Most people do not think when they create new password. They think it's easiest to come up with a short, easily remembered password or even use one password for all of your accounts. After all, an ordinary person is unlikely to be able to guess it.
However, hackers often use special password cracking programs that pick up a lot of passwords until they find the right one. The easiest way is to select weak passwords. You can greatly reduce the likelihood of hacking your account with your personal or financial information, creating a strong password.
The most common errors when creating passwords
Many people create passwords based on the names of spouses, the name of a hobby or some simple template, since such passwords are easy to remember. Unfortunately, it's just as easy to hack them. To create strong and strong passwords, you should avoid such errors.
- Never use personal information, for example, your name is the birthday or the name of the spouse. Such personal information is often publicly available, so it's easy to pick up such a password.
- Use long password . The password must consist of at least 6 characters, and for additional security, the ideal minimum will be 12 characters (if the system allows this).
- If you need to write passwords, keep them in a safe place. It is very good if you encrypt your passwords or write down for yourself only some tips that no one else can understand.
- Do not use the same password for all accounts. If someone selects a password for one of your accounts, then all the others will also be at risk.
- Try to use the password numbers, different symbols, lowercase and lowercase letters (if the system allows this).
- Avoid the words contained in dictionary. For example, the password "swimming1" will be weak.
- Passwords that are randomly generated (random passwords) are the strongest. Use the password generator instead of coming up with the password yourself.
- Random passwords are harder to remember, so it's worth thinking about mnemonics. For example, the password "H = jNp2 #" can be memorized as "HARRY = jessica NOKIA paris 2 #". It also looks like a random selection, but after some practice you will easily remember everything.
Using Password Managers
Instead of writing passwords on paper, where anyone can see them, you can use the password manager to encrypt and save them online. Some password managers can also generate random passwords, making your information even more secure. Examples of password managers are LastPass, KeePass, RoboForm, managers firefox passwords and Chrome.
For example, when you use LastPass, you must first install the LastPass plug-in for the browser. After that, whenever you enter a password, the manager will ask whether to remember it. The next time you log in to a site whose password is stored in the manager, LastPass can automatically enter it. If someone else will use your computer, then you only need to log out of LastPass.
How to come up with a strong and strong password
1. Use a different password. This means that your password must consist of at least 6 or more characters. Use all kinds of signs: letters, numbers, punctuation marks. For example, instead of the word WELCOME, you can apply the catchy version of W3Lc0mE ^ 9.
2. Use a long password. Passwords longer than eight characters are very difficult to crack.
3. Do not use the same passwords on different sites. Since, if your one account was hacked and your password was recognized by an unauthorized person, then he will have the opportunity to steal another your account with the same password.
4. Do not use your personal data as a password: date of birth, phone number, mother's name, or similar information.
5. Make up a password consisting of characters. So it will be more reliable, unlike the alphabetic password.
6. When using an account on someone else's computer, you should never save your password in the browser. Otherwise, an outsider can use your data.
7. Always register mailbox on a trusted and secure site. It is advisable not to enter the e-mail client by reference. Even if the e-mail client seems reliable, you need to type the URL in the address bar and only then enter your page. This will protect your account from hacker attacks.
8. Do not allow different applications to save your passwords. Periodically clean your browsing history and saved passwords.
9. It is desirable to change passwords on sites as often as possible. The passwords of the most important services, such as various on-line accounts, need to be changed even more often.
10. Do not share information about your secret passwords, even the closest people.
11. On the N-th number of resources, it is possible to use a phrasal password. This is the most reliable kind of password. If you can not use certain phrases or signs, you can come up with another stronger combination.
For example, such a phrase as "My son is 17 years old," can be interpreted as a combination of the first letters of each word (msc17l). In addition, you can add other numbers or letters to the password, or change the case by a symbol, or arrange them randomly: McL7C. Such a password is hard to forget.
How to check the reliability of your password?
