Most people do not care about the strength of their password especially the noncomputer geek. It is not rare to see people use weak passwords like ‘123456’ , ‘password’ or even their preferred TV actor or meal. Such passwords are very easy to crack , especially when a determined hackers use brute force tools to make as many as thousands of guesses per second (this largely depends on the processing power of used machine) to crack your password.
A Strong password is vital for keeping us safe online if a miscreant stole our password he can do a lot of bad things , like stealing money from our bank account , sending emails from our email account, stealing secret information from our job accounts and many other evil things.
In the following lines we are going to describe best practice for choosing a strong password for our account , we will also list some free software/services for generating strong passwords.
Strong P@ssw0rd Guidelines:
- Has at least 20 characters length
- Contains small letters
- Contains uppercase letters
- Contains numbers
- Contains Symbols like {+ _ – * & ^ % $ # @ ! ~ ` ” ; : / | , < > ? }
- Does not include your date of birth
- Does not include your name , either the first name , last name or middle name
- Does not include any of your family member names
- Is not your girlfriend name
- Do not use a sequence of letters abcdefgh or a sequence of numbers like 123456
- Does not include places names , cites , countries , street names ..etc
- The name is not included in a dictionary (example , school , tree , hotel , swim ..etc)
- Is not a common name (like famous movies names , famous actors , political leaders , famous people worldwide..)
- Is not like your old passwords
- Do not use a free online service or any automated tool to generate your most important passwords like Bank account password or your medical health online record.
Free Password Generation online Services
- http://strongpasswordgenerator.com offers a free service for generating secure passwords , the new generated passwords is generated on user browser and does not travel across internet to reach user computer.
- Random Password Generator:The passwords generated by this form are transmitted to your browser securely (via SSL) and are not stored on the RANDOM.ORG server.
- PC Tools Password Generator: The PC Tools Password Generator allows you to create random passwords that are highly secure and extremely difficult to crack or guess due to an optional combination of lower and upper case letters, numbers and punctuation symbols.
Free Random password generation tools
- PWGen is a password generator capable of creating large amounts of cryptographically-secure passwords or passphrases (from word lists). It uses a random pool to gather entropy from user inputs and system parameters. Offers text encryption and random data file creation, too.[32-bit Windows versions (9x/Me/NT/2000/XP/Vista/7)]
- Password Generator: allows to generate any quantity of passwords with one mouse click, it also helps you to create more difficult passwords that can help in protecting your identity from potential harm.[Password Generator works under all modern versions of Windows, including Windows 7, Windows Vista and others.]
- SoftFuse Password Generator Free is a freeware program designed for generating random passwords easily and quickly. Using SoftFuse Password Generator Free, you can easily create random passwords up to 128-character length and passwords’ hashes. While generating a password, you can use letters, digits, uppercase and lowercase characters, as well as their combinations.
How hackers break your Password?
Passwords generally are saved in one of the following formats
- Plain Text: in this method , system stores the password as it is in a file or database , this method is not secure at all , if a hacker entered to the file or to database where the passwords are saved he can view all passwords.
- Hash: This is the most secure manner in saving passwords , in this scenario the system is modifies the plain text passwords and convert it to a hash using a complex algorithm , this hash is then stored in file or database , the hash is a one way formula as there are no way to retrieve the password again from its hash , thus making it more secure.
- encryption: This method uses the same technique as plain text , however it add an important security aspect in encrypting the stored plain text password with a secret key , here only the person who have the key can decrypt the password , this method is not that secure as it leaves all passwords in system / database viewable by a miscreant who have the master key /password of the database/system.
Further reading on Password saving methods could be read here
- Plaintext [http://en.wikipedia.org/wiki/Plaintext]
- Hash [http://en.wikipedia.org/wiki/Hash_table]
- Encryption [http://en.wikipedia.org/wiki/Encryption]
Hackers can know your password using one of the following techniques
- Password Guesses
- Dictionary attacks
- Rainbow tables
- Brute-force attacks
- Social engineering
- Other Methods
Further references on the subject could be found below
Password Default List
- Default Password List [ http://www.phenoelit-us.org/dpl/dpl.html ]
- Default Password List [ http://www.searchlores.org/defpasslist1.htm ]
- Routers Default Password[ http://www.routerpasswords.com ]
Secure Password Storage
- KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
- Password Safe allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single “Master Password” of your choice in order to unlock and access your entire user name/password list.
- KeePassX is an application for people with extremly high demands on secure personal data management. It has a light interface, is cross platform and published under the terms of the GNU General Public License.