How to make a password safe and memorable
Passwords guard our data. And the degree of their reliability plays an important role. It is clear that a complex password and hack will not be easy. Here are just a lot of personal accounts and systems requiring authorization. And to remember dozens, if not hundreds of different combinations of characters is almost impossible.
How to make a password more secure and not forget it? There are several options…
Replacement ciphers are a class of encryption methods that exist almost as many as the alphabet. Its essence consists in replacing letters with other letters, numbers or symbols (reference to cryptography).
')
Without going into the features and subtleties of the cipher, you can choose the easiest encryption method - the one where each letter of the alphabet following it is replaced. For example, take the words "cat" and "dog". Encrypt: d for c in the alphabet is d ( c = d ), a is b ( a = b ), and t follows u ( t = u ). Ta is the same formula for the second word: d = e , o = p , g = h . As a result, we get two ciphers - dbu and eph .
Simple letter replacement code (after two)
The cipher of a simple replacement cannot be called very reliable. It is not difficult to crack at all if you compare several encrypted sentences or know the principles of use. But you can experiment and diversify the method. For example, set your own letter replacement order, add numbers, etc.
One of the encryption options described in Conan Doyle's The Dancing Men
You can use the favorite method of magicians and magicians - mnemonics. It helps to visualize an object with its full description, thereby simplifying memorization or identification. A similar principle is used in the famous saying about the colors of the rainbow: “Every (Red) hunter (Orange) wants (Yellow) to know (Green) where (Blue) pheasant (Blue) (Purple) sits.”
In a simplified form, everything looks like this: “a is pineapple, b is a banana, c is a cherry”. To build a password, use words that match the letters.
Memorizing the rainbow color sequence
For example, you need to create a password for the site bank.com. Let's take as a basis the code of the first two letters from the name of the web resource “b” and “a”. According to the construction of “b is for banana, a is for apple” we get “bananaapple” Add a hyphen and a password between them and acquire the required character. And if you combine all this with the simple replacement code, the password for bank.com will become truly reliable. Nsmsms = s [[; r .
Luis Corrons, technical director of network security company Panda Security, offers the following option:
Let's take a closer look at the example of all the same site bank.com. At the end, add the prefix "-bank" to the selected password. The result is a more complex structure that makes the password clear and complicated. We do the same thing with social media accounts "-twitter", "-facebook" and "-linkedin" or abbreviated variants like "-twit", "-face" and "-link".
There are companies that force their customers to change passwords every six months or a year. Here you can also find a solution. Just add the required year, quarter to the beginning or end of the password. Let's take as a basis the already familiar password “banana”, add to it the upcoming 2016 and the 1st quarter. It turns out banana-16-q1 . And if you make only one key movement on the keyboard, the password becomes much more complicated and will acquire the form nsmsms = 3-25 = j3 .
And now - our unique password, rather complicated, reliable, which can be memorized without any difficulty and regularly changed (by months or years).
In addition to encryption, it’s worth talking about the quality of the password itself. Its length is important. The full set includes 26 lowercase letters, 26 uppercase letters and 10 numbers. Also about 30 special characters can be used in the password. All this means that for each character added to the password, the number of possible options increases 90 times.
According to Vincent Burke, CEO of FlowTraq Network Security Firm:
Recently, security experts recommend increasing the length of the password altogether to twelve characters. According to them, 12 is a minimum. This theory was formed on the basis of a study that was conducted at the Institute of Technology (Georgia, USA). The researchers used a group of video cards to crack eight-digit passwords and came to the conclusion that it takes two to three hours. Graphic processors were used for hacking - system components designed to meet the needs of modern gamers.
Passwords of seven characters qualify as "hopelessly inappropriate." Data security researchers have concluded that it will take about 17,000 years to crack passwords of twelve characters with modern technology. True, technological development is so rapid that it is difficult to make accurate predictions.
Of course, it is not only the length that makes the password secure. It should not be easy to guess or predictable. For example, the LadyGaga password is good only for a devoted fan or for the singer herself. Dialing numbers 1234567890 will not work either - it’s too obvious that even a child can hack it by typing in a row all ten numbers on the keyboard. The combination of password1234 series will be unreliable, even if it consists of twelve characters.