There is a list of sites with which you can check the reliability of your password. For example, Microsoft's Password Checker will check the degree of complexity and reliability of the password. Resource advises that a more reliable password will be one that has 14 characters and contains small and large letters, numbers, other symbols
In today's society, we often have to think about security, both physical and virtual. Often happens, that neglect of protection of the electronic data, pours out in unpleasant consequences, such as theft of personal files, and even "stealing" of boxes.
Well, since the button "I forgot the password" or "remind the password" hides nothing more than the function of sending a password to your mailbox - it's about the mailbox that we'll talk about.
Obviously, having a safe mailbox is a guarantee of your peace of mind on the Internet. Why?
Precisely because passwords are sometimes forgotten and they have to "remember" (I hope you do not use the same password for all your registrations?;)).
And yet, because in order to "catch" almost all of your passwords to all sorts of social networks, forums and other interesting things, just look in your box!
A reasonable question arises - how to create secure password?
Try to take into account several key points:
- Password must be at least 6-8 characters long.
- Try to include in the password big and capital letters, numbers and punctuation marks.
- Use different registers when typing.
It is not necessary to perform all listed points, it is likely that any combination of them will suit you. The main thing is to get the result with your eyes closed, without errors, "in one go!" :)
A few words about the most common mistakes:
From the series "unacceptable" - repeat login, nickname of the dog or cat, name + year of birth, mother's maiden name, etc., these same combinations should not be used in control questions!
From the series "easy to break" - normal Russian or non-Russian words, even with the switched register Rus / Eng.
A few words and turn to practice:;)
Many use passwords in their digits alone, not realizing that such a password can be easily cracked by a special program, even there is a term called the brute force method - brute-force cracking based on password recovery, many programs designed specifically for this goal. And, consequently, if your password consists of only digits, and length, say six characters, then it will not be too difficult for the program to sort through all possible combinations.
Regarding the so-called "sotsialok", or social networks, such as "my world", "in contact", "classmates", etc.: Pay attention to how much personal information you leave there, how fully you can see all your contacts and preferences, calculate your inclinations, future actions, possible errors and reactions. Is there such a trusted person in your entourage who would be allowed, say, to look in your personal diary or read your poems?
The paragraph above was, so to speak, "lyrical digression", food for thought for inquisitive minds :), let's return to the additional settings of our mailbox:
We recommend using a foreign box on Google (http://www.gmail.com), because there is a mode of data transfer using https protocol, which is extremely useful for your security.
The following instructions are applicable when working with mail directly from the browser via the web page of the Gmail site.
Settings of mail programs via SSL (secure connection) remain unchanged.
The Gmail system made it possible to work with the electronic address in the usual mode (http). Operation in the normal mode is done by default, i.e. when sending mail from the Gmail system, mail is always sent in clear form, even if we specified secure mode (https) when logging in, which is not acceptable for the transfer of confidential information. Therefore, you need to make special settings for working in protected mode (https). To do this, you must perform the following actions:
1. Enter the mailbox on the Gmail system's website www.gmail.com specifying the username and password.
2. Having access to the e-mail address, we enter its settings.
3. The e-mail settings page.
4. In the "Browser Connection" section, select "Always use https" and save the settings.
After these changes, send email From the email address on the site of the Gmail system will always be executed in a secure mode. Protected mode will be enabled even if you forgot to specify https in the address bar of the browser, because the Gmail system itself will switch the connection to safe mode.
At this point, you can stop :) Let me remind you, all of the above is quite big, but, just the tip of the iceberg with the name Your Personal Network Security. To begin these precautions will be enough.
Enjoy your surfing! If you have any questions - do not be shy, ask!
Strong passwords
Require a strong password
By default, MDaemon requires you to come up with a strong password when creating new accounts or changing the old password. Remove the label from the field to disable the strong password requirement.
A strong password should:
Minimum password length (at least 6 characters)
This option allows you to set the minimum password length, which will be perceived by the system as reliable. The minimum value of the parameter is 6 characters, but it is recommended to specify a larger value. Changing the setting will not affect the existing passwords, which can be shorter than the specified minimum. However, the next time the user wants to change the password, he will be exposed to the new requirements defined by this option.
