase for every first letter. This is another difficult password.
3. Choose any compound word that is rarely used in speech. How more letters, all the better. Write it down in Latin, add a significant date (it will be better remembered if this word is somehow connected with this date), and break the word into two parts by this date.

There can be an infinite number of such scenarios, and perhaps with a little thought you can come up with your own. If you still don't know what password you can come up with, use ours. The main thing - do not forget that you cannot tell your passwords to anyone, do not store them in the browser, in notepads on the computer.

Welcome to the blog site! For a long time I wanted to write an article about what the password for an account should be so that it would be very difficult to crack it. This article will show you how to create a complex password. Techniques will be considered that will help not only make the password secure, but also not difficult for you to remember.

Now we can no longer imagine our life without the Internet. Almost every site requires registration. The most popular resources are social networks. Every day, millions of users are authorized in their accounts. We run the risk of making a lot of mistakes - sending important data in messages. Well, when there is a complex password for VK or another popular social network, this helps to protect yourself from intruders.

Several methods for complicating a password

What should be the password? This question is asked by hundreds of Internet users. There are the following types of passwords:

alphabetic;
character;
digital;
combined (combination previous options);
register usage.

The first three types do not inspire confidence. These are too easy ways to create a password. Due to inexperience, we make mistakes and set them. Okay, this will be a "password" for an account on a forum or some other similar place. And, if this is the entrance to the bank's office, all your money will be lost. The only thing that saves is that the security service of such sites has developed a system for rejecting light passwords.

Letters, numbers and symbols

A combination of letters, symbols, and numbers is the most secure type of password. You have to seriously break your head to guess it.

Experienced "users" advise beginners to use this particular combination. Also, don't make it too short. A long combination will keep your data and correspondence safe from third parties.

The main thing is not to use banal phrases below:

"123";
"123456";
"321";
"qwerty";
"asdfg".

These and other similar character sets from the keyboard guarantee hacking. Not only you, they come to mind first, but hundreds of people. They will be calculated not even by a special program, but usually by an ill-wisher.

How to choose a password for mail or another type of authorization? This issue is worth tackling on your own. A few more options for complicating the password will come to the rescue.

Register

Before you enter your username and password, you should pay attention to the case-sensitive nature of some forms. A combination of uppercase and lowercase letters will make the password stronger.

When composing a secret word, think about its variety. Alternate uppercase and lowercase letters one or more at a time. This method will seriously upset the network villains.

The most annoying thing is if you yourself forget the order. By recommendation experienced users it is worth making the first character capital, the second - lowercase, and then alternate one at a time. This advice is better to take note, so as not to rack your brains later.

You can do without the introduction of register features in the "password", but this is still another method to increase the complexity of the password.

Changelings

The date of birth that any user will remember is the most banal and easiest way. If played correctly, it can turn out to be a good option. Using the "changeling", many have managed to create a winning password that is unlikely to be cracked.

The method is based on writing characters in reverse order. Choose any date, for example, when you were born and type the text in reverse. If you have the phrase “081978” in mind, then turning it over, we get “879180”. It is quite easy to remember how such a password is written.

Consider other more complex ideas. Let's assume that the basis of the password is your first and last name. We type, already knowing the technique using the register - "PeTrPeTrOv". Now we apply the tactics of "shifters". We apply the date, for example, when the user was born - February 21, 1982. Plus, let's add symbols. At the end, we get the following password example - "PeTrPeTrOv! 28912012". The result turned out to be stunning, because for the “user” it is simple and easy, but not for intruders.

Check password strength and security with online services:

https://password.kaspersky.com/en/
https://howsecureismypassword.net/

Encryption

What should be the password anyway? Let's find out another great way. We will consider the principle of encryption. In fact, all the methods discussed earlier have something in common with this. Here we will show what passwords are by encrypting phrases.

We take the most meaningless and unique phrase that is easily stored in memory. Let there be "space cockroaches". You can use any lines from songs and poems, preferably not very famous ones.

Then we apply the cipher to our phrase. Let's take a look at some of the best ways:

rewriting a Russian word in an English layout;
"changeling";
replacing letters with characters that are outwardly similar (for example, “o” - “()”, “i” - “!”, “a” - “@”);
removal of paired or unpaired characters;
throwing out consonants or vowels;
addition of special characters and numbers.

