Menu
Is free
registration
home  /  Internet/ Strong password of numbers. What should be the password? How to create a username and password correctly

Strong password of numbers. What should be the password? How to create a username and password correctly

Hello my dear readers!

Frightened by the "horror stories" that evil hackers can crack the password from anything, the poor little user frantically begins to sort out all his passwords and wonder: will they crack or not crack ...

At one time, I asked myself a question: how to create strong password for all my services on which I am registered? And is it even possible?

How crackers work

First, let's think about how the hacking process works. In general, there are several main paths for an attacker:

  • look at a piece of paper, on which all passwords are written. Surprisingly, many users still hold a glued sticker on the monitor, which contains the password so cherished for the attacker. As they say, no comment ...
  • brute force... To put it simply, a simple enumeration of all possible options. How often do we see in films: special program lightning fast (or not quite lightning fast) picks up the right password. In fact, this is practically impossible. If the password is crypto-resistant, that is, it consists of a sufficiently large number of characters and contains capital letters and numbers, it can take a lot of time to find it;
  • getting remote access to the user's machine and view on it all the necessary information, including cookies and special administration files. Again, cinematic tricks don't work here.
    Receive full access to a specific computer - not that simple task and requires a certain approach to its solution. If your data is of little value, a hacker is unlikely to waste his precious time on your computer;
  • keyloggers- keyboard interceptors. They are especially used to gain access to payment information. Fortunately, the famous Kaspersky antivirus has in its arsenal virtual keyboard... So you won't be able to track keystrokes: there is simply no keystroke;
  • viruses... The advice here is: do not go where you don’t need, and don’t download what you don’t need. And if you do download, then install it on your computer good antivirus and trust in his power;
  • concerning mobile platforms , then most often they use either the same brute force or the method of intercepting packets over encrypted network channels.

Several rules for creating a strong password

So it's not all that bad. Nevertheless, almost every one of us must have come across the fact that his account on VKontakte or on the forum was "hacked", or even Odnoklassniki sounded the alarm ... As a rule, this is due to the simplicity of the password itself. There are special programs that already "know" standard kits passwords and generate their variations.

You can, of course, randomly run your fingers over the keys, "generating" password. Alas, even in this case, the algorithms of hacker programs select all possible options, albeit not quite fast.

I advise you to permanently abandon passwords that are repeated login. Fortunately, many services do not allow the user to set such a password at all. But social networks use either a number as a login mobile phone, or an email address. This greatly simplifies the life of an attacker.

And God forbid you from the names of animals, children, parents and dates of birth! Such passwords can be cracked by people even from the inner circle.

Some time ago, I used a method that I personally invented. Only later did I find out that I was not the only one so smart. Its essence lies in the fact that some phrase is invented in Russian. For example, "This password is strong." And then the keyboard switches to the Latin layout and the same is entered, but without spaces. It turns out: "" njngfhjkmyflt; ysq ". Is this a good method? Not really. Clever hacker algorithms have been aware of this method for a long time.

And in general requirements there are only three passwords:

  1. more signs. 8 - good, 12 - even better, 16 - great;
  2. be sure to use numbers. Moreover, both in the middle and at the end of the password;
  3. alternate between capital letters and regular letters. And in the same way - in the middle and at the end.

Password generators

And I also tried special services - both online and individual applications. Last Pass, for example, or here's another: RandStuff, Password Generator and a bunch of services with the uncomplicated name "Password Generator".

At first glance, they are all really capable of generating a random set of characters and numbers. But this is only at first glance accidental. An experienced programmer knows that a truly random generator does not exist, they all work according to certain algorithms. I won't lie that this is exactly the case, but I suspect two things:

  • knowing the algorithm used to generate passwords, it will not be difficult for a hacker program to trace this algorithm in the opposite direction;
  • some of these programs and services, oddly enough, serve precisely for hacking. The generated password is stored somewhere in a cache or in a cookie. Or, perhaps, it goes straight to the attacker's car.

Therefore, it is necessary to use only proven programs with an excellent reputation!

Now the choice is yours: use special programs or come up with complex passwords yourself. But in no case keep them on a piece of paper. Better create a file and save it to the cloud. Excellent cloud storage by the way, they provide other services as well.

Want to know all the computer secrets? And how to learn to communicate with a computer on "you"? In this case, you can order the multimedia training course “ Genius geek”, They will explain everything in the most accessible language and - what is most important - will clearly show how to apply the acquired knowledge in practice.

Be sure to share the link to this material with your friends via social media. networks so that they do not fall prey to intruders. Don't forget to subscribe to the blog update mailing list, which will notify you when a new article is revised. Be careful, see you!

Sincerely! Abdullin Ruslan

Welcome to the blog site! I have long wanted to write an article about what the password for an account should be so that it would be very difficult to crack it. This article will show you how to create a strong password. We will discuss techniques that will help you not only make your password safe, but also not difficult for you to remember.