Edit bad password file
Click this button to edit the bad password file. The entries in this file are not case sensitive and can not be used as passwords. Here you can use regular expressions (lines must begin with the symbol "!").
Forced change of unreliable passwords
Click this button to enforce the forced change of all unreliable passwords used by accounts. Each account with an unreliable password will be locked before changing the password. The password can be changed by the administrator through the MDaemon interface, and blocked users can change the password from WorldClient or through the remote control interface. If you try to connect to the old password, the user will be prompted to create a new password before he can continue working.
Report unreliable passwords
Click this button to generate a report for all MDaemon accounts that use unreliable passwords. After clicking on the OK button the report will be sent to the address specified by you.
Password Settings
Password expiration, in days (0 = password expiration is not limited)
This option allows you to set the maximum number of days during which the account can not change the password. The default value is "0", meaning that the password is not limited. If you limit this period, for example, to 30 days, then the user will have to change the password within 30 days from the last editing account at graphical interface MDaemon or since its last login to the server using POP, IMAP, SMTP and WorldClient (after a password change, the 30 day count starts again). If the user does not change his password, he will be unable to connect to the server through POP, IMAP, SMTP, WorldClient and Remote Administration. The user will be able to connect to WorldClient or Remote Administration, but to continue working, he will be prompted to change the password. You can not change the password from an email client, such as Outlook or Thunderbird. Many email programs do not show details when a connection to the server fails, so users may need administrator help to deal with the problem.
Daily notify the user about the expiration of the password within days (0 = never)
When the password expires, the user is sent a reminder to change the password. This option specifies how many days before the password expires, MDaemon starts sending such reminders daily.
Remember such a number of old passwords (0 = do not remember)
Use this option to specify the number of old passwords that MDaemon server stores for each user. If you change the password, the server will not allow you to reuse the old password. The default value for this option is "0" (disabled).
See also:
Very often, users protect their data with too simple passwords so that they can be easily remembered and typed. We've picked up some tips to make your passwords simple for you, but difficult for the burglar. Let's work out together how to come up with a password and how to protect your accounts from scammers.
First of all, it's worth to divide the password protected accounts into categories - for example, for a local system it's useless to think up super complicated passwords, because having physical access to the machine to steal your data will not be absolutely difficult. Another thing is if your machine has open remote access, then it is already worthwhile to think about a more reliable password. To protect your e-wallet, you should also choose good password. But that way of generating which I want to offer you is suitable absolutely for any kind of accounts.
How to not forget the password
The first recommendation is never to save passwords from online services (various email services, social networking accounts, forums, sites) in your browser! For it is banal you can forget it. And on some services, password recovery is a very time-consuming procedure. Use some place where you will store passwords from all your accounts is also not a good option. Although, for passwords from accounts that are not of particular importance, it is quite suitable.
All passwords should be kept in mind. It perfectly trains memory. If you do not save passwords in the browser, then you will have to constantly type it. Thus you will never forget it, for it will be remembered not only by your brain, but also by your fingers. It may seem too difficult for you - every time you type a password. But this is only the first n times (n depends on your typing skill on the keyboard.) By the way, the constant input of passwords manually contributes significantly to improving the skill of blind printing.
Characters for passwords
Never use passwords-phone numbers, close names, dates of birth, and the like. Why? Yes, such passwords are easy to remember, because you already know them - you just need to remember that this is your password. But the fact is that there is such a way of recognizing passwords, called social engineering. One of the most effective and frequently used methods of hacking. An attacker can easily find out these phone numbers and dates of birth and you can rest assured that he will try them as a password from your account.
I do not think it's worth mentioning the various qwerty, 1234, 09876, zaqwsx and other keyboard patterns and sequences. But I'll tell you - that these things are tried in the first place. Also worth mentioning about the various - admin, user, password and others. And the most stupid password is the same as your login, because the login (user name) is usually open. This option will be tested by the attacker the very first. The same applies to different variations of your name, login.