So, let's think of a few words with meaning - "space cockroaches." We take 4 letters from each, we get "kosmtar". Switch to English language and retype - "rjcvnfhf". We complicate, starting the cipher with capital letter and adding characters.

Here is what the password should be, using the example of the originally conceived phrase - “ [email protected]».

A reliable combination with a large number of symbols has been invented. Password strength is checked using special services, for example, passwodmetr.com. The combination, as we managed not just to guess the scammers, so the user's personal data is not involved. But for the “user” such a “password” is a godsend, since remembering such strong password won't be difficult.

Generator

For those who do not want to spend too much time thinking, developers have long invented complex password generators. This method provides some degree of reliability. The best are still considered "passwords", invented by your mind.

What is a generator and how to use it? This is a smart program that displays random passwords - completely random combinations. He uses many of the methods discussed, but does not take into account the "shifters".

A complex password generator is downloaded from the web. For example, let's take "keepass". Like any other generator, it is not difficult to work. The application and the generation itself are launched by pressing a special button. After the operation, the PC issues a password option. It remains the case for small things - to enter the resulting combination in an unchanged form or with additions.

Difficult passwords invented by an iron friend are very difficult to remember. Few people keep them in their minds, more often they have to be written down. There are usually a lot of passwords, because we don’t sit on one site and constantly register again and again on other resources. Therefore, storing a bunch of such information is not convenient for everyone. You can completely lose all papers with records.

There is one way out with storage - to print them in a computer file. This is one of the safest cases. One has only to remember that the PC system is not eternal and also becomes unusable.

All ways to create complex passwords have already been discussed above and you can create a password for Email, which will reliably protect your data from third parties.

Here are some useful tips for creating passwords:

do not mention personal information about the user (names of relatives, pet names, phone numbers, addresses, dates of birth, etc.);
Cyrillic alphabet cannot be used in the password;
do not use phrases that are easily calculated using a dictionary of popular passwords (hawk, love, alfa, samsung, cat, mercedes and other similar ones, as well as their other derivatives and combinations);
take into account the length of characters - preferably at least 10;
complicate the password with a combination of various methods - uppercase and lowercase letters, numbers, symbols;
do not use the most common passwords - templates, think in an original way (a robot that calculates your password cannot be as smart as a person).

Most attackers don't bother with sophisticated methods to steal passwords. They take easily guessed combinations. About 1% of all existing this moment passwords can be guessed from four attempts.

How is this possible? Very simple. You are trying the four most common combinations in the world: password, 123456, 12345678, qwerty. After such a passage, on average, 1% of all "caskets" are opened.

Let's say you fall into those 99% of users whose password is not so simple. Even in this case, it is necessary to reckon with the performance of modern software for hacking.

John the Ripper is a free and open source program that checks millions of passwords per second. Individual samples of specialized commercial software claim a capacity of 2.8 billion passwords per second.

Initially, cracking programs run through a list of the statistically most common combinations, and then access the full dictionary. User trends in password choices may change slightly over time, and these changes are taken into account when updating such lists.

Over time, all sorts of web services and applications decided to forcefully complicate the passwords created by users. Requirements have been added according to which the password must have a certain minimum length, contain numbers, upper case and special characters. Some services took this so seriously that it takes a really long and tedious time to come up with a password that the system would accept.

The key problem is that almost any user does not generate a truly brute-force password, but only tries to meet the minimum requirements of the system for the composition of the password.

The result is passwords in the style of password1, password123, Password, PaSsWoRd, password! and incredibly unpredictable [email protected]

Imagine that you need to change the spiderman password. With a high probability, it will take the form of $pider_Man1. Original? Thousands of people will change it according to the same or very similar algorithm.

If the burglar knows these minimum requirements, the situation is only getting worse. It is for this reason that the imposed requirement to complicate passwords does not always provide the best, and often creates a false sense of increased security.

The easier the password is to remember, the more likely it is to get into the dictionaries of cracking programs. As a result, it turns out that a really strong password is simply impossible to remember, which means that it needs to be somewhere.

According to experts, even in this digital age, people can still rely on a piece of paper with passwords written on it. It is convenient to keep such a sheet in a place hidden from prying eyes, for example, in a purse or wallet.

However, the password sheet does not solve the problem. Long passwords are hard not only to remember, but also to type. The situation is aggravated virtual keyboards mobile devices.

