6101434856_e7eafdfdf2_b

Strong passwords and what you should be doing .

The weakest point in any security for your online accounts is usually your password. At RGB Designs UK, we do our best to ensure that your site is secure and protected and can’t be accessed by unauthorised users.

If someone else guess’ or retrieves your password in some way, this means they are able to get around any of these security measures that have put in place, because our systems will see this person as you. This then makes it possible for them to make any changes they wish to your site including the deletion of your site and or its content.

This guide is here to help you greatly reduce this possibility and to help you create strong passwords that are difficult to guess or crack. Please read through these tips and check the strength of your own password. If you feel that your password isn’t secure enough, I strongly advise that you change it.

Why Traditional Passwords Are not safe

Password-cracking methods have advanced greatly in the last past few decades, but how we create these passwords has not. Due to this, most people will advise you when creating a strong password tends to be outdated .

Passwords such as jal43#Koo%a, are very easy for a computer to break and very difficult for a human to remember and type.

Currently the most common types of password attacks can use software that can guess up to 350 billion times per second, this number is likely to increase significantly over the next few years.

Nowadays creating a strong password requires a modern technique which you will find set out below.

Modern Techniques for password Creation

There are many different ways of creating a strong password. By far one of the best ways is a password manager and pass-phrase. Choose which one you think works best for you, and then read more about that preference further along in this article, which will help to get you started.

 

Best method: A Password Manager

What is a password manager?

A password manager is a application on your computer or mobile device which generates strong passwords and stores that password in a secure database. A pass-phrase is used to access the database, the manager will then automatically enter your username and password into website’s login forms for you.

Why this method is best.

You don’t have to worry about creating a good password, the system remembers it for you. You also don’t have to type a password in ever again. This method is one of the most secure currently available.

 

Good: A Pass-phrase instead of a Password

What is a pass-phrase?

Similar to a password, but it’s based on a collection of unrelated words, rather than one.

For example, monkey ,bounce, car, hosepipe.

The reason for this is a password strength primarily is in how long it is. A pass-phrase is more secure than a regular password for this reason. As well as this, they are easier to remember and to type than a regular alpha numeric password.

A Pass-phrase is not as strong as a password created by a password manager, but are still a good option if you are not keen on using a password manager. A pass-phrase is also one of the best ways to generate the master password for a password manager or OS, as they cant be automatically filled by the password manager.

Using a Password Manager

Many different password managers are available to choose from. So you should pick which suits you best, and install it on your computer and/or mobile device. These steps are not the same for each application, so it’s recommended that you read the documentation for your chosen password manager for more information.

Choosing a password manager

Info borrowed from wikipedia

Name License OS Support Browser Integration Delivery Format
1Password

Proprietary

OS X, iOS, Windows, Android

Yes

Local installation with Cloud sync
Dashlane

Proprietary

Mac OS, iOS, Windows, Android[1]

Yes

Local installation with Cloud sync
iVault

Proprietary

OS X, iOS, Windows, Android

Yes

Local installation with Cloud sync
KeePass

GPLv2

Windows, (unofficial ports: Linux, OS X, iOS, Android, Windows Phone)

through auto-typing

Local installation
KeePassX[2]

GPLv2

Windows, Linux, iOS X

through auto-typing

Local installation
Keychain

APSL

Mac OS, iOS (as Cloud Keychain)

in iCloud version

System utility
LastPass

Proprietary/Freemium

Cross-platform (browser extension) (mobile app w/subscription)

Yes

Cloud-based
Mitro

GPLv3

Cross-platform (browser extension & mobile app)

Yes

Cloud-based
Mitto

Proprietary/Free service

Cross-platform (browser extension)

Yes

Cloud-based
Password Safe

Artistic License 2.0

Windows, Linux, (unofficial ports: OS X, iOS, Android  Windows Phone)

through auto-typing

Local installation
Pleasant Password Server

Proprietary

Cross-platform (browser extension & mobile app)

Yes

Local installation
RoboForm

Proprietary

Windows, Linux, Mac OS, Android, iOS, Windows Phone

Yes

Cloud-based
SafeWallet

Proprietary

IOS, Windows, Android

Yes

Cloud-based

Why not try a search engine to find one of the many other password managers out there.

1. Install the password manager on your computer or mobile device.

2. Install any extensions or plug-ins required for web browser use.

3. Create a strong master password, check out the Creating a Pass-phrase section of this post for how you can do this.

4. (optional) make a note of your master password, and store it somewhere secure, like a safe-deposit box or a safe. It’s important to have a backup if you ever forget your master password.

5. (optional) you can normally share your password database across multiple devices with the Password managers tools or via a service such as Dropbox. If using an external service, make sure you have a strong password for it and enable two-factor authentication on the account (if possible).

Now your password manager has been setup, you can generate strong passwords for all your accounts with it. Find the password managers password-generator tool, and set it so it will create 30-50 random characters, with a mix of upper and lower case letters, numbers, and symbols.

You want to end up with something that looks like this: 1N1Wt.LbG^+h4?d$5.K34lh[]uNW;A.