Well, in principle, the basic requirements for the password - what it should not be. It remains only to come up with one that meets all these requirements and at the same time was easy to remember.
Number of characters in the password
Password must be more than 6 characters. Those that are smaller are unstable to brute force (brute force attack, brute force method). The password should not be any meaningful word - again, then it is unstable to another sort of search - brute force in the dictionary. However, our password generation method allows us to come up with very long and complex passwords and never forget them. Even generate a password of 16 characters and remember it will not be difficult for you. For example: lk1yysqGfh0kmB3itcnyf9wfnbCbv80k08. There are 34 symbols, but it's easy to remember it, if you know the way of generation complex password. What can I say about passwords of 6 or 8 characters.
Generating passwords. Easy without programs.
It turns out that there is nothing complicated in this. So, let's say you register on some resource, say a mail service. To generate a good password, think up a phrase in Russian, which is associated with the resource on which you register. In our case it's mail. Suppose we took the phrase "here is my mail". Such a complicated thing to forget is not it? For when checking mail you will remember this phrase automatically. This phrase will be your password. But in its original form, it is not suitable for this role. It is very rare to have passwords consisting of several words, so it's better to throw them out of our phrase. We get "here is the mail".
Russian phrase in the English keyboard
Now a feint with our ears - we write this phrase in Russian letters, as it is without blanks BUT! in the English keyboard. We get "pltcmkt; bnvjqgjxnf". Now that's more like a real password, is not it? God forbid you try to remember this sequence! As you already understood, it is enough to remember the original phrase in Russian and you will never forget your password. And where the power of the password is not critical, it can be used directly in this form.
Replace letters with numbers
But you can change it further. Let's add the numbers there. We take your original phrase, in Russian and see what can be replaced there with numbers. Unambiguously, the letter "o" can be replaced by the number 0. The letter "h" can be replaced by the number 4. The letter "z" by 3, "b" by 6, "d" by 7, "d" by 9. And all this without risk of forgetting. Well, let's try. "39tcmkt; bnv0zg04nf" - well, how? This is already an absolutely unbreakable password. And at the same time, we remember how to recruit it, while we remember the original phrase.
Use the register to separate words
But that's not all. You can even add letters in uppercase! Suppose we take the original phrase, write the first or last, or maybe both, letters in uppercase. In this case, the figures can be left alone. Get "39ltcmKt; bnV0zG04nf" - any utility generator can envy such a password. But the difference from the generator is that we will never forget such a password, for we remember how it was received.
The truth here is a couple of nuances. It is not always possible to use non-alphabetic characters in the passwords - a period, a semicolon, a comma, an apostrophe, square brackets. These signs will appear in the passwords if in the original Russian phrase or word there is the letters y, x, b, e, x, y, respectively. Such signs only give additional cryptographic stability to your password, but only if they are acceptable. Otherwise, you either need to take the original phrase where these letters are not used, or replace them with eg the same numbers. I prefer the first option, although if in my original phrase there is only the letter "b" I simply change it to the number 6 without giving up this phrase.
Use special characters in the password
Similarly, you can use the keyboard features if you want numbers in your original phrase. Then just type these numbers with the shift key pressed and get 1 = !, 2 = @, 3 = #, 4 = $, and get non-alphabetic characters in your password that will only strengthen it repeatedly (again, provided these characters are allowed).
Now it remains only to learn how to choose the right phrase or word correctly, so that there is a consistent association with the resource on which you register.
And yet, it is not necessary to change everything that you can change, letters to numbers. It's enough one or two, then you should look at the situation - optimize your password for convenient typing, if you do not yet own a blind ten-finger method of printing.
A strong password
Do not be afraid that it will be too difficult for you to type it - it's not for long. If necessary, you can easily dictate or write down your password in END-DIMENSION (for example to friends) - because it's simply not possible to remember it. You yourself can record or dictate it only if you have a keyboard in front of your eyes, or you remember the layouts by heart. But never give anyone exactly the original phrase and the algorithm for generating your password.