Interacting with dozens of services and sites, many users leave behind a string of identical passwords. They try to use the same password for every site, completely ignoring the risks.

In this case, some sites act as a babysitter, forcing you to complicate the combination. As a result, the user simply cannot, in what way he had to modify his standard single password for this site.

The scale of the problem was fully realized in 2009. Then, due to a security hole, a hacker managed to steal the login and password database of RockYou.com, a company that publishes games on Facebook. The attacker placed the base in open access. In total, it contained 32.5 million records with usernames and passwords for accounts. Leaks have happened before, but the scale of this particular event showed the whole picture.

The most popular password on RockYou.com was 123456. Almost 291,000 people used it. Men under 30 preferred sexual themes and vulgarity more often. Older people of both sexes often turned to one or another area of culture when choosing a password. For example, Epsilon793 doesn't seem like such a bad option, only this combination was in Star Trek. The seven digit 8675309 came up a lot because that number was on one of the Tommy Tutone songs.

In fact, creating a strong password is a simple task, it is enough to make a combination of random characters.

You can't create a perfectly random combination in the mathematical sense in your head, but you don't have to. Exist special services that generate truly random combinations. For example, random.org can create passwords like this:

mvAWzbvf;
83cpzBgA;
tn6kDB4T;
2T9UPPd4;
BLJbsf6r.

This is a simple and elegant solution, especially for those who use password storage.

Unfortunately, most users continue to use simple weak passwords, even ignoring the rule " different passwords for each site. For them, convenience is more important than safety.

Situations in which a password can be compromised can be divided into 3 broad categories:

Random, in which a person you know is trying to find out the password, based on information known to him about you. Often, such a cracker just wants to play a joke, find out something about you, or play a dirty trick.
Mass attacks when absolutely any user of certain services can become a victim. In this case, specialized software is used. The least secure sites are selected for the attack, allowing multiple password options to be entered in a short period of time.
Targeted, combining the receipt of suggestive hints (as in the first case) and the use of specialized software (as in a mass attack). This is about trying to get really valuable information. Only a sufficiently long random password will help protect you, the selection of which will take time comparable to the duration of your password.

As you can see, absolutely anyone can become a victim. Statements like “my password will not be stolen because no one needs me” are not relevant, because you can get into a similar situation quite by accident, by coincidence, for no apparent reason.

Protecting passwords should be taken even more seriously by those who have valuable information, are connected with a business, or are in conflict with someone on financial grounds (for example, the division of property in the process of divorce, business competition).

In 2009, Twitter (in the sense of the whole service) was hacked just because the administrator used the word happiness as a password. A hacker picked it up and placed it on the Digital Gangster site, leading to the hijacking of Obama, Britney Spears, Facebook, and Fox News accounts.

Acronyms

As in any other aspect of life, we always have to find a compromise between maximum security and maximum convenience. How to find the golden mean? What password generation strategy will allow you to create strong combinations that you can easily remember?

At the moment, the best combination of reliability and convenience is the conversion of a phrase or phrase into a password.

A set of words that you always remember is selected, and a combination of the first letters from each word acts as a password. For example, May the force be with you becomes Mtfbwy.

However, since the most famous ones will be used as the initial ones, programs will eventually get these acronyms into their lists. In fact, an acronym contains only letters, and therefore is objectively less reliable than a random combination of characters.

Get rid of the first problem will help right choice phrases. Why turn a world-famous expression into an acronym password? You probably remember some sayings that are relevant only among your close circle. Let's say you heard a very catchy phrase from a bartender at a local establishment. Use it.

And still, it is unlikely that the password-acronym generated by you will be unique. The problem with acronyms is that different phrases can consist of words that start with the same letters and are in the same sequence. Statistically, in various languages, there is an increased frequency of the appearance of certain letters as beginning words. Programs will take into account these factors, and the effectiveness of acronyms in the original version will decrease.

Reverse way

The output could be reverse way generation. You create a completely random password at random.org, and then turn its characters into a meaningful catchy phrase.

Often, services and sites give users temporary passwords, which are those perfectly random combinations. You'll want to change them because you won't be able to remember them, but if you take a closer look, it becomes obvious that you don't need to remember the password. For example, let's take another option from random.org - RPM8t4ka.

Although it seems meaningless, our brain is able to find some patterns and correspondences even in such chaos. To begin with, you can notice that the first three letters in it are uppercase, and the next three are lowercase. 8 is twice (in English twice - t) 4. Look a little at this password, and you will definitely find your own associations with the proposed set of letters and numbers.