Now we can no longer imagine our life without the Internet. Almost every site asks for registration. The most popular resources are social networks. Every day millions of users are authorized in their accounts. We run the risk of making a lot of mistakes by sending important data in messages. It's good when there is a complex password for VK or another popular social network, it helps to protect yourself from intruders.

Several methods to complicate the password

What should be the password? This question is being asked by hundreds of Internet users. There are the following types of passwords:

  • alphabetic;
  • symbolic;
  • digital;
  • combined (a combination of the previous options);
  • use of register.

The first three are not credible. It too simple ways create a password. Out of inexperience, we make mistakes and set them up. Okay, this will be a "password" for an account on a forum or some other similar place. And, if this is the entrance to the bank's office, all your money will be lost. The only thing that saves is that the security service of such sites has developed a system to reject light passwords.

Letters, numbers and symbols

A combination of letters, symbols and numbers is the safest kind of password. You need to seriously break your head to guess it.

Experienced "users" advise beginners to use this particular combination. Also, don't make it too short. A long combination will allow you to keep your data and correspondence safe from third parties.

The main thing is not to use the banal phrases below:

  • "123";
  • "123456";
  • "321";
  • "Qwerty";
  • "Asdfg".

These and other similar sets of characters from the keyboard are guaranteed to be hacked. They not only come to your mind first, but hundreds of people. They will be calculated not even by a special program, but usually by an ill-wisher.

How to choose a password for mail or other type of authorization? This issue is worth tackling on your own. Several more password complication options will come to the rescue.

Register

Before entering your username and password, you should pay attention to the case-sensitive case of some forms. Combining uppercase and lowercase letters will make your password more secure.

When composing a secret word, think about its variety. Alternate uppercase and lowercase letters one or more at a time. This method will seriously upset online villains.

The most annoying thing is if you yourself forget the order. By recommendation experienced users it is necessary to make the first character uppercase, the second - lowercase, and then alternate one by one. It is better to take note of this advice so as not to rack your brains later.

It is possible to do without the introduction of register features into the "password", but this is still another method to increase the password complexity.

Shifters

The date of birth that any user will remember is the most banal and simplest way. If you beat it correctly, it can turn out to be a good option. Using the "flip", many have managed to create a winning password that is unlikely to be solved.

The method is based on writing characters in reverse order. Choose any date, for example, when you were born and type the text in reverse. If you have conceived the phrase "081978", then turning it over, we get "879180". It's pretty easy to remember how such a password is spelled.

Consider other more complex ideas as well. Let's say your password is based on your first and last name. We type, already knowing the technique using the register - "PeTrPeTrOv". Now let's apply the tactics of "shifters". We apply the date, for example, when the user was born - February 21, 1982. Plus we add symbols to everything. At the end, we get the following example of a password - "PeTrPeTrOv! 28912012". The result was overwhelming, because for the "user" it is simple and easy, but not for intruders.

Check the strength and security of your password using online services:

  • https://password.kaspersky.com/en/
  • https://howsecureismypassword.net/

Encryption

What should be the password? Let's find out another great way. We will consider the principle of encryption. In fact, all the previously discussed methods have something in common with this. Here we will show what passwords are by encrypting phrases.

We take the most meaningless and unique phrase that will easily be memorized. Let there be "space cockroaches". You can use any lines from songs and poems, preferably not very famous.

Then we apply a cipher to our phrase. Let's consider several correct ways:

  • rewriting the Russian-speaking word into English layout;
  • "Changeling";
  • replacing letters with symbols that look similar (for example, "o" - "()", "i" - "!", "a" - "@");
  • removing paired or unpaired characters;
  • throwing out consonants or vowels;
  • addition with special characters and numbers.

So, let's think of a few words with the meaning - "space cockroaches". We take 4 letters from each, we get "kosmtara". Switch to English and retype - "rjcvnfhf". We complicate things by starting the cipher with a capital letter and adding symbols.

This is what the password should look like using the example of the originally conceived phrase - “ [email protected]».

A reliable combination with big amount characters. Password strength is checked using special services, for example, passwodmetr.com. The combination, as we managed to do not just guess the scammers, because the user's personal data is not involved. But for a "user" such a "password" is a godsend, since remembering such a strong password will not be difficult.

Generator

For those who do not want to spend too much time thinking, the developers have long invented generators complex passwords... This method provides some degree of reliability. The best are still considered "passwords" invented by their own mind.

What is a generator and how do I use it? it smart program, which displays random passwords - randomly dropped combinations. He uses many of the methods discussed, but does not take "flip-flops" into account.

The complex password generator is downloaded from the network. For example, let's take "keepass". Like any other generator, it is not difficult to work. The application and the generation itself are launched by pressing a special button. After the performed operation, the PC issues a password option. The only thing left to do is to write the resulting combination in an unchanged form or with additions.

