How do we give our emails and passwords
The article does not pretend to be a comprehensive guide to online security, but it will probably help some novice (and not so) Internet browser boosters to keep secret passwords secret from detractors. And do not judge strictly, this is the first habropost.
For a good analysis, let's find out how a person gets his first password and what does he then when he needs to register?
The variant when the first password looks like m3Sp $ R3 will not be given to a person printed on a piece of paper as of no interest. Usually, people choose something simple as a password. Print 123456 is not enough knowledge and experience =), but something like kalininanina may well ... And then the number of passwords grows like mushrooms. You need to register mail, ICQ, contact ... What to do, invent a new password every time? “Of course!” - you will say and you will be absolutely right. But what percentage of people do that? Most often the password is one.
Well, let there be one, suppose he never even gets lost, no one knows who he can pick up / steal. (okay, bye could not). Let's think about what other paths could be ... The password is stored only as a hash (I really hope so!) In the base of large web applications, such as social networks and mail servers. The probability of leak there is vanishingly small. But is it only there? If you are asked to register on the amateur forum, for example,% brand_your_car%, or some other interesting topic, which password is usually entered? And along the way, an e-mail is reported in the registration form, and maybe also ICQ, a social network profile and more dofig any useful information about yourself. It remains only to check where the password is suitable and the case in the hat. So what to do? I do not know =) I can tell you what I do, but my decision is not for everyone.
')
First you need to come up with a good password. At least one. How to invent passwords in many places, for example, here . Use it only on trusted sites, such as Google, Yandex (do not use it on your mail), ICQ, your favorite social. network. In general, where it is important for you not to lose your account and the service itself is credible.
Secondly, create an easy-to-use password. If the trust service does not call, use a password like 1 @ 3 $ 5 ^ or] [p} {P (understand why it is simple), the main thing is that there be more than 5 characters. It is possible on all services where the account is not really important for you to use it.
Well, if you have a lot of important accounts, you can’t lose them at all, and the question of trust in services is not at all clear how to solve, then it’s time to start a password manager. In many browsers there is a built-in, and in some even one with the storage on the servers of the developer’s company of the browser ... but for some reason I don’t trust them.
The scope of my work is related to the web and work on many projects, passwords have to use an incredible amount. Hosting, ftp, databases, admin sites, after all the usual registration, everything requires a password. Therefore, one day I said to myself “Enough!” And it was useful to look for a program for storing passwords. After several days of reading reviews and studying the sites of programs, I chose the KeyPass already discussed on the habr . An important factor was the open source of the project as well as the presence of the Russian version, and some convenient and pleasant features, such as auto-typing of passwords in the form, regardless of how this application is.
At first it is difficult to force yourself to transfer all passwords to the repository, but it's worth it. I think the most demanding paranoid will be satisfied with its capabilities =). The mode in which access to passwords can be obtained only by inserting a USB flash drive with a key file and entering a password resembles bank security requirements. And most importantly, once a password from a hosting or ICQ, which may not be required for years, will always be at hand at the right moment.
Most likely, most people really don’t need a password manager, but I’d like to turn off password memorization in the browser and stop using the same password everywhere, regardless of anything.
For a good analysis, let's find out how a person gets his first password and what does he then when he needs to register?
First password
The variant when the first password looks like m3Sp $ R3 will not be given to a person printed on a piece of paper as of no interest. Usually, people choose something simple as a password. Print 123456 is not enough knowledge and experience =), but something like kalininanina may well ... And then the number of passwords grows like mushrooms. You need to register mail, ICQ, contact ... What to do, invent a new password every time? “Of course!” - you will say and you will be absolutely right. But what percentage of people do that? Most often the password is one.
To whom do you give your password?
Well, let there be one, suppose he never even gets lost, no one knows who he can pick up / steal. (okay, bye could not). Let's think about what other paths could be ... The password is stored only as a hash (I really hope so!) In the base of large web applications, such as social networks and mail servers. The probability of leak there is vanishingly small. But is it only there? If you are asked to register on the amateur forum, for example,% brand_your_car%, or some other interesting topic, which password is usually entered? And along the way, an e-mail is reported in the registration form, and maybe also ICQ, a social network profile and more dofig any useful information about yourself. It remains only to check where the password is suitable and the case in the hat. So what to do? I do not know =) I can tell you what I do, but my decision is not for everyone.
')
What to do?
First you need to come up with a good password. At least one. How to invent passwords in many places, for example, here . Use it only on trusted sites, such as Google, Yandex (do not use it on your mail), ICQ, your favorite social. network. In general, where it is important for you not to lose your account and the service itself is credible.
Secondly, create an easy-to-use password. If the trust service does not call, use a password like 1 @ 3 $ 5 ^ or] [p} {P (understand why it is simple), the main thing is that there be more than 5 characters. It is possible on all services where the account is not really important for you to use it.
Well, if you have a lot of important accounts, you can’t lose them at all, and the question of trust in services is not at all clear how to solve, then it’s time to start a password manager. In many browsers there is a built-in, and in some even one with the storage on the servers of the developer’s company of the browser ... but for some reason I don’t trust them.
The scope of my work is related to the web and work on many projects, passwords have to use an incredible amount. Hosting, ftp, databases, admin sites, after all the usual registration, everything requires a password. Therefore, one day I said to myself “Enough!” And it was useful to look for a program for storing passwords. After several days of reading reviews and studying the sites of programs, I chose the KeyPass already discussed on the habr . An important factor was the open source of the project as well as the presence of the Russian version, and some convenient and pleasant features, such as auto-typing of passwords in the form, regardless of how this application is.
At first it is difficult to force yourself to transfer all passwords to the repository, but it's worth it. I think the most demanding paranoid will be satisfied with its capabilities =). The mode in which access to passwords can be obtained only by inserting a USB flash drive with a key file and entering a password resembles bank security requirements. And most importantly, once a password from a hosting or ICQ, which may not be required for years, will always be at hand at the right moment.
Most likely, most people really don’t need a password manager, but I’d like to turn off password memorization in the browser and stop using the same password everywhere, regardless of anything.
Summarizing
- If you have one password, then let it be reliable
- Get easy to remember password for unreliable services.
- Use the password manager!
Source: https://habr.com/ru/post/77835/
All Articles