It is worth inventing complex and not common passwords. It is better to avoid the words that can be found in the dictionaries of any language. Popular replacements of letters with numbers (0 instead of “o”, 4 instead of “a”) do not play a special role. It is not advisable to repeat the same password many times. Although this is exactly what users do, according to the November RSA survey, 69%. The results showed that consumers reuse the password they once invented (despite the fact that almost 50% of them were victims of attacks by hackers).
Most security experts agree that passwords should be easy to remember, but difficult to guess. Too complex and incomprehensible combinations of characters simply forgotten. And writing passwords on stickers, pieces of paper, in notebooks or somewhere else is not a good idea. At this point, it would be better to restrict ourselves with a hint that is understandable only to the owner, but not to someone else.
One of the parameters that makes the password more complicated is to use really rigid constructions. Hardly anyone can remember a set of twenty characters, like GdzIQaZyVaFgbh7dlu46. In fact, such passwords are quite “painful” to use at all. On the other hand, they really will be hard to crack. Such passwords are good for systems that require special security and are not used often.
As a password, you can use a phrase, pre-coding it. For example, in English, “I want to be at the beach” in the encoding might look like iw2b @ theBeach . A memorable password that will be quite difficult to break into. Under each system it is possible to choose a different ending. Some systems even allow you to use complete sentences as passwords. Such passwords will not be forgotten and will be fairly secure.
In order to improve the security of data known Dropbox data storage cloud was created a list of passwords that are prohibited to use. The list contains about 85,100 passwords.
And the University of South Wales conducted research, the results of which showed that:
4.7% of users use password password;
8.5% of users choose one of two options: password or 123456;
9.8% of users choose one of three options: password, 123456 or 12345678;
14% of users choose one of the 10 most popular passwords;
40% of users choose one of the 100 most popular passwords;
79% of users choose one of the 500 most popular passwords;
91% of users choose one of the 1,000 most popular passwords.
How to make a password more secure and not forget it? There are several options…
Simple replacement cipher
Replacement ciphers are a class of encryption methods that exist almost as many as the alphabet. Its essence consists in replacing letters with other letters, numbers or symbols (reference to cryptography).
')
Without going into the features and subtleties of the cipher, you can choose the easiest encryption method - the one where each letter of the alphabet following it is replaced. For example, take the words "cat" and "dog". Encrypt: d for c in the alphabet is d ( c = d ), a is b ( a = b ), and t follows u ( t = u ). Ta is the same formula for the second word: d = e , o = p , g = h . As a result, we get two ciphers - dbu and eph .
Simple letter replacement code (after two)
The cipher of a simple replacement cannot be called very reliable. It is not difficult to crack at all if you compare several encrypted sentences or know the principles of use. But you can experiment and diversify the method. For example, set your own letter replacement order, add numbers, etc.
One of the encryption options described in Conan Doyle's The Dancing Men
Mnemonic code
You can use the favorite method of magicians and magicians - mnemonics. It helps to visualize an object with its full description, thereby simplifying memorization or identification. A similar principle is used in the famous saying about the colors of the rainbow: “Every (Red) hunter (Orange) wants (Yellow) to know (Green) where (Blue) pheasant (Blue) (Purple) sits.”
In a simplified form, everything looks like this: “a is pineapple, b is a banana, c is a cherry”. To build a password, use words that match the letters.
Memorizing the rainbow color sequence
For example, you need to create a password for the site bank.com. Let's take as a basis the code of the first two letters from the name of the web resource “b” and “a”. According to the construction of “b is for banana, a is for apple” we get “bananaapple” Add a hyphen and a password between them and acquire the required character. And if you combine all this with the simple replacement code, the password for bank.com will become truly reliable. Nsmsms = s [[; r .
Site name at the end of the password
Luis Corrons, technical director of network security company Panda Security, offers the following option:
To make a password unique to each site (without having to write it down), you can add the name of the web resource to its end.
Let's take a closer look at the example of all the same site bank.com. At the end, add the prefix "-bank" to the selected password. The result is a more complex structure that makes the password clear and complicated. We do the same thing with social media accounts "-twitter", "-facebook" and "-linkedin" or abbreviated variants like "-twit", "-face" and "-link".
