Password is the only thing that truly protects all our important data from hacking. There are many ways to hack user accounts and gain access to confidential, personal, business, financial information. This is especially true for business owners who are concerned about the security of their data. It is often enough for attackers to break into the mail of one employee to gain access to important business information of an entire company. That is why it is so important to educate employees about online security, in particular, explain what passwords are and how to create a password correctly. And this is no less important for individual users who use the Internet to communicate and make payment transactions by entering their bank card data.
How to create a password and why are light passwords ineffective?
Most users do not wonder how to come up with a password. If you have a light password, be sure that sooner or later you will be hacked. What is a light password and why is it so susceptible to hacking? As a rule, this is a combination of a word and a number. Most often, users choose their last name and date of birth as a password. For example, Ivanov1976. If they plan to hack you, most likely, this combination will be entered first. Any dictionary words also turn out to be ineffective, since dictionary search of passwords is another common attacker's technique. Within a few hours, the password will be cracked.
What password to come up with? First, it's long. If your password contains less than eight characters (Latin and numbers), this means that the number of possible combinations of them is 78,364,164,096 and by brute force combinations (using a special program) such a password will be cracked in a maximum of 9 days (if the brute force rate is 100,000 passwords per second). Add one more character and it will take an attacker 11 months to do it. Therefore, strong passwords contain more than 8 characters that combine upper and lower case letters, numbers, and special characters.
Today, almost everyone is aware of the need to have complex passwords for each of their accounts, but most still continue to neglect the elementary principles of security on the Web. Even the most complex password can be stolen if you lose your vigilance and enter your data on phishing sites (in other words, fake sites), save passwords in the browser (may be stolen by a trojan) or download programs of dubious origin (this could be a keylogger that will steal all user-entered data). Simply put, anyone can become a victim of Internet scammers. However, being aware means being armed. If you are careful and careful, and also know how to come up with a complex password, you can protect yourself from intruders.
How to create a complex password?
So, we have already found out that complex passwords contain more than 8 characters. It must be uppercase and lowercase letters (that is, small and large), numbers, and special characters.
To answer the question of how to create a password, the easiest way is to offer to use the online generator that you will find on our website. It will create for you several variants of combinations of Latin letters, numbers and symbols. The program creates passwords in absolutely random order, and you can be sure that your password will be unique. But if you want to further uniqueize it, you can replace any of the characters with whatever you like. Of course, remembering such combinations is quite difficult, and most often the only option is to write down such a password in a notepad that will be available only to you.
Strong and complex passwords: creating
However, you can come up with a complex password that is easy to remember on your own. There are several standard scenarios for this.
1. Choose two words in Russian - let it be a noun and a verb. For example, " curtain" and " embroider”, Add to this the year of birth of your favorite writer, artist, musician. Let it be 1924
. Add any other character - for example, %. Now let's write it all together Curtain19%Embroider24” (in any order). And finally, we write it down in Latin. It turns out Uahlbyf19%Dsibdfnm24. It will take forever for an attacker to guess such a password using brute force.
2. The second way how to make a complex password is take a line from a poem or tongue twister. Take two letters from each word and write in Latin, using uppercase for each first letter. This is another difficult password.
3. Choose any compound word that is rarely used in speech. The more letters the better. Write it down in Latin, add a significant date (it will be better remembered if this word is somehow connected with this date), and break the word into two parts by this date.
There can be an infinite number of such scenarios, and perhaps with a little thought you can come up with your own. If you still don't know what password you can come up with, use ours. The main thing - do not forget that you cannot tell your passwords to anyone, do not store them in the browser, in notepads on the computer.
Need to work right away several companies, which means you need to register in each and use a strong password. For social networks, for example, good protection also does not hurt ... In general, the topic is more than relevant, so today we'll talk about what the password will be rather complicated for hackers how to remember it, as well as how to store many complex passwords convenient and secure.
How hackers crack passwords
I immediately remember the series “Sherlock” (season 4 in January hooray), where our brilliant detective in just a few attempts was able to unravel a very non-trivial password on Irene Adler’s phone:
If she chose any random combination of four letters and numbers, even Sherlock Holmes would hardly have succeeded. In general, filmmakers love to insert such scenes (remember any other movie with guessing the password), but the most interesting thing is that this really works in real life. This hacking method is called logical guessing- and is based on known information about the user.
