Personal Password Security Policy

We are now in the network age, often to login to various websites, forums, mailboxes, online banking and so on, these visits often require account + password identity authentication, so we constantly register users, there are countless network accounts and passwords. It is very dangerous for most people to use only a common network username, mailbox, and password to facilitate memory. So, how should we set the password on the Internet to be relatively safe?

Overall, personal password security needs to follow a few simple requirements: for different network systems using different passwords, for important systems use a more secure password. Never use the same password for all systems. For those forums that occasionally log on, you can set a simple password, and you must set it to a complex password for important information, e-mail, online banking, and so on. Never set up the same password for a forum, email, or bank account. The specific settings policy is as follows:

One, will own commonly used website classification: The big website, the small website, the important website, the ordinary website

1, the big website

Large sites for trusted, safe sites, such as hundreds of millions of of users of several portal sites (Sina, Tencent, Google, etc.), such sites are theoretically safe, the general situation under the user password is not easy to leak, and will provide binding cell phone number function, such sites should not exceed 10.

2. Small website

Large sites outside the site are counted small sites, is not trusted site, the password stored on the above may leak at any time, and may be the password plaintext leakage.

3. Important website

Related to the network use of the core sites, such as the main e-mail, internet banking, online payment, domain name management, such as Web sites if hackers breached, it will cause loss of personal assets or related other Web services are attacked, the loss of huge.

4. General website

Sites outside of important sites.

Second, the classification of their common passwords: weak password, medium password, strong password

1, weak password

The easiest to remember, and the default is the password that can be lost.

All kinds of small and medium-sized sites, forums, communities, personal sites and other use.

Reason: The security of these sites may not be very good, some just MD5 the password to store, some may also the plaintext store password. Hackers can easily steal users ' passwords from these sites.

2, the password

Medium intensity password, 8 characters above, there is a certain ability to resist poverty.

Medium passwords are mainly used in domestic portals, large websites, portal microblogging, social networking sites, etc., but not in the main mailbox. The best way to do this is to bind your mobile number.

Reason: Big website security is better, usually be cracked the possibility of low, in the big website use password to intensity can be slightly stronger.

It should be noted that some portal sites (such as Sina, Sohu, etc.) to provide micro-blog, but also provide mail system, if the system defaults to the establishment of these mailboxes, it is recommended not to use these mailboxes anywhere, if you want to use the mailbox, it is best to confirm that the mailbox has a stand-alone password

One of the exceptions is Tencent mailbox, Tencent mailbox support a separate password, set up after the user needs to enter the QQ password and mailbox password two before use.

All game accounts use a separate password.

3, strong password

A strong password requires at least 8 characters, does not contain a username, real name or company name, does not contain complete words, including letters, numbers, special symbols.

Strong password is mainly used for mailbox, net silver, payment system and so on.

This kind of website is the most important website, the net bank relates to the user's property security, the mailbox can reset the user all registered website password, therefore this kind of website must use the strong password, guarantees its absolute security sex.

Password-lifting is very effective for simple passwords with fewer lengths. However, if the network user to set a longer password and no obvious characteristics (such as the use of some special characters and the combination of digital letters), then the crack tool to break down the process becomes very difficult, cracked people tend to be poor for a long time to lose patience. Generally believe that the password length should be greater than 8 digits, the password is best to contain alphanumeric and symbols, do not use a pure digital password, do not use the combination of common English words, do not use their own name to do the password, do not use the birthday password.

Iii. code for the use of e-mail

1. Type of mailbox

Personal mailboxes are not as much as possible, as long as two individual mailboxes (except work email), close those useless mailboxes, or clear all the content, not anywhere to use this mailbox.

The mailbox is divided into two types, the main mailbox and the secondary mailbox, the important service uses the main mailbox to apply, the General Service uses the secondary mailbox to apply.

The main mailbox recommended the use of Gmail set up, binding the user's mobile phone, and set two-step verification of mobile phone dynamic password, the current world only Gmail mailbox support mobile phone dynamic password, increase mobile phone password, the hacker even reset the user's Gmail password, still unable to log into the account, Unless a user's phone is stolen at the same time. With a dynamic password, the user has enough time to fix the password on the phone once the user's mailbox is attacked.

Gmail's auxiliary mailbox can not be used, or with a can, auxiliary mailbox security must be high, not easy to be breached.

There is also a point of access to Gmail, that is, do not use hosts to visit Gmail, do not put www.google.com into the hosts file, otherwise it will pose a great threat to Gmail security.

2. Dynamic Password setting

For Gmail users who are often attacked, it is highly recommended to use Gmail's "Two-Step verification" feature by first logging in to Gmail and then accessing the address, and then installing an iphone or Android app that prompts you to implement a dynamic password. Greatly enhanced the security of Gmail.