If you can memorize nonsense word sets, then use that. Let the password turn into revolutions per minute 8 track 4 katty. Any conversion that your brain is better "sharpened" will do.

A random password is the gold standard in information technology. It is, by definition, better than any human-made password.

The disadvantage of acronyms is that over time, the spread of such a technique will reduce its effectiveness, and the reverse method will remain just as reliable, even if all the people of the earth use it for a thousand years.

A random password will not be included in the list of popular combinations, and an attacker using the mass attack method will pick up such a password only by brute force.

We take a simple random password that takes into account uppercase and numbers - these are 62 possible characters for each position. If we make the password only 8 digits, then we get 62 ^ 8 = 218 trillion options.

Even if the number of attempts within a certain time period is not limited, the most commercial specialized software with a capacity of 2.8 billion passwords per second will spend an average of 22 hours trying to guess the right combination. To be sure, we add only 1 additional character to such a password - and it will take many years to crack it.

A random password is not invulnerable, as it can be stolen. There are many options, ranging from reading input from the keyboard to a camera over your shoulder.

A hacker can hit the service itself and get data directly from its servers. In this scenario, nothing depends on the user.

One solid foundation

So, we got to the main point. What tactic using a random password to use in real life? From the point of view of balance and convenience, the “philosophy of one strong password” will show itself well.

The principle is that you use the same basis - a super-strong password (its variations) on the services and sites that are most important to you.

Memorize one long and complex combination within the power of everyone.

Nick Berry, Consultant information security, allows this principle to be applied, provided that the password is very well protected.

Malware must not be present on the computer from which you enter the password. It is not allowed to use the same password for less important and entertaining sites - they will be fine with more simple passwords, since hacking an account here will not entail any fatal consequences.

It is clear that a reliable basis needs to be somehow changed for each site. As simple option you can add one letter to the beginning, which ends the name of the site or service. If we go back to that random password RPM8t4ka, then for Facebook authorization it will turn into kRPM8t4ka.

An attacker, seeing such a password, will not be able to understand how the password for your account is generated. Problems will start if someone gets access to two or more of your passwords generated in this way.

Secret Question

Some hijackers ignore passwords altogether. They act on behalf of the account owner and mimic the situation when you forgot your password and want it for a secret question. In this scenario, he can change the password at will, and the true owner will lose access to his account.

In 2008, someone gained access to the email of Sarah Palin, the governor of Alaska, and at that time also a US presidential candidate. The burglar answered the secret question, which sounded like this: "Where did you meet your husband?".

After 4 years, Mitt Romney, who was also a US presidential candidate at the time, lost several of his accounts on various services. Someone answered the secret question about the name of Mitt Romney's pet.

You already guessed the point.

You cannot use public and easily guessed data as a secret question and answer.

The question is not even that this information can be carefully fished out on the Internet or from close associates of a person. Answers to questions like "animal name", "favorite hockey team" and so on are perfectly selected from the corresponding dictionaries of popular options.

As a temporary option, you can use the tactics of the absurdity of the answer. Simply put, the answer should have nothing to do with security question. Mother's Maiden Name? Dimedrol. Name of the pet? 1991.

However, such a technique, if it becomes widespread, will be taken into account in the relevant programs. Absurd answers are often stereotyped, that is, some phrases will occur much more often than others.

In fact, there is nothing wrong with using real answers, you just need to choose the right question. If the question is non-standard, and the answer to it is known only to you and cannot be guessed from three attempts, then everything is in order. The advantage of a truthful answer is that you will not forget it over time.

Personal Identification Number (PIN) is a cheap lock that is trusted with our . No one bothers to create a more reliable combination of at least these four numbers.

Now stop. Right now. Right now, without reading the next paragraph, try to guess the most popular PIN code. Ready?

Nick Berry estimates that 11% of the US population uses the combination 1234 as a PIN code (where it is possible to change it yourself).

Hackers do not pay attention to PIN codes because without the physical presence of the card, the code is useless (this can partly justify the small length of the code).

Berry took lists of passwords that appeared after leaks on the network, which are combinations of four numbers. With a high probability, the person using the password 1967 chose it for a reason. The second most popular PIN is 1111 and 6% of people prefer this code. In third place is 0000 (2%).