If the attacker knows first name, last name and date of birth- in a few minutes he can go through possible combinations and crack a password that uses this information. Well, surely you use at least one of these? :)
By the way, do you know what passwords are found most often? On the net, I found this sign with examples of the most popular passwords:
As you can see, these are mostly simple combinations of numbers and letters. The frequency is not specified here, but it is acceptable if at least 1% of users use a primitive password 123456 — how many accounts can a hacker hack on a large service? And if you drive away all known popular passwords? That's it…
By the way, there are special password dictionaries that can be downloaded from the Internet. Fortunately, popular sites have long required users to at least minimally complicate the input data - use uppercase and lowercase letters, at least a couple of numbers and check that the password is not in the same dictionaries.
However, this may not be enough if the hacker has more resources and special programs. So-called brute force method allows you to guess passwords by simply enumerating all possible combinations, the modern capabilities of computers completely allow this.
The more different characters used (uppercase and lowercase letters, numbers, dots/dashes/commas, etc.) and the longer the password, the more time it will take the computer to check all possible options. How much? Suppose the password uses only lowercase English letters and numbers, then the situation is as follows:
As you can see, a password of less than 7 characters can be easily cracked in one day, and a 7-character password breaks in a week, if the hacker is lucky, even faster. In general, the complexity of passwords for the brute force method looks something like this, I think the conclusions are obvious.
However, even if you create a good, complex password, there are bypass ways to hack it. For example, a letter arrives in the mail with a phrase like “to withdraw money, send your password for verification”, of course, do this in no case should! Administration of any website or service never will not ask for your password, they already have it in the database.
Another way to get the password is to somehow "peep" it. As a child, when I went to a computer club, this was a real problem - there are a lot of people around and it was not easy to enter the password for your game account without anyone peeping into it. Cases of theft of game currency and little things happened :)
Attackers can also plant on your computer Trojan, which records what you type on the keyboard. To protect against such an attack, of course, you need to use antivirus.
Well, now you know the easiest ways to hack your data. How to protect yourself from them and create a complex and strong password?
How to create and remember a strong password
As we have already found out, the length of the password must be at least 8 characters, and it is very desirable that it uses different types of characters:
- lower case - a,b,c…;
- capital letters - A, B, C…;
- numbers - 0,1,2…;
- punctuation marks - comma, dash, question mark, etc.;
- Special symbols - @, #, $, %, etc.
You can check the password complexity, for example, on the Kaspersky Lab website, it looks pretty perky:
It is not necessary to create a password manually, there are a lot of sites where you can do this, just enter the query "password generator" in the search engine - you will be given a large list. Of course, the question arises - does a particular site record the entered passwords? Even so, you still need to know the login, and it is not known where you will use the resulting combination.
To still calm your paranoia, you can generate a password on the site, and then change a few characters in it - the complexity will not change, and the risk of hacking by brute force will still be very low.
There is only one problem with generated passwords - remembering at least one is quite difficult, but ideally Each site needs a unique. One of the best ways to make it easier for yourself is to use words in your native language in an English layout, diluting them with numbers and signs.
Here is an example of an easy-to-remember, but very high-quality password. Let's take the Russian noun "iron" and the logically unrelated verb "turns green". As figures, for example, there will be the year of birth of the famous writer - Leo Tolstoy, 1828. Well, season with an exclamation mark!
Mix a little - and get this password - en.u18!ptktyttn28. I wrote down Russian words using the English layout, divided the year of birth into 2 parts and substituted at the end of each word, and an exclamation point in the middle. It seems to be nothing complicated, but the password is very high quality:
You can think of other similar ways to create a password - all of them will give excellent results. However, this still does not help to follow the rule 1 site - 1 password, it is difficult to remember more than five combinations and not start using them several times. It turns out that you need a place to store important data.
Password storage software
Separately, I want to say that writing down on a piece of paper and sticking it to the monitor is a so-so idea :)
You can, for example, write down passwords in a notebook, but this is not very convenient - each time you need to enter the password manually and even carry it everywhere with you. And anyone who sees you looking into a notebook and typing something on the computer will quickly understand what's what and may try to steal it.
Still, it is more practical, in my opinion, to use a specialized program for storing passwords. First, they can be stored right in the browser- after the first introduction, you are asked whether you need to save or not:
This is quite convenient, and getting access to the storage is not so easy - the main thing is to update the browser in time, vulnerabilities are constantly eliminated. Of course, there are also disadvantages - if someone else uses the computer, he can easily use the saved passwords.
It is quite possible to store in the browser not very important data - from some accounts on the forums or free services, hacking which will not cause you much harm.
More valuable data should be stored at least with additional security measures. For browsers there is a special extension LastPass, which does roughly the same thing as the browser itself, but better. The vault itself can be locked with a password, you will need to come up with just one using the “green iron” method and remember it.
