Secure passwords

Approved 2024/02/05 08:36 by psycore (version: 3) | Approver: psycore

Secure passwords

Version 3.1

1.0 Introduction

Passwords are becoming increasingly important these days. Online banking, FTP access and website accounts are forcing us to have more and more passwords. Of course you can manage everything with a password, but I doubt whether this is in the interest of security. In this tutorial, I will explain what a password should look like and what you should bear in mind when managing it.

2.0 Dealing with passwords

Let's start by clarifying two things: The wrong and the right way to handle passwords, as well as the unrealisable ideal situation.

2.1 Ideal situation

The ideal handling of passwords would look like this: Integrated into our brain would be a MySQL database that could store an infinite amount of information and retrieve it at any time. We would then be able to remember every password. Of course, this is completely utopian. At least with the current state of technology. But what we can't do, a computer can do for us. But more on that later.

2.2 Incorrect administration

Let's look at a few things that are fundamentally wrong when it comes to password management:

  1. Passwords should never be written down
  2. Storing passwords in a text file on your computer is also not secure
  3. Sticking them under the keyboard is not ideal either

2.3 Correct administration

Passwords should be managed carefully. There are so many different ways in which passwords can be attacked that we must not simply act rashly. There are several ways to manage them well and securely:

  1. Password matrices
  2. Special hardware
  3. Card-supported password management systems
  4. Password programmes

I will go into the password programmes in more detail below, as these are the most useful for private users.

2.4 Password programmes

Password programmes are usually databases that store data in a clearly organised manner. What must such a programme be able to do?

  1. A password generator should be integrated
  2. The database must be protected by a master password
  3. Adjustable length
  4. Combination of numbers, upper and lower case letters and special characters
  5. The database must not be stored in plain text

Such a tool is available here.

3.0 Structure of the password

A secure password must fulfil certain requirements. We will now look at these in more detail.

flowchart TD A[Secure password] B[Letters] C[Numbers] D[Special characters] E[Length] B1[A-Z] B2[a-z] C1[0-9] D1[+-!?_-] E1[12] A-->B A-->C A-->D A-->E B-->B1 B-->B2 C-->C1 D-->D1 E--minimum-->E1

3.1 Passwords should not look like this

Not like this:

  • “qwrt” and similar keyboard combinations
  • Pure numbers
  • Pure letters
  • Simple words such as sex, god etc.
  • No personal data such as sister's name or year of birth

3.2 Number of characters

A good password should have at least 12 characters. In addition, it should be a combination of numbers, upper and lower case letters and special characters. Examples of good and secure passwords are ZfA5ZWc~$w8A j?7!!G54ks54 @ZT§$&3&?D7€ ?1~3€G1EN2!!! As we would certainly have problems remembering such passwords, I have previously discussed the programmes that can manage them.

4.0 Passwords without programmes

If you don't want to create a password with a programme, there is a very simple method for coming up with your own secure password. We form a sentence:

Ich bilde einen Satz mit Groß- & Kleinbuchstaben und den Zahlen 0 und 9

We take the first letters of the sentence, the special character and the numbers and form the password:

IbeSmG&KudZ0u9

This is a quick and easy way to create a password that you will remember.

5.0 On the Internet

To ensure a certain basic security of your data on the Internet, it is important to keep a few things in mind:

6.0 Multifactor authentication

Wherever possible MFA should be used wherever possible (e.g. via an authenticator app or a hardware token).

7.0 Conclusion

The days when we could carelessly handle access data are over. Phishing strategies and hacker attacks are on the rise and you have to adapt to the trend in order to counteract them. Of course, there is never a 100% guarantee of security, but you can at least take good precautions to avoid becoming a victim of data theft.

There is a practical tool for generating passwords here in the wiki.

en/it-security/passwords.txt · Last modified: 2024/02/05 08:33
CC Attribution-Noncommercial-Share Alike 4.0 International