Suppose that a person who knows this information has someone in his hands. Three attempts until the card is blocked. With some simple math, this person has a 19% chance of guessing the PIN if they enter 1234, 1111, and 0000 in sequence.

Probably, for this reason, the vast majority of banks set PIN codes for issued plastic cards themselves.

However, many people protect smartphones with a PIN code, and the following popularity rating applies here: 2001, 1010.

Often the PIN represents a year (birth year or historical date).

Many people like to make PINs in the form of repeated pairs of digits (and pairs where the first and second digits differ by one are especially popular).

The numeric keypads of mobile devices bring combinations like 2580 to the top - to dial it, it is enough to make a direct pass from top to bottom in the center.

In Korea, the number 1004 is consonant with the word for "angel", which makes this combination quite popular there.

Outcome

Go to random.org and generate 5-10 candidate passwords there.
Choose a password that you can turn into a catchy phrase.
Use this phrase to remember your password.

Passwords are everywhere: in social networks, payment systems, on a computer and phone. Keeping so much information in mind is unrealistic, so many users take the path of least resistance - come up with one key that is easy to remember, and then enter it on all the sites where they register.

This approach to security can end badly. If the access code for VKontakte or Odnoklassniki can be lost without serious financial consequences, and therefore it is not necessary to make it complicated, then come up with a password for registration in payment system or creating an Apple ID, you need such that no one except the owner gets access to the data.

Password rules

Almost all sites have a list of password requirements when registering. However, these requirements are usually minimal: at least 8 characters, cannot consist only of numbers or letters, etc. To create a really complex password, there are a few more restrictions to keep in mind.

Username and password must not be the same.
It is not recommended to use any personal information, especially if it can be obtained from social networks or other sources.
Words are not recommended.

To understand the logic of these prohibitions, it is enough to look at how passwords are cracked. For example, a 5-digit key is only 100,000 combinations. The hacking program, by simply sorting through all the options, will find a suitable combination in 2 minutes, if not less. A rare word will not work for an access code. An attacker can parse different dictionaries into different languages and find a match. The only question is how long this will take - a few minutes or a couple of hours.

Advanced PDF Password Recovery program to crack passwords installed on PDF document. Uses brute force, allows you to fine-tune the selection by marking the characters used in the password.

A combination of a rare word and numbers will also not work. Bruteforce technology allows you to search for combinations of numbers and words, so that if necessary, such a key will fall. It will last, of course, a little longer than 123456789, but if you suffer losses due to hacking, then this time difference is unlikely to seem significant. To understand which password is strong and which is not, let's see concrete examples. Estimated hacking times are calculated using the password checking services described below.

Date of birth (05041992) - will be cracked in 3 milliseconds.
Name with a small or capital letter (Segey, sergey) - will last 300-500 milliseconds, that is, less than half a second.
Combinations of numbers and lowercase letters (1k2k3d4a9v) - approximately 1 day.
It will take about 6 years to crack a HDA5-MHJDa password.
The combination AhRn&Mkbl363NYp will be deciphered in 16 million years.

No cracker will work for 16 million years or even 6 years - this value only demonstrates that it is impossible to crack a password within a reasonable time.

Password generation

It's one thing to know the rules, it's another thing to follow them. Most users are aware that you cannot use an access code consisting of a date of birth or a name to register, but few people stop this. There are two problems:

It's hard to come up with a complex password.
Even if you create a password containing a random set of characters, it's hard (sometimes impossible) to remember it.

An online password generator will help you with the first problem. On the Internet you can find a large number of services offering to quickly create a complex password from letters, numbers, special characters.

work online generators according to one principle: you indicate which characters you need to use, select the required number of characters and click "Generate". Services differ only in private moments.

For example, on Pasw.ru, you can generate several dozen passwords at once (up to 99 combinations). PassGen allows you to set the option to automatically exclude repeated characters from the security key, that is, all characters in it will be in the singular.

Key storage

If you can generate a password online, then you need to store the keys on your computer. Writing a password on a piece of paper, in a separate document on a computer, on a sticker glued to the screen is the way to unauthorized access to data. So here comes the second problem: how to remember the created key.

You should not rely on memory, but you can rely on a password manager. Many users choose KeePass. This program is distributed free of charge and works on Windows 7, Windows 10 and other modern OS versions from Microsoft. In addition, KeePass has a built-in password generator so you don't have to search for online services every time.

