Secure Passwords Guide

[Neon_Wizard]

Secure Passwords Tutorial

This tutorial was designed as a guideline for choosing good passwords for computer users. Password security is a very important thing that many people overlook. You usually think about a password as a tiny thing that protects your hotmail account. But what about your online banking, where you credit card number is, or your eBay account? Anywhere you use a password, it is critical that it?s a strong password. Password cracking has evolved a lot, there are now very many password crackers available to anyone to download for free, and most users fell back in time on making secure passwords. So whether it?s protecting your computer, or online accounts, it has to be a strong password in order for your information to be safWhat Not To Use

Many users use in their passwords things from personal life, such as:

names

birthdays

dates

Do not use this, under any circumstances. These things can be easily guessed, and more easily cracked. Never use obvious things from your life, such as names, birthdays or other dates. Anyone who knows you a bit can easily guess your password. Password crackers have all the names, and can try hundred of number combinations very fast. Never use these things in your passworPassword Generators

Password generators do indeed create strong passwords, but they have other flaws. The passwords that they spit out are hard to remember, and take long to type. They are also vulnerable against the password-generating algorithm, which some password crackers might use in order to reverse the decrypting procesThe Longer The Password, the Better

In the old days, the characters in a password of an NT box were limited to 14. Today, Windows 2000 and Windows XP allow up to 127 characters as a password. The longer your password, the longer it will take to crack. One thing that was discovered is that if you make a password in Windows longer than 15 characters, Windows does not store the LanMan hash properly. This protects you against brute force attacks of password crackerMake Use Of Characters/Symbols

In order to make a strong password, it?s recommended that you use all types of characters and symbols.

Lower Case ? a,b,c,d

Upper Case ? A,B,C,D

Symbols - @,#,$,%,^,

Numerals ? 1,2,3,4

Alt Characters ? ?, ?

It is highly recommended to use a combination of these characters, numerals and symbols. If you don?t want to use the Alt Characters, use upper and lower case, numerals and symbols, which will create a strong password, and make it hard for password crackers to break it. One interesting example could be NeonWizard20@email.com While this might seem unusual to you, this password uses upper/lower case characters, numerals, and symbols. When I put it in a Password Strength Meter, it showed me that it is a very strong password. However, make sure you don?t use your real email address. This kind of type is only an example. It uses all the characters and symbols; it?s easy to remember, hard for password crackers to break, and no one could even Using Spaceit.

Using Space

Passwords in Windows 2000 & XP can use space. It is not recommended to use space at the beginning or at the end of the password. The other downside of it is the sound that the keyboard makes when your press the space bar, and someone can easily tell that you pressed spInversed Words

Inversed Words

Some people think it?s good to write a word inversed. Such as admin, could come nimda. Password crackers will try to reverse all the words, so it?s not a good idea to write inversed words. It?s still easy to crack a normal wUsing Different Passwords For Different Accountsords For Different Accounts

Why don?t all the doors on your street use the same key? Because your neighbours don?t want you in their house. It?s the same with you. If someone breaks or finds out a password, you don?t want them snooping at your other accounts, such as online banking. That?s why it?s recommended that you use different passwords for different accounts. I don?t mean use a different password for every account, but use one for your email and forums, and a different one for banking. But surely, please use a different one for important stuff such as banking, online shopping, or anything that has your credit card number in the account. If someone is after you, they?ll likely to try to break your email account first. If they find out that, they will try the same password for your other accounts too. In the end, you decide how you want to divide your accounts and pasWriting Down Passwordsanoid you are.

Writing Down Passwords

If you want to write down passwords, for whatever reason, make sure you keep them locked somewhere, in a safe if possible. Under no circumstances are they to be left on Post It notes, and pieces of papers in your desk. The room/office where your computer is located will be the first place that someone who breaks in will look for a written password. One reason that you might want to write down the password of the admin is in case he quits, so you can have access to the network. But if you do wriPublic/Office Physical Securityoperly.

Public/Office Physical Security

Another issue is keeping your password safe in a public/office workspace. People that walk by could peek at your keyboard while you?re typing. Also, people who sit besides you could peek over at your keyboard. It happens in an environment where are many persons, and getting your password can be as easy as seeing what the person is typing. That?s why you need to be familiar with your password. If you are, you can type it very fast, and even someone who is looking at your keyboard very close couldn?t tell everything that you typed. Make sure no one stops behind your back, and if you are sitting close to someone, type the password fast and don?t let them see the keyboard. Some people aren?t even ashameConvenience Over Security typing the password.