The disadvantage of LastPass is that your passwords are still on third-party servers, and if they are hacked (and the stories of major corporations being hacked say that no one is safe), the data will leak to attackers.
I got a more inspiring experience working with a common Windows password storage program - KeePass. It is free and based on open source, which means that many programmers checked it and did not find hidden moves that allow stealing data.
It is English-speaking, perhaps this is the only negative that I have found so far. The meaning is this - all passwords are in the database, which is protected by a separate password and key file:
The Master Password should be very complex, but since there is only one, it is easier to remember. The password database looks like this:
I now have several groups of passwords - Mail, Forex, Social Networks, etc., each of them stores different entries. In principle, everything is arranged quite simply, especially if you know English.
Perhaps you would like detailed instructions on how to use KeePass. Let's do it this way - if at least 5 different people in the comments ask to write an article or ask something about a password storage program, I will assume that the audience is interested and will do it next week :)
And that's all! That's what you found out the basics of creating and storing strong passwords. Let's check how things are with Webinvest readers :) We need a site that everyone would use ... I think social networks will do. So, I ask you to use the voting to tell us how complex the password you use for your favorite social network is:
I hope that after my article the situation will move for the better. Especially if you help spread the article to your friends and colleagues:
Friends, in general, how do you treat passwords responsibly? Or do you think that you should not bother too much, the troubles are not worth it and you can get by with quite simple ones? Leave your opinions in the comments.
See you in new articles by Webinvest! Winter is coming... please don't get sick.
(add me to friends
Today, each user has to work with many services in . For your profile on social networks, on entertainment and professional sites, to an electronic mailbox, to access a bank account, you need to come up with one that will be difficult to hack even for an experienced hacker, because personal is often fraught with material losses.
What password is considered weak?
When registering for the next one, you need to remember several criteria that must be taken into account. Passwords for different services must be different!
You can't come up with simple passwords. Examples of such passwords are 123, 12345, 321, 654321, 123456789, qwerty, password, (your date of birth), (your first name / last name / middle name), (name of your favorite cat) and the like.
The password must not be short. It is advisable to come up with a password at least 8-10 characters long.
Two very easy ways to come up with a strong password
First way. In a text editor, type letters (uppercase and lowercase), numbers, and special characters (such as &, %, ), >, etc.) in any order.
The second way. Remember a long Russian word and write it down in the English layout (for example, long-necked - lkbyyjittt), then replace some letters with capital letters, and insert a few numbers and special characters between them. It should be something like - [email protected]+ttT.
Useful advice: such a password is difficult to remember, so write it down on a piece of paper and hide it in a safe place. Don't keep the list of passwords only on your computer or smartphone, because you will lose access to services if your gadgets break.
Every day, hackers break into tens of thousands of accounts from a variety of services, including blogs, online stores, social networks and cloud storage. The main method of hacking, as always, is brute force (automatic selection of passwords).
It is quite easy to protect yourself from hacking - just use a complex password. It would seem that this is a very simple task. But it is often complicated by the fact that complex passwords are difficult to remember. We will try to give some tips on how to come up with a complex, but easy to remember, password.
How to come up with a strong and complex password?
First, you need to create unique passwords for each account. This is necessary for one simple reason. For example, you have a website that contains addresses to your profiles in social networks. It would be a gross mistake to use the same password for them. Thus, an attacker can take possession of all accounts at once.
In addition, it is not recommended to take passwords from dictionaries. The thing is that today the Web is full of special programs that automatically substitute passwords from dictionaries one by one in order to gain access to the desired page of a site or profile on social networks. Also, do not use your date of birth in the password, because it is easy to find it in the same In contact with or Odnoklassniki.
Secondly, it is necessary to use letters of different case (both uppercase and lowercase), as well as numbers and special characters (for example, #, ?, - etc.)
Next, you need to come up with a long password - this is the main rule for its reliability. According to the advice of security experts, a long and strong password should not be meaningless. You should use an expression that is understandable to you and well-remembered with slight modifications that complicate its enumeration. For example, “2BeORnotTobe”. Agree that remembering a passphrase with its modifications is easier than a set of meaningless characters. The ideal option would be to come up with your own phrase for each account.
It should also be said about control questions for recovering a forgotten password. Here you should not use template questions, but come up with your own, which will be clear to you, but for third parties - complete nonsense.
One more example. May you like the phrase "Silence is golden". You can translate it into transliteration (for example, using the free online service https://translit.net/), highlighting the beginning of each word with a capital letter and adding a couple of numbers - “3Molchanie5Jeto7Zoloto”. There is nothing complicated here, but it will be quite difficult to pick up such a password.
