A few days ago Prism published a list with the worst passwords where as expected you can find words such as ‘password’ , ‘123456’, ‘dragon’, ‘sunshine’, etc. As obvious as it might be not to set your password to ‘password’, many people still do - taking the chance of anyone guessing their passwords and gaining access to their accounts and services. The focus of this article is teaching the readers and our clients on how to create a stronger password.
Selecting a good
password is critical and it depends at parts on the product for which the password
will be used.
For most hosting
products & services the following minimum criteria must be meet:
• Linux Web Hosting with
cPanel control panel: the password requirement is a
minimum length of 6 (six) characters.
- Windows Web Hosting with WebsitePanel control panel: the minimum password length must be 8 characters one of which must be a number.
• For Windows Web
Hosting – email server Smarter Mail the requirement for email
password is at least 8 characters in length and a maximum of 20; other
requirements is at least one special symbol, and a combination of upper and
lower case letters.
• For Windows Private
JVM (Tomcat) manager NGASI you will need to select a password
with at least 8 characters; the password needs to include also special symbol.
As you can see from
these requirements your “good password” at the very least
should be 8 characters long.
Below are some good
practices on how to pick a strong and more secure password for your products
and services:
1) Find a word that has a certain meaning for
you and then replace all the vowels with special symbols and numbers – for
example ‘a’ with ‘@’, ‘o’ with ‘0’, etc. This
replacement doesn’t have to follow any rules available on the net, as
long as you are able to remember it.
Do not be tempted to use
the numbers on your phone to replace the letters. Though this technique is part
of the Leetspeak (replacing letters with numbers) it is pretty easy to be
hacked. And in any case, do NOT use your username or your first name as a base
for your passwords! I know it is tempting, but this is the first thing a
hacker would try if decided to break your account.
For example: grapefruit becomes Gr@p5fru#t … not bad,
right?
2) Select a password length with which you feel comfortable
with. You will be requested for at least 6-8 symbols in most of the cases, so
pick a pass longer than that. The rule of thumb is that the longer the
password, the more difficult it is to be hacked. The most common length is 8
characters, but you should try to make it longer if possible (and if you can
remember it). A good and is way to extend the length of your pass it to add numbers
to it. Make sure that the sequence of numbers is easy for you to remember, and
do not use your birthday as a sequence or the last 4 digits of your phone
(since it can be easily guessed) – you can pick a date or a number that has
some meaningful for you, for example the year in which you bought your first
car or you have started your first job.
For example: bicycle could become B#cycle2003 (don’t
forget to include at least one special symbol and one upper case letter)
3) Another often recommended method is
shortening a sentence into a word. How does this work? You make up a sentence
which is very easy for you to remember and then you take the first letter or
the first two letters of each word and create your “good password”.
You can even create your own algorithm – for example you can take the first and
the last letter of each word, or the first letter from the first word, the
second from the second word and so on. The only limitation here is yourself and
with which codes you will feel most comfortable. If you decide not to
substitute a letter with a number, you can always add one at the end.
For example: ‘My first pet was named Jessy’ becomes
m*ftptwsndJ*1
4) Once you have shortened your sentence in a
single word, you can create different combinations and use them for different
services/accounts
For example: the word m*ftptwsndJ*1 can become
“m*ftptwsndJ*1fb” or “m*ftptwsndJ*1gmail”
5) Instead of shortening words you can simply
add couple of words together using a special symbol. For example: Jessy and orange
can become “J52sy&0r@ng5″. Here I have used & as the link between the
words and have replaced ‘e’ with 5, ‘a’ with @, ‘o’ with ‘0’ and the double ‘s’
with 2s which is one way to represent double letters.
6) Use upper and lower cases – you can pick a
word such as “grapefruit” and you can change every second letter to be
capital. In this case “grapefruit” will become “gR@P5FrU#T”
7) Use misspelled words – especially if you
tend to make a mistake when entering your password, you can take advantage of
this.
For example: grapefruit can easily become grapwfruti,
which will turn into gr@pwfrut#1
As a summary to be
considered good password it has to be at least 8 characters
long; contains both upper and lower case characters, and has special symbols
and numbers in it. It’s a good advice not to keep your password stored in your
computer or on a piece of paper because you never know in which hands it might
fall into. Try to memorize one strong password, and use different variations of
that password for different accounts. If you can trust your memory the best way
will be to have different passwords for your most important accounts and even
better to change them on a regular basis. How many passwords you would
have mainly depends on the risk you are willing to take and on the number of
passwords you feel comfortable remembering.
In any case, I think
that we all agree that we should not use the word ‘password’ for any of
your services and online accounts. If you are in love with this word and insist
on using this word, only a couple of changes are needed and you can end up with
your “dream” password. For those of you, who have very complex passwords, good
job; for the rest, now is the perfect time to change your existing passwords so
that nobody can crack your accounts, or at least make it very difficult to do
so.
Just so that I can
support the above password examples , I have tested each of them with the
Password meter tool from http://www.PasswordMeter.com –
here the results of these tests:
Password
|
Score
|
Complexity
|
Grapefruit
|
8
|
Very Weak
|
Gr@p5fru#t
|
93
|
Very Strong
|
Gr@pwfrut#1
|
91
|
Very Strong
|
gR@P5FrU#T
|
98
|
Very Strong
|
Bicycle
|
8
|
Very Weak
|
B#cycle2003
|
100
|
Very Strong
|
m*ftptwsndJ*1
|
99
|
Very Strong
|
m*ftptwsndJ*1fb
|
100
|
Very Strong
|
J52sy&0r@ng5
|
100
|
Very Strong
|
Password
|
8
|
Very Weak
|
P@2sW0Rd
|
84
|
Very Strong
|
Now that you know how to
select a good password we recommend that you take your time
and update all of your account service passwords. We do strongly encourage all
of our clients to pay specific attention to the following passwords: Control Panel, FTP, Email, Database, and at
highest importance to any remote management services such as SSH or
Administrator RDP access (for VPS and Cloud Clients).
We hope that you find
this article useful. We would love to hear your comments and feedback in the
comments section below. or contact
us directly
No comments:
Post a Comment