Skip to main content

Good Passwords vs Bad Passwords [How to]

We can assume safely that even though our passwords are simple and not that much lengthy, they are safe somehow. The reason being most of us use  characters as our passwords which, in most of the cases, are not English dictionary words – letting us behind the target of hackers. But there are things we need to learn about good passwords and bad passwords.

Password Lock Icon

Everyday we tend to use or login to different websites, each having their own unique (username and) passwords. It is obviously difficult to keep the track of all passwords in general and for sure if you are using the same password in different websites, then you are complicating your life. In this article, we have explored some of the features for good passwords versus bad passwords, what are the top exploited bad passwords, and how to create a good memorable passwords for everyday use.
Here we list some of the worst passwords of 2011 as revealed by Forbes magazine – compiled bySplashData and Impera based on the passwords stolen from hacked websites. Ensure that your password is not the one among these worst and most used passwords of all times.
password12345612345678qwertyabc123
monkey1234567letmeintrustno1dragon
baseball111111iloveyoumastersunshine
ashleypassw0rdshadow123123654321
supermanqazwsxmichaelfootball123456789
Passwordprincessrockyourockonp@ssw0rd
Even though your password is a combination of characters, and numbers, and special characters, it still might be in red zone as listed in table above. Hackers have started to crack your password by substituting O for 0, a for @ and so on. We have listed here our best practices for creating good passwords – maybe not the best passwords.
How to create a good password for website or a web service?
While passwords for ATM machines, luggage locks, automated door locks, and others are mostly numbers which you tend to put one from your best matched digits. But here what we are concerned is how to create good passwords not only for your Facebook and Twitter accounts, but for entire universe of world wide web using services.
                                                                               
  • Length: Atleast 8 characters long – passwords are like underwear, the longer the better. Passwords must be of minimum 8 characters long which is a standard in most of the websites today including Google accounts, Facebook, Yahoo accounts, Windows live services and others.
  • Complexity: Combination of these 3 things: alphabets (both lower and upper case) + numbers ( 0 to 9) + special characters (!@#$%^&*,;’”). However if your password contain only one special character, don’t put it on the first or the last of the password.
  • Impersonalize: Never ever try to include first name, last name, or slang or any word from the dictionary. Refrain from your date of birth, and email aliases. Never share your password with whoever they maybe – you might have heard “never let your soul to be heard by your wife.”
  • Dynamism: I know it is not that easy to change your passwords often, but try to give dynamism to your passwords every few months. Some websites like Windows Live Services (optionally) alert user to change security passwords every 72 days.
        Passwords are like Underwear
How to change a sentence to a good password?
Sentences can be good passwords with a little bit of trick. Using initial letters of every words (common words/conjunctions/prepositions at your discretion) can yield a good personalized password for your use. For example: I love my mom very very much could result into !L0v3mm<<m or any other version which you want – this password is not a word so has no meaning and couldn’t be found in dictionary, plus it is 10 character long with 3 special characters+2 numbers (apologizes to those guys who already use this example as a password – this has become very common password so get it changed if you want).
Another example from Yahoo Finance as explained by security guru Bruce Schneir- “Now I lay me down to sleep” might become nilmDOWN2s, a 10-character password that won’t be found in any dictionary. Making even more complicated is your job, of course!
SSL and Two-step verification: Even though these are not directly related to creating a good password, it is your responsibility to browse safe. SSL (Secure Socket Layer) is an encryption technology which prevents 3rd party from eavesdropping your communication with the website you are surfing in. Instead of surfing on standard http protocol, you should be able to surf on https one for SSL. For example – surf https://twitter.com/ and https://facebook.com/ instead of simply http://twitter.com/ andhttp://facebook.com/. Also, Google and Facebook have now implemented two-step user verification system – when you log into your account from any device that is not your normal computer, you need to enter a numerical code that Google sends to your phone (two-step verification uses cookies expiration to determine whether it is a new device or not, and limited to the same browser.) Read our article on how to enable Google account with 2-step Verification.
So nextime, you browse a site give SSL and authentication a prior importance – check if the website has https version and two-step user verification.
At the end, we post here an image displaying the most common and easy to hack passwords of all times, from some people call it atmosphere of passwords.
All time worst and easy to guess passwords

Comments

Post a Comment

Popular posts from this blog

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principl...

List of Company Slogans

·          3M : "Innovation" ·          Agere Systems : "How Communication Happens" ·          Agilent : "Dreams Made Real" ·          Airbus : "Setting the Standards" ·          Amazon.com : "…and You're Done" ·          AMX : "It's Your World. Take Control" ·          Anritsu : "Discover What's Possible ·          AT&T : "Your World. Delivered" ·          ATG Design Services : "Circuit Design for the RF Impaired" ·          ATI Technologies : "Get In the Game" ·          BAE Systems : "Innovatin...

My Article :- હેકર બનવું છે? કઈ રીતે?

મારી ૨ વર્ષ ની કારકિર્દી માં મને કેટલાય  લોકોએ, ખાસ કરીને કોલેજ ના વિદ્યાર્થીઓએ ઘણી વાર પૂછ્યું છે કે "મારે હેકર બનવું છે. તો હું શું કરું? " અને મારા બ્લોગ્સ માં પણ પૂછવામાં આવે છે કે એક સારો હેકર કઈ રીતે બની શકાય? એવું હું શું કરું અથવા તો મારા માં કઈ લાયકત હોવી જોઈએ એક હેકર બનવા માટે? આ પ્રશ્ન નો સંતોષકારક જવાબ આપવા માટે મેં internet પર શોધખોળ કર્યા પછી મને જે કઈ માહિતી મળી તેને હું આજે અહી રજુ કરું છું. મિત્રો, સૌપ્રથમ હેકર કઈ રીતે બનવું એ જાણવા પહેલા એ જાણવું જરૂરી છે કે ખરેખર હેકિંગ શું છે ? અને હેકર કોને કહેવાય. હેકિંગ ની સીધી અને સરળ વ્યાખ્યા નીચે મુજબ છે.  "તમારા કમ્પ્યુટર,નેટવર્ક(ઈન્ટરનેટ કે LAN દ્વારા) કે કોઈ ડીવાઈસ માં (ફોન, ટેબ્લેટ) માં કરવામાં આવતા ગેરકાયદેસર પ્રવેશ અને ઉપયોગ એ હેકિંગ કહેવાય છે."અને હેકિંગ કરતા લોકોને હેકર કહેવાય છે. હવે તમને થશે કે આવું શું કામ કરવું જોઈએ? આ તો ક્રાઈમ છે. તો તમને જણાવી દઉં કે હેકર મુખ્યત્વે ૨ પ્રકારના હોય છે.    વાઈટ હેટ હેકર્સ (એથીકલ હેકર્સ) : ધારો કે તમે તમારો ફેસબુક નો પાસવર્ડ ભૂલી ગયા(ખરેખર ના ભૂલતા ક્યારેય..)કે ત...