Difficult passwords invented by an iron friend are very difficult to remember. Few people keep them in mind, more often they have to write them down. There are usually a lot of passwords, because we do not sit on one site and constantly register again and again on other resources. Therefore, it is not convenient for everyone to store a bunch of such information. You can completely lose all the papers with notes.

There is one way out with storage - to print them in a computer file. This is one of the safest cases. One has only to remember that the PC system is not eternal and also deteriorates.

All methods of creating complex passwords have already been discussed above and you can create a password for Email that will reliably protect your data from third parties.

Here are some useful tips for creating passwords:

  • not to mention personal information about the user (name of relatives, nicknames of pets, phone numbers, addresses, dates of birth, etc.);
  • you cannot use the Cyrillic alphabet in the password;
  • do not use phrases that are easily calculated using a dictionary of popular passwords (yastva, love, alfa, samsung, cat, mercedes and others like them, as well as their other derivatives and combinations);
  • take into account the length of characters - preferably at least 10;
  • complicate the password with a combination of various methods - upper and lower case letters, numbers, symbols;
  • do not use the most frequent passwords - patterns, think in an original way (a robot that calculates your password cannot be as smart as a person).

What to put the password.

Everyone faced the problem of choosing a password - password.

And so that he would not be lost in memory, and so that no one would be indignant, and so that he would be imitation-resistant - unbreakable. A lot can be written about ciphers and passwords. However, in addition to the unique and "correctly" composed password, it is also necessary to methodically correctly organize its storage and administration. On the other hand - paranoia, and even if you forget it ....

Cracking a password is difficult, but possible. Complicating the work of crackers can be quite serious.

"One" of the largest social networks reported that almost every day, out of more than a billion attempts to enter the system, more than 600 thousand are made by attackers who try to gain access to other people's messages, photos and other personal information.

The American Internet company SplashData has compiled a list of the most stupid and weak passwords used by people around the world. Unfortunately, many users use exactly them - to make it easy to remember.

The most idiotic and, at the same time, dangerous was the password "password" (password).

In second place is the combination of numbers "123456", in third - "12345678". The words "football" and "superman" have crept into the rating.

12345678

trustno1

baseball

I love you

sunshine

passw0rd

superman

Experts urge you to be more careful and not use the same password for mail, Internet banking and other online services. Experts in the field information security warned users not to use the same login-password pair for several different sites. A strong password must be at least eight characters long, including upper and lower case numbers and letters, and special characters (such as underscores, dollar, or percent).

It's much easier to hack programmatically simple passwords, but complex brute force methods are very difficult.

Simple advice for choosing a relatively strong password.

We take any word. Let's say the name of a loved one (s) or the nickname of a pet. We switch the keyboard to English.

We look at Russian letters and type this unforgettable name.

Of course, with a capital letter!

For example, the name of the dog Sharik is converted to Ifhbr

Miranda's name -> Vbhfylf

It's easy to remember and hard to pick / hack.

To complicate things, you can use the title of your favorite book (songs and so on). Moreover, if the name contains a numeral - that's great! After all, it is possible and even necessary to write this numeral as a number. In this case, spaces can be skipped or replaced with an underscore _

For example:

3veirtnthf -> Three Musketeers

100ktnjlbyjxtcndf -> One hundred years of solitude.

123456, 11111, etc.

qwerty, phyva, abc, "password" / "password", etc.

name (your, loved ones, pet ...)

date of birth (your, loved ones, pet ...)

phone number

And:

the minimum acceptable password length is 8 characters

the password should be meaningless

Why is this so important when choosing a password?

Let's consider each of these positions separately.

Briefly on the first 2 points. These passwords are elementary, common and known to any hacker, rest assured that this is the first thing a person trying to hack into your account will try.

To get an idea of ​​the rest of the positions, let's plunge into the depths of the problem and try to look at everything from the inside.

Any password that you enter during registration, before entering the storage, is necessarily encrypted. There are many algorithms for such encryption. Using the example of the most common of them, one-way MD5 encryption, let us trace the path of our password from registration to its cracking.

So, after encryption, our password takes the form of a HESH (checksum), which in our case consists of 32 specially received characters and looks like, for example: "202cb962ac59075b964b07152d234b70" for the password "123".

If a cracker manages to gain access to the storage and get the HESH of our passwords. Then he is faced with the task of decoding them. In this he will be helped by special software, which can be easily found on the Internet.

Any program for decrypting passwords of this type acts by brute force: full (Brute force - Brute force), according to the mask. This task, depending on the complexity and literacy of the password, can take from a few seconds to several days, months or even years.

Using a standard PC (CPU: 3 GHz) and software (PasswordPro) "House of Soviets" decided to test the stability of a line of passwords of different lengths and contents.

