In-depth understanding of how to select and protect passwords

Password is a common form of authentication, and is often the only barrier between the user and your personal information. Attackers can use some programs to help guess or "crack" the password. However, by choosing a good password and keeping it confidential, you can make unauthorized access to your information very difficult.

Why do you need a password?

Think about how many personal identity codes, passwords, or password you need each day: When you get money from an ATM or use a bank debit card in a store and log on to your computer or email, when signing an online bank account or online shopping ...... It seems that the list will only grow. Remember all these numbers, combinations of letters and words may make you feel frustrated from time to time, and you may doubt whether these tedious jobs are worth it. After all, attackers are concerned with your personal email account, aren't they? Will someone harass your blank bank account even if someone else's account has a lot of money?

Attackers often do not only want to access your account, but they want to gain access to your information to launch more attacks. Maybe it seems that someone can access your personal email is not more serious than infringing personal privacy, but think about it as your social security insurance account or medical records?

One of the best ways to protect personal data and tangible assets is to allow only authorized persons to access the account. The next step is to confirm whether a person's identity is as he said. This authentication step is more important and it is more difficult to implement it in the digital world. Password is the most commonly used authentication method. However, if you do not select a good password and keep it confidential, it will be virtually empty. Many systems and services can intrude into accounts because of unsafe and inappropriate passwords. Some virus software and worms can guess a simple password.

How do I select a good password?

Many users use passwords based on their personal information, which is easy to remember. However, this is also easier for hackers to guess or crack. When you start a four-digit PIN code, will you use the year, month, and day of your birthday to combine it? Or the last four digits of your social insurance number? Or your address and phone number? Think about how easy it is to find a person's personal information. What about your email password? -Is it a word that can be found in the dictionary? If yes, attackers may exploit the dictionary information to guess the password.

Although intentional spelling of wrong words (such as replacing "date" with "daytt") can provide some protection for dictionary attackers, a better way is to rely on word concatenation and memory techniques, it helps you remember how to crack it. For example, use "lltpbb" instead of the password "hoops ", "lltpbb" is "[I] [l] Ike [t] o [p] lay [B] asket [B] All.. Use lower-case and upper-case letters to add a hidden layer of protection. However, the best defense method is to use a combination of numbers, special characters, lowercase letters, and uppercase letters. Change the example above and we will get "Il! 2pbb. "We can see that it is much more complicated after adding numbers and special characters.

Do not assume that you have a strong password. You can use it in every system or program you log on. If an attacker guessed your password, he could access all your accounts. You should use these skills to create a unique password for each account.

Now let's review the password selection policy:

Do not use a password that is easy to guess based on personal information
Do not use words that can be found in any dictionary or language.
Use memory to remember complex passwords
Both lowercase and uppercase letters are used.
Use a combination of letters, numbers, and special characters
Use different passwords in different systems

How to protect your password?

Now you have selected a difficult-to-guess password, and you have to make sure that it is not stored in any location that can be found by others. Writing it down and putting it on your desk, next to your computer, or worse, sticking it to your computer will make it easy for anyone entering your office to get your password. Do not tell anyone the password, and be careful to ask you to provide the password through phone or email.

If your Internet Service Provider (ISP) provides system authentication options, select the systems that use Kerberos, based on the challenge/response type, or public keys, instead of a simple password (refer to understanding ISP and enhanced password for more information ). You can consider challenging password-only service providers to adopt a safer approach.

In addition, many programs provide the "remember" password option, but these programs have different security levels to protect information. Some programs, such as email programs, store information in text files to your computer. This means that anyone who can access your computer can find all your passwords and obtain the permission to access your information. Therefore, if you are using a public computer, always remember to log out of your account (in a library, Internet cafe, or even a public computer in the office ). When you have too many passwords, other programs that use powerful encryption techniques to protect passwords, such as Apple's keychain and Palm's secure pair to, can provide feasible options for managing passwords.

Although these methods cannot completely prevent attackers from getting your password, they will certainly make it more difficult.