Convenience Over Security

Many people don?t even put passwords on their home computers. I can understand this, because every time you boot up you have to type the password. If you just let the system boot up without any logging on, it?s easier. But what if someone breaks into your house, and steals it? It?s going to be very easy for that person to get all your personal info. But putting passwords on people who travel with a laptop is a must. Laptop theft, and misplace happens a lot, and the first thing someone does after they get your computer is try to crack the password. I think that most laptops today come with tracking devices, and if your password is secure, it could take weeks if not months for a password cracker to break it. This could mean that your Password Crackersd before they broke your password.

Password Crackers

Eventually, any password can be cracked. But the amount of time it takes to crack a password depends only on how good the password is. If it?s a hard one, it could take weeks, and eventually, whoever is trying to crack it, will probably give up after a couple of hours. Password crackers are not sci-fi, as some people would think. Password crackers use world lists, brute force attacks, or both at the same time. Word lists is exactly what the name says, a very long list of words, which are combined in different methods in order to crack the password. Brute force attacks simple make every possible combination of characters and numerals, until it finds the password. Brute force attacks are very slow, but eventually, they will find the right combination. ProbResetting Passwordsassword cracker is John The Ripper.

Resetting Passwords

A thing that is widely overlooked by people is the ability to reset passwords. This is probably the easiest way to ?break? someone?s password. It?s very simple, and even if you do have a strong password, anyone who knows you a bit can easily reset the password, make one of his or her own and take over your account. It can be done so quickly, here are the steps on how easy you can reset a Hotmail password. So you enter the email address, and type some bogus password. Then it tells you the password is wrong, and you want to reset it. You pick the country, and then you pick the state. Pretty easy if you know someone?s password. There are hundreds of free online directories, such as White Pages and Yellow Pages, so type the name, and you easily get the zip code. This is for US, because if you?re trying to reset someone?s password that lives in Canada, it doesn?t even ask you for a zip code. Here comes the part that really matters. How hard is the secret question and how hard is it to answer? Some of the secret questions are:

Favorite pet?s name

Favorite Movie

Aniversary

Father?s Middle Name

Spouse?s Middle Name

First Child?s Middle Name

High School Name

Favorite Teacher?s Name

Favorite Sports Team

If you know somebody, even just a bit, you probably know the answer to these questions. So please, after you made your account, change the secret question and the answer. Don?t make it easy and take it for granted, because probably the first way someone will try to get your password is by resetting it. Make the answer and the question difficult. One good question that I came across when I was trying to reset someone?s password was: ?Once upon of time? now this may sound like a fairy tale, but I really got no idea what to type. There could be a thousand of answers to that. So, if you really care about your password being strong, make sure you make a good secret question and answer. And this is not just for Hotmail, butThe Importance of Logging Out resetting method, extremely flawless if not used properly.

The Importance of Logging Out

Another thing that can be used to take over one?s account, no matter how strong the password might be, is forgetting to log out from accounts when using a public computer. Some browsers do log you out automatically when you close it, but oFinding Passwords, if you do use a public computer, always log out from all your accounts.

Finding Passwords

Even if you do have a strong password, it can still be found in other ways, if you?re not careful. Social engineering, the nice way to ask for someone?s password is one of them. This is for those 70% of people that would reveal their password for a chocolate bar, as a study conducted this year shows. Don?t give the password to anyone, for whatever they got. Don?t give it to your parents, friends, girlfriends, wives, or no one else. If there is a real problem, the system administrator will probably come to you and ask for it. Another way to get a password is through key loConclusion that you don?t have one installed on the computer. Make spyware and virus checks often.

Conclusion

The best password is one that you can come up on your own with, not one that?s spit out by a password generator. You must be familiarized with it, so you can type it fast, in case anyone is peeking over at your keyboard. A good password contains upper/lower case characters, numerals, and symbols. Also, it has to be long, 15 characters if possible. Only you can decide what the best password is for you. If you?d like to test the strength of it, please use the Password Strength Meter , or install a password cracker on your system to see how long it takes to figure out the password.

[Medievil]

(Y)

nice guide m8

can i put a link to this guide on my security guide? :)

[Neon_Wizard]

Sure, feel free to post a link.

[fuzzy_logic]

Nice guide! Thanks!

Here's something that you may want to add:

I find that an increasing number of websites are asking users to put their email addresses as the login name, e.g. paypal. Personally I like to use the password of the email address as the password of the login name (which is the email address itself.) so that I won't forget. So the website ends up collecting my email address and the password of that email. I know this is a bad thing because whoever with those info can easily break into my email account or even my paypal account. I really should stop doing that!

Thanks again!