70 likes | 199 Views
Peter Byrne. Creating and using Strong Passwords. Superconductivity Group. Why are strong passwords important?. Often people have a mentality of “it won’t happen to me.” But often users are only used as a way into the system
E N D
Peter Byrne Creating and using Strong Passwords Superconductivity Group
Why are strong passwords important? Often people have a mentality of “it won’t happen to me.” But often users are only used as a way into the system In the incident here at Durham, a user whose account had a weak password was broken into by brute force. The hacker then used this account to get administrator access on both the supercomputing cluster and the university linux machines which all had to be shut down for 2 weeks. This inconvenienced both the user who had the weak password and all the other users of the system. Any system is only as strong as its weakest link!
What makes a good password? • Length • Should be at least 8 characters, the more the better. • Not a dictionary word • Password guessing attempts often try words from a dictionary. • There are only a few hundred thousand words in English. • Using one of these will massively increases the speed at which your password can be guessed. • Avoid common misspellings and sequences of numbers • Use lowercase, uppercase, numeric characters and symbols • Vastly increases the complexity of finding it by brute force. • The strongest passwords are random combinations of letters and numbers and symbols.
Remembering a long password • Long passwords can be difficult • to remember especially if they • follow all these rules. • Microsoft suggest: • Find a sentence or two that would be memorable to you • “My dog is called Frank. He is a labrador.” • Use the first letter from each word • mdicfhial • Replace or insert numbers and capitalize some letters, for example capitalizing every 3rd letter. • mdIcf5HiaL • For a very strong password, some symbols should also be added. • md,Icf5Hial
Using passwords online • In theory – different password for every website • E.g. Email and Online Shopping • In practice – Most people tend to use the same password for most things they do online. • Dangerous if one site is compromised or malicious. • There are tricks/tools that can help with this situation. • PwdHash • Addon for firefox that will generate a per site password from your original password. • https://addons.mozilla.org/en-us/firefox/addon/pwdhash/ • Simple per website password • Inserting two letters from the site into to your password • Mypassword for facebook would become Mypassfbword • Best if you use your own algorithm
Conclusion Remembering long passwords can be a pain! Hopefully these tips will help you create and remember a strong password. Using the same password for multiple things is quite dangerous if it is compromised. Many tools and guides out there to help you generate per website passwords.
Peter Byrne Superconductivity Group