Use two-factor authentication
Also, to protect your pages from hacking, use two-factor authentication whenever possible. It provides access to your personal account only after entering a password and an additional factor. Most often the latter is SMS- a message with a code. In this case, if the password from the service ends up in the hands of attackers, they will not be able to access it, since the code will only come to your phone.
Where to store your passwords?
Undoubtedly, finding a secure place to store passwords is quite difficult. A notebook can be lost, and a phone can be stolen. Therefore, all experts unanimously declare that the best option is the head.
If you still decide to use your computer as a password store, then in this case it is recommended to disguise the password file as an image. To do this, simply replace the file extension with jpg. Operating system Windows will change its icon, and by placing the file in a folder with other pictures, you will hide it securely. Of course, double-clicking such a file will not work, because, according to the extension, it will be picked up by your image viewer, which will immediately give an error message or show a blank screen. Open it by right-clicking and selecting To open with, and specify any text editor.
Also, the password file can be hidden inside another file. To do this, the first step is to pack the file into RAR-archive. Next comes any JPG-Place the picture along with the archive in any folder. After that, launch a command line window (emulator) ( Start -> Run -> cmd), go to the folder with the files and type the following command to merge files:
Copy /b image.jpg + archive.rar 12345.jpg
As a result, you will receive a file 12345.jpg, inside which your password file will be hidden. To view it, you need to use the program that was used to create the archive.
Useful online tools
There are many online services on the Web that help in the selection and verification of password strength.
For example, a tool https://1informer.com/generator-passwords-online/ will allow you to generate a strong password according to the specified parameters.
It can be seen that you can set the length of the password, as well as choose which additional characters will be used in the password (uppercase and lowercase letters, numbers, as well as the symbols #, ?, etc.)
In addition, you can also check the strength of the password. There is a special service for this. Kaspersky Labs – https://password.kaspersky.com/en/. For example, in a special form on the site, enter a simple password "admin". Here's what the system says about him:
I think no one was pleased when his icq, email, social network account (Vkontakte, Odnoklassniki, etc.) was hacked by attackers and used to spread spam. But this is not the worst, but what if a WebMoney account or a bank account is hacked?
But the main reason is not correctly compiling a password, the most common ones are the date of birth, “123456”, “password”, “55555” and so on, especially since most often one password is used for all registered accounts.
But how to remember a huge number of different passwords, and even with a high degree of complexity?
So I asked myself this question before and found a universal solution for compiling complex passwords.
As you know, a password with a high degree of complexity must meet the following requirements:
— consist of at least 10 characters;
- should not be associated with the user's personal information (date of birth, postal code, phone number, etc.)
Hmm, creating such a password is not an easy task. There are programs that can generate a complex password (7UJrBFv(RO , [email protected]"-FUQQ\` , HeCp;bK2n%)", but you will agree that it is almost impossible to remember such a password, and if there are several of them.
So, what is my system for compiling complex passwords? If you played Counter Strike online, you know that due to the lack of the ability to correspond with players in Russian (I don’t know how it is now, but in older versions for sure), users made Russian sentences from English characters. It looks something like this “let's stab the dude on the left?” - “gABAu' 3APE>I
For example: What do you want - 4TO~TE6E_HAgO Get out of here - 6PbICb-OT~COIgA Danger zone - OnACHA9I_3OHA As a result, each of these passwords meets the complexity requirements: there are numbers, there are large and small letters, there are special signs, more than 10 characters, and with all this, the meaning of the phrase is understandable for a Russian person. There remains only one task, to determine which characters you will replace with English. To help with this, I will give a table with Russian characters and their English counterparts. Between words, you can use signs such as "~" , "_" , "-" , "|" , ":" , ";" , "," , ".". Now you just have to choose your own character replacement style and there will be no problems in creating passwords!!!Russian
English
BUT
A-a-@
B
6
AT
B-8
G
r
D
g
E
E-e
Yo
E"-e"
AND
)I( — >I< — >K
W
3
And
U - u
Y
U"-u"
To
K-I< — I{
L
/\-/I-JI
M
M
H
H
O
O - 0 - ()
P
n
R
P-p
FROM
C - c
T
T-m
At
Y-y
F
0I0-OIO
X
x-x->< — }{
C
U, -u,
H
4
W
LLI-W
SCH
LLI, -W,
Kommersant
"b
S
bI
b
b
E
3
YU
IO - I0
I
9I