"Chipped chastity taps the strainer" - or a complex password, but easy to remember
Run a similar query on your user table (the password is stored in sha1 ):
If you have a large company with frequent mandatory change of account password, go through the departments, look at the monitors, (under) keyboards, tables. What will you see? Many can find stickers with passwords in the clear.
There are several options for how to deal with this:
I will discard option 1 and 3 and talk about generating complex passwords, but easy to remember.
')
The algorithm is simple and consists of only one action - generating a phrase to memorize. I chose the phrase of such a scheme: adjective - noun - verb - noun. For example: “a zealous surge nastrogaet neo-globalism” or “eminent wimps will calculate Moleskine”.
Next, you give the user a phrase and describe a couple of simple steps to create a password, for example:
Hurray, we got our way. Even if the user prints the phrase, it will be difficult to find the password, because you can think of a lot of actions:
And a lot of things you can think of. And everything is realized in a couple of hours, and the most basic thing is to find dictionaries (I parsed the Ozhegov dictionary).
SELECT password, count( * ) FROM sys_users WHERE password = SHA1( '12345678' ) GROUP BY password HAVING count( * ) >1
I currently have out of 476 users 13 with the password “12345678”.If you have a large company with frequent mandatory change of account password, go through the departments, look at the monitors, (under) keyboards, tables. What will you see? Many can find stickers with passwords in the clear.
What to do?
There are several options for how to deal with this:
- make a password check for complexity when changing / creating;
- generate passwords by yourself [and not let them change];
- leave everything as it is and not be nervous.
I will discard option 1 and 3 and talk about generating complex passwords, but easy to remember.
')
The algorithm is simple and consists of only one action - generating a phrase to memorize. I chose the phrase of such a scheme: adjective - noun - verb - noun. For example: “a zealous surge nastrogaet neo-globalism” or “eminent wimps will calculate Moleskine”.
Next, you give the user a phrase and describe a couple of simple steps to create a password, for example:
- enter the first three letters of each word on the English layout;
- enter the first three letters of each word on the English layout, between words put your favorite number;
Hurray, we got our way. Even if the user prints the phrase, it will be difficult to find the password, because you can think of a lot of actions:
- for odd words, enter uppercase letters;
- between words except numbers, insert specials. characters;
- alternate between lowercase and uppercase letters;
- from the first word take the first letter, from the second two the first, from the third three the first, from the fourth four the first.
And a lot of things you can think of. And everything is realized in a couple of hours, and the most basic thing is to find dictionaries (I parsed the Ozhegov dictionary).
Source: https://habr.com/ru/post/124335/
All Articles