The downside of a password manager is that it also requires an access code called a master password. But remembering one master password is much easier than keeping dozens of complex combinations in your mind. In addition, when creating it, you can use a trick - take poems, counting rhymes or any other memorable lines as a basis and turn them into a combination of letters, numbers and signs.

For example, you can take a quatrain, highlight the first letters and punctuation marks, and then write them in the Latin layout. Some letters can be replaced by numbers - “z” to “3”, “o” to “0”, “h” to “4”. As a result of such a manipulation, from four lines of a children's poem that will never fly out of your head, you get the password U0d?D3ep.Gzc3hek, which will take 3 trillion years to crack.

Difficulty check

On many sites, when registering, the user is shown whether he has a good password. You can make sure that the generated code is complex, and you won’t be able to crack it quickly, you can do it yourself using the ? In the "Enter Password" field, paste the generated password. In response, you will receive an approximate time that will be spent on cracking the key on a regular computer. If it is several million or at least thousands of years old, then the code turned out to be unequivocally reliable.

You can use other services to check the reliability: for example, from Kaspersky Lab. It also shows the time required to crack the password, at the same time telling what can be done in the specified period.

Another interesting way checks - the "Password Strength" service on the 2ip.ru website. Here the result is categorical: the key is either reliable or unreliable.

You need to understand that the hacking time shown by these services is very arbitrary and is calculated in case the hacker uses a regular computer. A supercomputer with fantastic performance will get the job done faster, just like special machines for cracking passwords that can test up to 90 billion keys per second. But it is unlikely that people who own such equipment will need your email, Skype or Wi-Fi password.

Need to work right away several companies, which means you need to register in each and use a strong password. For social networks, for example, good protection also does not hurt ... In general, the topic is more than relevant, so today we’ll talk about what the password will be rather complicated for hackers how to remember it, as well as how to store many complex passwords convenient and secure.

How hackers crack passwords

I immediately remember the series "Sherlock" (season 4 in January hooray), where our brilliant detective in just a few attempts was able to unravel a very non-trivial password on Irene Adler's phone:

If she chose any random combination of four letters and numbers, even Sherlock Holmes would hardly have succeeded. In general, filmmakers love to insert such scenes (remember any other movie with guessing the password), but the most interesting thing is that this really works in real life. This hacking method is called logical guessing- and is based on known information about the user.

If the attacker knows first name, last name and date of birth- in a few minutes he can go through possible combinations and crack a password that uses this information. Well, surely you use at least one of these? :)

By the way, do you know what passwords are found most often? On the net, I found this sign with examples of the most popular passwords:

As you can see, these are mostly simple combinations of numbers and letters. The frequency is not specified here, but it is acceptable if at least 1% of users use a primitive password 123456 — how many accounts can a hacker hack on a large service? And if you drive away all known popular passwords? That's it…

By the way, there are special password dictionaries that can be downloaded from the Internet. Fortunately, popular sites have long required users to at least minimally complicate the input data - use uppercase and lowercase letters, at least a couple of numbers and check that the password is not in the same dictionaries.

However, this may not be enough if the hacker has more resources and special programs. So-called brute force method allows you to guess passwords by simply enumerating all possible combinations, the modern capabilities of computers completely allow this.

The more used different characters(uppercase and lowercase letters, numbers, dots/dashes/commas, etc.) and the longer the password, the longer it will take the computer to check everything possible options. How much? Let's say the password uses only lowercase English letters and numbers, then the situation is as follows:

As you can see, a password of less than 7 characters can be easily cracked in one day, and a 7-character password breaks in a week, if the hacker is lucky, even faster. In general, the complexity of passwords for the brute force method looks something like this, I think the conclusions are obvious.

However, even if you create a good, complex password, there are bypass ways to hack it. For example, a letter arrives in the mail with a phrase like “to withdraw money, send your password for verification”, of course, do this in no case should! Administration of any website or service never will not ask for your password, they already have it in the database.

Another way to get the password is to somehow "peep" it. As a child, when I went to computer Club, it was a real problem - there are a lot of people around and entering the password for your game account so that no one spies on it was not easy. Cases of theft of game currency and little things happened :)

Attackers can also plant on your computer Trojan, which records what you type on the keyboard. To protect against such an attack, of course, you need to use antivirus.

Well, now you know the easiest ways to hack your data. How to protect yourself from them and create a complex and strong password?

