Your password is the key to the building of your online fortune and offline personal data, if your password is hacked or stolen, the other ones can access to your accounts without your authorization, it’s hard to imagine what the result will be! Today we round up 5 password security tips for you, as seen in the following sections:
1, Keep your system clean
If your computer is infected by viruses or rootkits, then all the strategies below are totally useless. If you are a Windows user, a firewall software and an antivirus software is definetely must have security tools. If you are heavily relying on your computer for your daily income, it’s highly recommended to encrypt your entire hard disk with the inherent encryption feature of Windows 7 – bitlocker. If your operating system is Windows XP, Mac OS X or Linux, TrueCrypt can help you.
2, Generate a strong password
To prevent your password from being hacked with social engineering, brute force or dictionary attack method, you should notice that:
- The password should contains at least 8 characters, it should consists of both numbers and letters.
- Do not use the names of your families, friends or pets,
- Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, etc.
- Do not use the most commonly used English words.
- Do not generate it with online tools.
To create a hard-hacking password, there are many strategies and tools available:
- Create passwords with a random password generator such as PassworG( review, download) or PWGen( review, download ), both of them can produce batches of strong passwords.
- Construct a password with the first( or last ) letters of the words in a sentence. For example, “5 Password Security Tips and Strategies for Your Digital Life” becomes 5PsTaS4YdL or 5dYsDSrRle.
- Use an old-school tabula recta, please refer to this article for more information.
- Use the MD5( or SHA1, SHA256, WHIRLPOOL, CRC32, etc. ) checksum of a string as your password, for instance, “123456″ should not be used as a password of any account, but “D4541250B586296FCCE5DEA4463AE17F” – the MD2 checksum of “123456″, is more reliable.
- Use the combination of the above tools and methods.
3, Encrypt and hide your passwords from prying eyes
You should not give your passwords to your friends and colleagues, never write them down on a piece of paper. Instead, you should store your passwords in an encrypted text file or database. Saving them with the online password managers is not recommended. Simply saving them in a plain text file encrypted with 7Zip, AxCrypt( download, review ) or TrueCrypt, or managing them with a desktop application like KeePass is more secure.
4, Use your passwords carefully
- Do not use the same password on multiple accounts.
- You should not let your browsers( FireFox, Chrome, Opera, IE, Safari ) or FTP client programs save your passwords, any password saved in the browser can be revealed with a simple click using a script like this one. Meanwhile, there are lots of desktop applications that enable you to show the passwords hidden under the asterisks.
- Do not login important accounts with a public computer or a machine of other guys.
- Do not use the HTTP or FTP connections, because the username and password in the message of a HTTP or FTP connection can be captured easily with a network protocol analyzer like Wireshark, which means that the password can be sniffed or hacked with very little effort. During our tests, all the passwords passed through the FTP connection of FileZilla or the HTTP connection of CPanel are successfully captured. To block attackers access to your critical accounts and information, you should use HTTPS and SFTP protocols. Suppose that the HTTP address of a URL is http://www.example.com, the HTTPS address of it is https://www.example.com. If you are a webmaster, and the address of your CPanel is http://184.108.40.206:2082, the HTTPS address should be https://220.127.116.11:2083/, and the cPanel WHM address is https://18.104.22.168:2087/.
- Pay attention to the keyloggers and screen captures. Your password can be logged by software keyloggers like BlackBox Security Monitor Express, hardware keyloggers( PS/2 and USB hardware keylogger ), screen recording utilities and camcorders in the background without your notice.
5, Change your passwords every 90 days
It’s a good habit to change your passwords regularly, thus even if a password is cracked( for example, your Sony PSN password ), it will not affect you soon.