Looks intimidating doesn’t it. However keep in mind you don’t have to remember it or type it; your password manager deals with all of that for you.

How to Create a Pass-phrase

Pass-phrases follow similar rules to creating traditional passwords. They don’t have to be as complex as the length of the phrase, this provides security that outweighs the simplicity of the phrase.

1. Chose 4 different unrelated words. You can use something like passwordsgenerator.net to do this, however it’s normally better to make up your own.

2. You can add spaces between the words if you feel like.

Now you should have a Pass-phrase that looks like this: monkey, bounce, car, hosepipe.

You don’t have to go any further if you want, however you can add some extra security by following the below steps:

1. Alter some of the letters so that they are upper-case.

2. Add in some numbers and symbols.

If you apply these rules your pass-phrase should look something like this :

monkey 28 bounce # Car Hosepipe

Try to avoid the following:

      • Avoid placing words in predictable patterns or words that would make up a complete sentence; as this would be simpler to guess.
      • Song lyrics, quotes or anything else that’s been published. Databases of published works are used by attackers to build possible pass-phrases or passwords.
      • Avoid personal information. Even if combined with numbers and letters, someone you know (or somebody who can research your information online) can simply guess a password from that information.

Other hints and tips For Both of these Methods

Other things to remember while composing passwords, that will help you keep information secure.

      • Never use a password twice.

Some popular websites don’t secure your password adequately, hackers routinely manage to break into these sites and then have access to hundreds of millions of users details and passwords. Reusing passwords on different sites allows a hacker who hacks into one, they can then login to your accounts with other sites using this information. At least make sure you have unique passwords for each site that store’s your financial details or other sensitive data and information. Or indeed any that could be used to ruin your reputation.

      • Make email passwords strong.

Like many online services your email address serves as your ID. A malicious user could gain access to your email, this person could then in theory reset the passwords and login details for all of your accounts.

      • Don’t share passwords.

You may well trust the person but it’s possible for a attacker to eavesdrop or intercept your transmission, or indeed to hack your computer. If you suspect someone knows your password, change it immediately.

      • Don’t put password in a email.

E-mails aren’t normally encrypted, which means they can be easy for attackers to read. If you have to share any passwords, use a secure method such as pwpush.com, you can then set the link sent out to expire after the first view.

      • Don’t save your passwords in a web browser.
        Many browsers fail to store the passwords securely, so use a password manager instead. See the section on password managers above for more information.
      • Don’t save passwords or use “Remember Me” options on a public computer.

If you do this then the next person to use that computer will be able to access your account. Also make sure you log out or close your browser when you are done.

      • Don’t write down your password.

If it’s on a piece of paper and someone can find it, it isn’t secure. Put passwords in a password manager, that way they are encrypted. See Using a Password Manager for more information. This has one exception, unrecoverable passwords (like your master password for your password manager, or an operating system account) store them somewhere secure. One way to secure these is to keep them in a safe deposit box/safe.

      • Avoid changing your passwords, unless you you think it may be compromised.

As long as your password is created using the methods outlined in this post, changing it regularly won’t really do anything to reduce the risk of it getting compromised. Regularly changing passwords can be troublesome. And a lot of the time people adopt bad practices or habits to make the process simpler. This increases their site or accounts vulnerability to attacks. If you think your account or site has become compromised, then it’s always a good practice to change your password.

The weakest point in any security for your online accounts is usually your password. At RGB Designs UK, we do our best to ensure that your site is secure and protected and can’t be accessed by unauthorised users.

If someone else guess’ or retrieves your password in some way, this means they are able to get around any of these security measures that have put in place, because our systems will see this person as you. This then makes it possible for them to make any changes they wish to your site including the deletion of your site and or its content.

This guide is here to help you greatly reduce this possibility and to help you create strong passwords that are difficult to guess or crack. Please read through these tips and check the strength of your own password. If you feel that your password isn’t secure enough, I strongly advise that you change it.

Why Traditional Passwords Are not safe

Password-cracking methods have advanced greatly in the last past few decades, but how we create these passwords has not. Due to this, most people will advise you when creating a strong password tends to be outdated .

Passwords such as jal43#Koo%a, are very easy for a computer to break and very difficult for a human to remember and type.

Currently the most common types of password attacks can use software that can guess up to 350 billion times per second, this number is likely to increase significantly over the next few years.

Nowadays creating a strong password requires a modern technique which you will find set out below.

Modern Techniques for password Creation

There are many different ways of creating a strong password. By far one of the best ways is a password manager and pass-phrase. Choose which one you think works best for you, and then read more about that preference further along in this article, which will help to get you started.

 

Best method: A Password Manager

What is a password manager?

A password manager is a application on your computer or mobile device which generates strong passwords and stores that password in a secure database. A pass-phrase is used to access the database, the manager will then automatically enter your username and password into website’s login forms for you.

Why this method is best.

You don’t have to worry about creating a good password, the system remembers it for you. You also don’t have to type a password in ever again. This method is one of the most secure currently available.

 

Good: A Pass-phrase instead of a Password

What is a pass-phrase?