Time frame
There are companies that force their customers to change passwords every six months or a year. Here you can also find a solution. Just add the required year, quarter to the beginning or end of the password. Let's take as a basis the already familiar password “banana”, add to it the upcoming 2016 and the 1st quarter. It turns out banana-16-q1 . And if you make only one key movement on the keyboard, the password becomes much more complicated and will acquire the form nsmsms = 3-25 = j3 .
And now - our unique password, rather complicated, reliable, which can be memorized without any difficulty and regularly changed (by months or years).
Size matters
In addition to encryption, it’s worth talking about the quality of the password itself. Its length is important. The full set includes 26 lowercase letters, 26 uppercase letters and 10 numbers. Also about 30 special characters can be used in the password. All this means that for each character added to the password, the number of possible options increases 90 times.
According to Vincent Burke, CEO of FlowTraq Network Security Firm:
Most websites and companies need passwords that include a combination of at least 10 lowercase and uppercase characters, and include a number and one or more special characters.
Recently, security experts recommend increasing the length of the password altogether to twelve characters. According to them, 12 is a minimum. This theory was formed on the basis of a study that was conducted at the Institute of Technology (Georgia, USA). The researchers used a group of video cards to crack eight-digit passwords and came to the conclusion that it takes two to three hours. Graphic processors were used for hacking - system components designed to meet the needs of modern gamers.
Passwords of seven characters qualify as "hopelessly inappropriate." Data security researchers have concluded that it will take about 17,000 years to crack passwords of twelve characters with modern technology. True, technological development is so rapid that it is difficult to make accurate predictions.
Password originality
Of course, it is not only the length that makes the password secure. It should not be easy to guess or predictable. For example, the LadyGaga password is good only for a devoted fan or for the singer herself. Dialing numbers 1234567890 will not work either - it’s too obvious that even a child can hack it by typing in a row all ten numbers on the keyboard. The combination of password1234 series will be unreliable, even if it consists of twelve characters.
It is worth inventing complex and not common passwords. It is better to avoid the words that can be found in the dictionaries of any language. Popular replacements of letters with numbers (0 instead of “o”, 4 instead of “a”) do not play a special role. It is not advisable to repeat the same password many times. Although this is exactly what users do, according to the November RSA survey, 69%. The results showed that consumers reuse the password they once invented (despite the fact that almost 50% of them were victims of attacks by hackers).
Suggestions-tips
Most security experts agree that passwords should be easy to remember, but difficult to guess. Too complex and incomprehensible combinations of characters simply forgotten. And writing passwords on stickers, pieces of paper, in notebooks or somewhere else is not a good idea. At this point, it would be better to restrict ourselves with a hint that is understandable only to the owner, but not to someone else.
One of the parameters that makes the password more complicated is to use really rigid constructions. Hardly anyone can remember a set of twenty characters, like GdzIQaZyVaFgbh7dlu46. In fact, such passwords are quite “painful” to use at all. On the other hand, they really will be hard to crack. Such passwords are good for systems that require special security and are not used often.
As a password, you can use a phrase, pre-coding it. For example, in English, “I want to be at the beach” in the encoding might look like iw2b @ theBeach . A memorable password that will be quite difficult to break into. Under each system it is possible to choose a different ending. Some systems even allow you to use complete sentences as passwords. Such passwords will not be forgotten and will be fairly secure.
In order to improve the security of data known Dropbox data storage cloud was created a list of passwords that are prohibited to use. The list contains about 85,100 passwords.
And the University of South Wales conducted research, the results of which showed that:
4.7% of users use password password;
8.5% of users choose one of two options: password or 123456;
9.8% of users choose one of three options: password, 123456 or 12345678;
14% of users choose one of the 10 most popular passwords;
40% of users choose one of the 100 most popular passwords;
79% of users choose one of the 500 most popular passwords;
91% of users choose one of the 1,000 most popular passwords.
And here are the top 25 most popular passwords in the world:
password
123456
12345
12345678
qwerty
123456789
1234
baseball
dragon
football
pussy
1234567
monkey
letmein
abc123
111111
mustang
access
shadow
master
michael
superman
696969
123123
batman
123456
12345
12345678
qwerty
123456789
1234
baseball
dragon
football
pussy
1234567
monkey
letmein
abc123
111111
mustang
access
shadow
master
michael
superman
696969
123123
batman
Source: https://habr.com/ru/post/273373/
All Articles