How to create and remember a strong password

As we have already found out, the length of the password must be at least 8 characters, and it is very desirable that it use different types characters:

lower case - a,b,c…;
capital letters - A, B, C…;
numbers - 0,1,2…;
punctuation marks - comma, dash, question mark, etc.;
Special symbols - @, #, $, %, etc.

You can check the password complexity, for example, on the Kaspersky Lab website, it looks pretty perky:

It is not necessary to create a password manually, there are a lot of sites where you can do this, just enter in search engine query "password generator" - you will be given a large list. Of course, the question arises - does a particular site record the entered passwords? Even so, you still need to know the login, and it is not known where you will use the resulting combination.

To still calm your paranoia, you can generate a password on the site, and then change a few characters in it - the complexity will not change, and the risk of hacking by brute force will still be very low.

There is only one problem with generated passwords - remembering at least one is quite difficult, but ideally Each site needs a unique. One of better ways simplify your task - use words in your native language in the English layout, diluting them with numbers and signs.

Here is an example of an easy-to-remember, but very high-quality password. Let's take the Russian noun "iron" and the logically unrelated verb "turns green". As figures, for example, there will be the year of birth of the famous writer - Leo Tolstoy, 1828. Well, season with an exclamation mark!

Mix a little - and get this password - en.u18!ptktyttn28. I wrote down Russian words using the English layout, divided the year of birth into 2 parts and substituted at the end of each word, and in the middle Exclamation point. It seems to be nothing complicated, but the password is very high quality:

You can think of other similar ways to create a password - all of them will give excellent results. However, this still does not help to follow the rule 1 site - 1 password, it is difficult to remember more than five combinations and not start using them several times. It turns out that you need a place to store important data.

Password storage software

Separately, I want to say that writing down on a piece of paper and sticking it to the monitor is a so-so idea :)

You can, for example, write down passwords in a notebook, but this is not very convenient - each time you need to enter the password manually and even carry it everywhere with you. And anyone who sees you looking into a notebook and typing something on the computer will quickly understand what's what and may try to steal it.

Still, it is more practical, in my opinion, to use a specialized program for storing passwords. First, they can be stored right in the browser- after the first introduction, you are asked whether you need to save or not:

This is quite convenient, and getting access to the storage is not so easy - the main thing is to update the browser in time, vulnerabilities are constantly eliminated. Of course, there are also disadvantages - if someone else uses the computer, he can easily use the saved passwords.

In the browser, it is quite possible to store not very important data - from some accounts on the forums or free services, breaking which will not cause you much harm.

More valuable data should be stored at least with additional security measures. For browsers there is a special extension LastPass, which does roughly the same thing as the browser itself, but better. The vault itself can be locked with a password, you will need to come up with just one using the “green iron” method and remember it.

The disadvantage of LastPass is that your passwords are still on third-party servers, and if they are hacked (and the stories of major corporations being hacked say that no one is safe), the data will leak to attackers.

I got a more inspiring experience working with a common Windows password storage program - KeePass. It is free and based on open source, which means that many programmers checked it and did not find hidden moves that allow stealing data.

It is English-speaking, perhaps this is the only negative that I have found so far. The meaning is this - all passwords are in the database, which is protected by a separate password and key file:

The Master Password should be very complex, but since there is only one, it is easier to remember. The password database looks like this:

I now have several groups of passwords - Mail, Forex, Social Networks, etc., each of them stores different entries. In principle, everything is arranged quite simply, especially if you know English.

You would probably like to have detailed instructions on using KeePass. Let's do it this way - if at least 5 different people in the comments ask to write an article or ask something about a password storage program, I will assume that the audience is interested and will do it next week :)

And that's all! That's what you found out the basics of creating and storing strong passwords. Let's check how things are with Webinvest readers :) We need a site that everyone would use ... I think social networks fit. So, I ask you to use the voting to tell us how complex the password you use for your favorite social network is:

I hope that after my article the situation will move for the better. Especially if you help spread the article to your friends and colleagues:

Friends, in general, how do you treat passwords responsibly? Or do you think that you should not bother too much, the troubles are not worth it and you can get by with quite simple ones? Leave your opinions in the comments.

See you in new articles by Webinvest! Winter is coming... please don't get sick.

(add me to friends

Just about the complex. Programs. Iron. Internet. Windows