How to set a password more secure

There are generally two reasons why we register users on our website, one of which is temporary, mainly to download or view resources information that must be logged in to have appropriate permissions. At this time of registration, the password can be simple or even fixed, and the username has a specific identifier prefix or suffix so that it is easy to differentiate, and all users can use the same password. At the same time, this type of user name will never be published with personal information or ideas or meaningful content of the post (to avoid a long time ago inadvertently the post was sentenced to "illegal"-CCTV social and law channel a few days ago reported a groom, two years ago, a number of adult images were sent for viewing an adult page, and the wedding was ruined. Adult picture meaning everyone knows, I will not explain it. Of course, if you're worried about someone logging into your account and publishing inappropriate content (seemingly trying to frame you), you may need to improve the password rule (see below) in addition to personal identity information.

Another reason to sign up for a user is that you really want to stay on top, such a place you will definitely publish meaningful content and express personal opinion (please observe the relevant rules of the website itself), and under normal circumstances your personal true identity also may leak normally, so the security of the password is very important. So how should you construct a password that is both safe and easy to remember?

　　That's what I did:
in my life, there are some important people, events, times, places ... Each of them can be expressed in a string, such as the date "2013.11.11", the location of the phonetic string "Zhonguoshenzhen", The Birthday of "1989.09.01" (yes, birthday does not matter ...), they are in my heart, will not forget and no memory. There is no doubt that these strings cannot be directly coded, because the site is likely to record them in clear text so that the signs in your heart are leaking out (very dangerous). At the same time you also need to remember that username corresponding to the heart of which logo, if you have a bad memory, it may be written on paper, and this is not safe!

　　So how do you do that?
In fact, no need to remember which username corresponds to which password, and do not have to be clearly written on the paper. What you need to do is create a map of your heart: match the important signs in your mind with a word that is easily associative (or even just a letter), and then record the associative word and its account number on paper. Associative words used in general combination of better use, if a represents your favorite AV star's name, B on behalf of your first secret lover's Birthday (best), recorded on paper, "BA" logo on behalf of that birthday plus another name (~ haha, MO despise me AH). In this way, the password is written on paper but still safe. In your future life, you will register a lot of sites, far beyond your imagination ~,so ... Privacy is important!

The password on the paper is safe, but what about the Web site? If the login site is irresistible to the third party implanted JS keyboard record code, or the site itself can not protect the password you left? How do we deal with it?

　　The answer is:
in the browser loaded with a Hash plug-in (MD5, SHA, etc.), in the plug-in input from the word translated from the password, Hash out a string (of course, can also be executed several times, such as first MD5, and then Base64) as the final password used in the site end. The security to do this is as follows:

1. Enter the password in the plug-in, make the page of the target website in the browser even if the JS code is injected, but the JS code in the page does not have the ability to obtain the input of the plug-in;

2. The password string that was eventually submitted to the Web site has been hashed, an irreversible class-random string that no one knows "the permanent identity in your Heart" (PS: The number of those logos is limited, so it is also valuable);

3. Of course, the browser and operating system clean is the general premise, otherwise all security interview;

To sum up:

1. Temporary accounts with a simple password or even fixed, account name has a certain characteristics, do not publish meaningful content. If you are concerned about identity theft, password can add a Hash protection;

2. Set up a "logo of important things in mind" list, with easy to associate words corresponding. The associative word is recorded on the paper as a quasi cipher;

3. Install a Hash plug-in on a secure browser (such as chrome);

4. The password used in real registration is a class of random string after the identification string and the Hash computed by the associative word translation;

　　Security and applicability
1. Regardless of whether the site page is forced to inject JS steal password (incidentally, such a steal code is very simple), and whether or not the site itself has a security problem, this can protect you.

2. Because the password used in the Web site is calculated using Hash, there is no possibility of cracking, and those important signs in your mind will not be known, then they can be used forever. If you need to change the password, adjust the combination of associative words;

3. Associative words are recorded on paper without the burden of memory. At the same time no one knows what the associative words correspond to (suggested combinations), so that even people who are familiar with you cannot fully understand what they are;

4. It is not difficult to create a "list of important things" in one's own life and to associate it with simple words--it will gradually enrich and expand dynamically.

5. Overall, you need to remember just one thing-something hard to forget (the construction of the logo can be simple to use pinyin, or other, you know it yourself);

　　A little more concise statement
1. Heart: Important things identify string => associative words. For example: A => heart of AV star (yjly); B => First Girlfriend's birthday (0828); C => My favorite programming language domain brother (STM);

2. On paper: User name, password for associative word combination. Records: website httpx; user name ba Cao; password ABC;

3. Website: username, password is Hash (Lenovo Word translation). Calculation: Base64 (MD5 (' yjly0828stm '));

4. The final password to be used on the website is: ' Zme2njkzmduxzwnlmzrhnzy5mwuxmtblmdbhngzhywu ';

5. The rule is too simple, you can design it a little bit more complex--only you know it, of course.

On the wonton Internet, protecting yourself may not be as difficult as it might seem. Without trusting either side, you can design your own password rules! I wish all the netizens safe, healthy, and happy!