This is a guest post by Wes Burns.
Long passwords are tough to break if they are attacked at random, but proficient crackers don’t just attack passwords at random. The easiest way to crack passwords is to find security flaws that avoid the whole trouble of guessing the password in the first place. And even brute force attacks do not guess characters completely at random.
The following password tips are probably familiar to those of you in the security field, but these tips aren’t mentioned often on your basic password tips article. The following password tips will help you create smarter password and manage them with security in mind.
1. The Order of Special Characters Counts
Adding an exclamation mark at the end of your password may satisfy password strength indicators on your banking website, but that’s actually not a secure way to diversify your password characters. Brute force cracking tools know how frequently special characters are added to the ends of common words. They also know that people like to add one special character followed by a couple of numbers.
Safe passwords use special characters at random. Don’t just add a “!” or “$” at the end of your password and follow it up with the date of your birth. Throw special characters in at random. Stick one in early in your password, another halfway through and one more at the end. That will make your password significantly more difficult to defeat.
2. L33t sp34k Doesn’t Cut it
This tip goes along the same lines as number one. Password crackers look for patterns and one overused pattern is the substitution of numbers for letters. People love to make password strength indicators happy by substituting zeros for Os, 4s for As and 3s for Es. Don’t use l33t sp34k to create passwords.
Brute force attackers know to try common password phrases and replace letters with numbers. You might make the password strength indicator happy, but that doesn’t mean much if you use easily guessed substitutions.
3. Don’t Make Mobile Mistakes
With everything going to the cloud today, we can reach our data from anywhere in the world. Although it is convenient, new access points open us up to new security risks. Now, you can’t just watch your PC security, you also have to keep your laptop safe, mobile device safe and pay attention to which networks you connect to.
For example, let’s say you have the Box.com app installed on your phone. You might have the most secure password in the world protecting your account, but that doesn’t help if you have the password saved on your phone app and you lose your phone. At the very least, lock your mobile apps with individual pins.
4. Learn How to Juggle Multiple Passwords
Here’s a big problem: every password security article on the internet tells you to use a unique password for every single login and they also tell you to make each password long, complicated and free of any discernible patterns. How in the world are you supposed to keep track of all these ridiculous passwords?
Well, if you’re an average computer user, look into a password management tool such as Roboform. This handy little piece of software will keep track of all your passwords and encrypt them behind a master password. Just memorize your master password and then RoboForm can be used to fill out passwords at sites that you have saved.
If you work for the CIA and can’t trust your passwords to RoboForm, then you’ll just have to write them down on paper and store them in a locked vault or save them in a TrueCrypt volume. There’s no easy way to juggle lots of different passwords without storing them somewhere.
Sure, you can use a simple algorithm to generate a new password for each website (for example you substitute every 3rd letter in the URL for a certain letter), but if you’re too paranoid to write your passwords down or store them in RoboForm, you should also be paranoid about someone figuring out your algorithm.
About the author:
This post was written by Wes Burns. Wes is a freelance writer and internet marketer with a penchant for tech tips and tricks.
This post was written by Wes Burns. Wes is a freelance writer and internet marketer with a penchant for tech tips and tricks.
Thank you for your comment.