How to make the password more reliable and at the same time not to forget it? There are several options …
Cipher of simple replacement
Ciphers of replacement — the class of cryptography techniques existing almost as much, how many and the alphabet. Its essence consists in replacement of letters with other letters, numbers or characters (sending to cryptography).
Without going deep in particular and cipher subtleties, it is possible to select the simplest cryptography technique — where each letter following it in the alphabet is replaced. For an example we will take the words "cat" and "dog". We cipher: for with in the alphabet there is d (c=d), for a there will be b (a=b), well and t is followed by u (t=u). Ta a formula and for the second word: d=e, o=p, g=h. As a result we receive two ciphers — dbu and eph.
The cipher of simple replacement of letters (through two)
It is impossible to call the cipher of simple replacement very much reliable. It is not difficult to crack it at all if to compare several ciphered sentences or to know the principles of use. But it is possible to experiment and diversify a method. For example, to set own replacement procedure of letters, to add number, etc.
One of options of the enciphering described in Conan Doyle's story "The dancing little men"
It is possible to use a favourite method of conjurers and magicians — mnemonic. It helps to visualize object by means of its complete description, simplifying thereby storing or identification. The similar principle is used in the known saying about colors of a rainbow: "Each (Red) hunter (Orange) wishes (Yellow) know (Green) where (Blue) (Blue) pheasant sits (Violet)".
In the simplified type everything looks approximately so: "and is a pineapple, is a banana, in is a cherry". For creation of the password, use the words corresponding to letters.
Storing of sequence of flowers of a rainbow
For example, it is necessary to create the password for the website bank.com. Let's take as a basis a code from the first two letters from the name of the "b" and "a" web resource. According to construction "b is for banana, an is for Apple" will turn out "bananaapple". Add between them the hyphen and the password will purchase also the necessary character. And if to integrate all this in cipher simple replacement, the password for bank.com will become really reliable nsmsms=s [[; r.
The name of the website at the end of the password
The technical director of the company on network safety of Panda Security Luís Korrons offers the following option:
To make the password unique for each website (without the need for it to write) it is possible to add the name of a web resource to its end.
Let's consider in more detail on the example of the same website bank.com. We will add a prefix to the selected password "at the end - bank". More difficult construction doing the password both clear and difficult will turn out. Too most we make with accounts on social networks "-twitter", "-facebook" and "-linkedin" or the reduced options it seems "-twit", "-face" and "-link".
There are companies which force the clients to change passwords of times in half a year or year. Here too it is possible to find a solution. Just add necessary year, quarter to the beginning or the end of the password. Let's take as a basis already familiar password of "banana", we will add to it the coming 2016 and 1st quarter. banana-16-q1 turns out. And if to make movements on only one key on the keyboard, the password will significantly become complicated and will find a type of nsmsms=3-25=j3.
And here — our unique password, quite difficult, reliable which can be remembered and without special work regularly to change (on months or years).
The size matters
In addition to an encryption it is worth talking also about quality of the password. Its length is important. The complete set includes 26 lowercase letters, 26 capital and 10 digits. Also in the password about 30 special signs can be used. All this says that for each character added to the password, the number of possible options increases by 90 times.
According to the CEO of firm of network safety of FlowTraq Vincent Burke:
The majority of websites and the companies need passwords which contain a combination at least from 10 characters lower and an uppercase, at the same time include number and one or several special signs
Recently security experts recommend to increase password length in general to twelve signs. In their opinion 12 — a minimum. This theory was created on the basis of research which was conducted at Institute of technology (the State of Georgia, the USA). Researchers used groups of video cards to crack eight-digit passwords and came to a conclusion that for this purpose there are enough two-three hours. For cracking graphic processors — the system components developed for satisfaction of needs of modern gamers were involved.
Passwords from seven characters are qualified as "hopelessly inappropriate". The researchers dealing with data security issues came to conclusion that on cracking of passwords twelve characters with modern technologies will be left by about 17,000 years. However, technology development is so prompt that it is difficult to give exact forecasts.
Originality of the password
Certainly, not only one length does the password reliable. It should not be a lung for guessing or predictable. For example, the password of LadyGaga — is good only for the devoted admirer or for the singer. The set of digits 1234567890 will not go too — too obviously that even the child can crack it, keying in a row all ten digits. Also the combination from the password1234 series will be unreliable even if it consists of twelve characters.
It is worth thinking out difficult and not widespread passwords. It is better to avoid words which can be found in dictionaries of any language. Popular replacements of letters with numbers (0 instead of "o", 4 instead of "a") do not play a special role. It is not desirable to repeat the same password many times. Though it is also done by users, according to the November research RSA of 69%. Results showed that consumers reuse the password which is thought up by them once (while nearly 50% from them were the victims of attacks from hackers).
Most of experts in safety agree in opinion that passwords have to be easily memorable, but difficult guessed. Too difficult and unclear combinations from characters will simply be forgotten. And to write passwords on stickers, pieces of paper, in notepads or somewhere else — not the most successful idea. Here it will better be limited to the hint clear only to the owner, but not someone to another.
One of parameters doing the password more difficult consists in using really rigid constructions. It is unlikely someone will be able to remember a set of twenty signs, like GdzIQaZyVaFgbh7dlu46. Actually, quite "painfully" to use such passwords in general. On the other hand, they really will be difficult to be cracked. Similar passwords are good for the systems demanding special safety and which are not used often.
As the password it is possible to use the phrase, previously coding it. For example on English "I want to be at the beach" in the coding can look as iw2b@theBeach. The memorable password which will be rather difficult for cracking. Under each system it is possible to pick up the different termination. Some systems allow even to use complete the sentence as passwords. Such passwords will not be forgotten and will be quite reliable.
For the purpose of data security increase by the known cloudy data storage of Dropbox the list from passwords which are forbidden to be used was created. In the list there are about 85100 passwords.
And Youzhny's University of Wales conducted researches which results showed that:
4,7% of users use the password of password;
8,5% of users select one of two options: password or 123456;
9,8% of users select one of three options: password, 123456 or 12345678;
14% of users select one of 10 most popular passwords;
40% of users select one of 100 most popular passwords;
79% of users select one of 500 most popular passwords;
91% of users select one of 1 000 most popular passwords.
This article is a translation of the original post at habrahabr.ru/post/273373/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: email@example.com.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.