Gmail's two-step verification supports the iphone and the Android phone, which is actually a type of dynamic cipher. Dynamic Password is also called a one-time password, which means that the user's password is constantly changing according to time or usage, and each password is used only once. Because each password used must be generated by a dynamic token and the user's password is different each time, it is difficult for a hacker to calculate the next dynamic password that appears. But dynamic passwords require a high demand for mobile phones, and smartphones like the iphone or Android are needed.

In addition to the Gmail mailbox, Tencent QQ mailbox is also the domestic use of a more extensive mailbox, the use of Tencent QQ mailbox needs attention, must be set up double password (mailbox separate password), if necessary to open Tencent's QQ mobile phone token, QQ mobile phone token is a Tencent company's QQ security software, by verifying the 30-second dynamic password to protect the QQ account, Q-coins and game equipment, etc., but the current QQ mailbox does not support the mobile phone card mode login.

Many people feel that the dynamic password is inconvenient, not willing to use, this is wrong. Convenience is certainly good, security is more important, the importance of user password management, although added a little inconvenience, but you may avoid great losses.

3, the mailbox password

The password of the mailbox is absolutely not same as any other website's password, want to use more than 8 digits strong password.

Mailbox is the core of password management and key, through the message reset password function, you can get most of the user's Web site password, so once the mailbox password is black, will cause users all password system out of control, Gmail dynamic password Although it looks troublesome, in fact, not every time input, In a single computer can be entered 30 days again. QQ Mobile phone token can also set various methods to reduce the number of input dynamic password.

In the use of the mailbox to pay attention to the use of the main mailbox and secondary mailbox registration of different sites, important services with the main mailbox to apply, General Service with a secondary mailbox to apply. Large sites use simple passwords for complex passwords, small sites and forums. If the registered website is stolen, you need to reset the password by email as soon as possible.

For those small web sites, in which the password can only be when not, because we do not know how these sites are saved passwords, its website may be black at any time, so can only ensure that the registered mail is not black, you can use it to reset the password.

4, "Retrieve password" setting

"Retrieve password" is a key mailbox security settings, a lot of hackers cracked mailbox through the "Find password" to crack, so how to set the "Retrieve password" security issue is a very important link.

What is the "Find password" in the unsafe problem, mainly "your birthday?" (You'll be typing your own birthday on other social networking sites); " What's your name? " (Everyone familiar with you knows your name); " Where is your birthplace? " (You can calculate the place of your birth by the ID number); " What's your cell phone number? " (Too many places are prone to leaking your mobile numbers);

In this way, some people are likely to reset your email password by doing something with no technical content.

So, "Retrieve the password" should be set to a question that only you know the answer to, you will not easily tell others, other people through the normal method is difficult to know, such as "You have a crush of people in high school," "," you in the third day of the same table, "What is your best friend in primary School name", "Your first first lover's name "And so on, these problems are usually hard for others to guess.

Summary: 1, the core mailbox can choose Gmail, enable its two-step authentication, so the password is stolen hackers can not go, unless the phone is also stolen. 2, with this mailbox to register other sites, with different passwords, large sites with complex passwords, small sites and forums using a simple password. 3, the mailbox uses the individual complex password, does not and other website password same.

Four, the net silver uses the standard

As little as possible to open online banking, if necessary, then open those who have a better reputation, less accidents have occurred in the network of silver, such as Merchants Bank net silver. Open the net silver after using digital certificate, the best to apply for USB Key,usb key using two-key encryption, the private key is securely stored in the key, in the network application environment, can be more secure, make up for the dynamic password lock encryption of some defects. Because the user's private key is stored in the USB key password lock, it can not be read theoretically in any way, so the security of the user authentication is ensured. Unless the hacker obtains the physical hardware of the user's USB key, it is difficult to break the user's net silver.

The bank withdrawal password is not the same as any other password. Online Banking password is not the same as the withdrawal password, nor the same as other Web site passwords.

For Alipay, be sure to install digital certificate, payment password and login password do not like, the Alipay account as a real name, at the same time Open mobile phone, mailbox binding, if you want to more secure a little more to apply for a pay shield.

Induction: Less open online banking, network silver application USB key with the use. The payment password and login password are different. The password security of bank, net silver, main email is the most important, need the key protection. The net silver uses the individual complex password, does not have with the mailbox and other website same.

V. Summary

Password is the key to personal network information security. In the network is very developed today, the Internet Trojan virus rampant, we should design a good password security, in order to protect the internet banking security, online information security, online transaction security, following the introduction of the Personal password security policy, can be more effective to improve the security of user personal password, Prevent your personal information from being threatened and attacked.

Author: Moonlight Blog

This article address: http://www.williamlong.info/archives/2937.html, reprint Please indicate this address in the form of link