Passwords are integral to our online life these days, especially with the increased use of online banking and cloud computing. It’s little wonder then, that password stealer tools and brute force dictionary attacks are big business for the cyber criminals. The number of people I know who use the same password for multiple websites is staggering.
Given most websites (and third party apps), including Facebook ask you for your full password (most banks will only ask for three characters of your password), this does leave most people open to multiple attack. Now let us take a look at how you can easily create and store secure passwords:
Creating a secure password
- Create a long password, with a mix of upper and lower case letters along with numbers and non-alphanumeric characters – not all websites support the latter.
- Never use password substitutions i.e. pa55wOrd.
- In the event you cannot use non-alphanumeric characters, use a password phrase with a mixture of upper and lower case letters along with numbers.
- Always create a different password for each website/service you register with. Database breaches are common, so make sure you only use one password with one website/service.
- Visit: https://www.microsoft.com/security/pc-security/password-checker.aspx and check the strength of your password.
Use a Password Generator – a selection of my favourite utilities
- PC Tools Password Checker – allows you to create random passwords that are highly secure and extremely difficult to crack or guess due to an optional combination of lower and upper case letters, numbers and punctuation symbols.
- MakePassword – is useful for getting a random password for personal use or for generating large lists of default passwords.
- Passcreator – you can even specify a word before generating a password, in order to display this word into password. The word will then be placed randomly into the password.
- http://16s.us/sha1_pass/ – generates passwords, but doesn’t store them – this is a very useful utility that can be used on Linux, Mac and Windows operating systems. It isn’t for novices though.
- Strong Password Generator – use this strong password generator to generate secure, random passwords. It’s free.
- Additionally, GRC aka Steve Gibson has a novel way of presenting very long passwords with Password Generator which are very useful for locking down wireless WEP and WPA networks.
Use a Password Manager
Password Managers store all your passwords and can also be used to automatically insert your username and password:
- Password Safe is free and open source and is my favourite password manager utility. TIP: Store your Password Safe database file as an encrypted volume using TrueCrypt* Password Safe also allows you to generate strong passwords.
*TrueCrypt is free and open source and allows you to create encrypted volumes
We’ve all at one time or another forgotten our email account passwords, so below you will find two useful utilities from a reputable company called NirSoft that should give you piece of mind:
- Mail PassView – use this tool and it will find your email account passwords for you. It’s also useful in highlighting how insecure your email account passwords are on your PC.
- Password Security Scanner scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more…) and displays security information about all these passwords. It doesn’t disclose the password though.
Remember, password stealers (scripts and keyloggers) exist on compromised websites and genuine ‘hacked’ websites as well as email attachments (image or PDF files are a common attack pattern) and video files. My readers should also read more about Script Browser Blockers, which will provide you added assurance when surfing the web.
Safe surfing folks!