So, passwords consisting of numbers will be the first to surrender.

Password: "1234"; search time< 1 c.

Password: "1234894"; search time< 1 c.

Alpha passwords will last a little longer.

Password: "adfp"; search time = 2 s.

Password: "adrpsdq"; search time = 22 min. 1 sec.

The combination of lowercase and uppercase letters will significantly increase the time, but still it remains insufficient, given that several PCs can work on decryption at once.

Password: "aBst"; search time = 5 s.

Password: "fdQnnHF"; search time = 1 day, 22 hours 13 minutes.

And the most ideal option would be a combination of uppercase, lowercase letters, numbers, special characters(usually "-" and "_") and with a length of at least 6 characters.

Password: "As_3"; search time = 7 s.

Password: "fN4u-3k"; search time = 11 days, 13 hours 27 minutes.

Password: "fN4u-3kS8"; search time> 1 year.

The search can be performed not only by periodically combining printable characters, but also by a certain list of words, a password database, which can include both a dictionary, for example, Dahl or user passwords stolen from other sites, and your personal data prudently found on the Internet. Therefore, it is important that the password is not meaningful and does not contain such obvious data as the day, month, year of your birth, the names of yours and your loved ones, etc.

Is it safe to store the password on the computer?

No. Exists great amount programs (Trojans, Keyloggers) that are able to search valuable files on your hard drive, connected flash card or take notes on the keys you pressed and send the obtained information to its owner.

Crack the password. It is possible, but now it is difficult.

Even if you are protected by Firewall and antivirus with the latest update, it is better to play it safe and store really important information in a paper notebook.

And then there is the letter ё!

Which password to choose.

May 1, 2011 at 07:49 PM

A simple and secure password - collective creativity

  • Information Security

After reading a lot of related literature and looking at a ton of habratopics (links to interesting ones are given at the end of the article), I decided to summarize information about the main methods for generating a reliable and memorable password.

To begin with, I myself use the wonderful KeePass program to generate and store my passwords. Its functionality is enough for all my modest webmaster needs. Its main drawback is the fact that it also requires you to remember one master password. Therefore, all this fuss about inventing a password also concerns me and all the happy owners of the KeePass program or its analogues, tk. you still have to come up with one password.

Let's talk about hacking methods

To understand the full depth of the problem, I will devote a couple of lines to the hacking technique. So how can an attacker find out / guess / guess your password?
  1. Method of logical guessing. Works on systems with a large number of users. The attacker tries to understand your logic when composing a password (login + 2 characters, login, on the contrary, the most common passwords, etc.) and applies this logic to all users. If there are many users, a collision will occur very soon and the password will be guessed;
  2. Dictionary search. This type of attack is used when the password hashed database is leaked from the server. It can be combined with the substitution of letters (typos) or with the substitution of numbers / words at the beginning or end of a word as a prefix or suffix. Also, dictionaries typed in the wrong keyboard layout are used (Russian words in the English layout);
  3. Brute force on the table of hashed passwords. An advanced method of cracking passwords, when hashes have already been generated and all that remains is to find a match between the hash and the password in the database. It works very quickly even on weak machines and leaves no chance for owners of short passwords.
  4. Other methods: social engineering and social engineering, using keyloggers, sniffers, Trojans, etc.

Password strength

Summarizing the information obtained from various reliable sources, I will highlight the main features of a password resistant to cracking (by cracking, I mean brute force on the hash bases, when the hashing algorithm is known in advance):
  1. The length of the password (the more, the better), for advanced cases it is recommended to use a 15-character password;
  2. Absence of dictionary words and parts of common passwords in the password;
  3. Lack of templates when composing a password (by a template I mean a logical algorithm for generating a password, for example: "Med777vedev", " [email protected] ytsu @ 21 "or even" q1w2e3r4t5 ");
  4. Stochastic sequences of characters from various groups (lowercase, uppercase, numbers, punctuation marks and special characters);
However, we are all people with rather limited abilities to memorize incoherent information, therefore passwords that fit the parameters described above, although they will be very resistant to hacking on the one hand, but, on the other hand, they are very difficult to remember. Therefore, we will consider less paranoid options for composing and remembering passwords.

How do people remember their passwords?

Having analyzed the methods of generating passwords for habra people, I came to the conclusion that the main methodology for remembering a password is based on compiling a logical or associative series. All kinds of word distortions are also used. It can be:
  1. Domain names interspersed with login ("gooUSERglcom", "UmailruSer");
  2. A certain standard phrase that is attached to the domain ("passgoogleru", "passhabrahabrru");
  3. A common word interspersed with significant numbers and other signs ("", where 32167 is a cheat that summoned 5 black dragons in Heroes of Might & Magic);
  4. Russian words in the English layout (", k.lj)