Sunday, 9 December 2012

Password management

Nowadays we use many kind of accounts for many uses : e-mail , social networks, Paypal, e-commerce... and for other uses as well.
Many people use simple and predictable passwords(ex: birthdays) for their accounts and on top of that it is common to use similar (if not the same password) for their accounts.

While it is convenient to have short easy to remember passwords, it is really a bad choice to secure your accounts.

Why is it a problem ?

Here are some common uses for e-mail accounts that have been compromised :

  • the attacker can use your e-mail account to send spam messages with malicious intent
  • using the account to perform social engineering attacks.
  • to glean information using the e-mails you get or send, using it for other attacks in the future.
So , why do we use weak passwords ?

First , with many accounts we have many usernames and passwords. People have trouble to memorize many long complex passwords, so they use passwords that are easy to remember and type.

How to create a password ?

Step 1:

A password should :

  • have more than 8 characters in length
  • not be a word found in a dictionary
  • have special characters
  • have Capital letters
  • have Lower case letters
  • have numbers
  • Change every 3 months at least
A password that do not have the attributes above is weak.

                                       Step 2:
To create passwords long enough yet memorable you can use a phrase or a song.

You replace some letters with special symbols, numbers , other letters etc...

 ex 1: Sun sea and sand --> 5uN_S3@_@nD_S@nd
 ex 2: Sun sea and sand --> $_n*$34*4Nd_$4nd

 create something that you can remember with ease.


Now we can create complex P@SsW0rDz there is another problem: where to store them ? 

Never do the following : write down the passwords in a file stored in the computer(usually in .txt,doc,xls files in an easy accessible location : on desktop or in my documents), in a text book on the desk or even on sticky notes pasted on the screen !!!

Here is where we can use a password manager , like keepass .
Why ?
  • The passwords are stored in an encrypted database
  • You only need to remember one password
  • You can manage easily your passwords
  • With the auto type feature you wont need to type usernames and passwords.
Some may argue and say : we can store our passwords in the browser as well right ?

NO don’t do that , there are tools that can recover your credentials from the browser and plus you won’t have mobility : with keepass you can install it in a usb stick with a copy of your password database to securely access your accounts.

There is no such thing as 100% security , but with right password management you made one step more to secure your privacy.

Note: I do not own the images used in this post !!!!

No comments:

Post a Comment