Similar to a password, but it’s based on a collection of unrelated words, rather than one.

For example, monkey ,bounce, car, hosepipe.

The reason for this is a password strength primarily is in how long it is. A pass-phrase is more secure than a regular password for this reason. As well as this, they are easier to remember and to type than a regular alpha numeric password.

A Pass-phrase is not as strong as a password created by a password manager, but are still a good option if you are not keen on using a password manager. A pass-phrase is also one of the best ways to generate the master password for a password manager or OS, as they cant be automatically filled by the password manager.

Using a Password Manager

Many different password managers are available to choose from. So you should pick which suits you best, and install it on your computer and/or mobile device. These steps are not the same for each application, so it’s recommended that you read the documentation for your chosen password manager for more information.

Choosing a password manager

Info borrowed from wikipedia

Name License OS Support Browser Integration Delivery Format
1Password

Proprietary

OS X, iOS, Windows, Android

Yes

Local installation with Cloud sync
Dashlane

Proprietary

Mac OS, iOS, Windows, Android[1]

Yes

Local installation with Cloud sync
iVault

Proprietary

OS X, iOS, Windows, Android

Yes

Local installation with Cloud sync
KeePass

GPLv2

Windows, (unofficial ports: Linux, OS X, iOS, Android, Windows Phone)

through auto-typing

Local installation
KeePassX[2]

GPLv2

Windows, Linux, iOS X

through auto-typing

Local installation
Keychain

APSL

Mac OS, iOS (as Cloud Keychain)

in iCloud version

System utility
LastPass

Proprietary/Freemium

Cross-platform (browser extension) (mobile app w/subscription)

Yes

Cloud-based
Mitro

GPLv3

Cross-platform (browser extension & mobile app)

Yes

Cloud-based
Mitto

Proprietary/Free service

Cross-platform (browser extension)

Yes

Cloud-based
Password Safe

Artistic License 2.0

Windows, Linux, (unofficial ports: OS X, iOS, Android  Windows Phone)

through auto-typing

Local installation
Pleasant Password Server

Proprietary

Cross-platform (browser extension & mobile app)

Yes

Local installation
RoboForm

Proprietary

Windows, Linux, Mac OS, Android, iOS, Windows Phone

Yes

Cloud-based
SafeWallet

Proprietary

IOS, Windows, Android

Yes

Cloud-based

Why not try a search engine to find one of the many other password managers out there.

1. Install the password manager on your computer or mobile device.

2. Install any extensions or plug-ins required for web browser use.

3. Create a strong master password, check out the Creating a Pass-phrase section of this post for how you can do this.

4. (optional) make a note of your master password, and store it somewhere secure, like a safe-deposit box or a safe. It’s important to have a backup if you ever forget your master password.

5. (optional) you can normally share your password database across multiple devices with the Password managers tools or via a service such as Dropbox. If using an external service, make sure you have a strong password for it and enable two-factor authentication on the account (if possible).

Now your password manager has been setup, you can generate strong passwords for all your accounts with it. Find the password managers password-generator tool, and set it so it will create 30-50 random characters, with a mix of upper and lower case letters, numbers, and symbols.

You want to end up with something that looks like this: 1N1Wt.LbG^+h4?d$5.K34lh[]uNW;A.

Looks intimidating doesn’t it. However keep in mind you don’t have to remember it or type it; your password manager deals with all of that for you.

How to Create a Pass-phrase

Pass-phrases follow similar rules to creating traditional passwords. They don’t have to be as complex as the length of the phrase, this provides security that outweighs the simplicity of the phrase.

1. Chose 4 different unrelated words. You can use something like passwordsgenerator.net to do this, however it’s normally better to make up your own.

2. You can add spaces between the words if you feel like.

Now you should have a Pass-phrase that looks like this: monkey, bounce, car, hosepipe.

You don’t have to go any further if you want, however you can add some extra security by following the below steps:

1. Alter some of the letters so that they are upper-case.

2. Add in some numbers and symbols.

If you apply these rules your pass-phrase should look something like this :

monkey 28 bounce # Car Hosepipe

Try to avoid the following:

      • Avoid placing words in predictable patterns or words that would make up a complete sentence; as this would be simpler to guess.
      • Song lyrics, quotes or anything else that’s been published. Databases of published works are used by attackers to build possible pass-phrases or passwords.
      • Avoid personal information. Even if combined with numbers and letters, someone you know (or somebody who can research your information online) can simply guess a password from that information.

Other hints and tips For Both of these Methods

Other things to remember while composing passwords, that will help you keep information secure.

      • Never use a password twice.

Some popular websites don’t secure your password adequately, hackers routinely manage to break into these sites and then have access to hundreds of millions of users details and passwords. Reusing passwords on different sites allows a hacker who hacks into one, they can then login to your accounts with other sites using this information. At least make sure you have unique passwords for each site that store’s your financial details or other sensitive data and information. Or indeed any that could be used to ruin your reputation.

      • Make email passwords strong.

Like many online services your email address serves as your ID. A malicious user could gain access to your email, this person could then in theory reset the passwords and login details for all of your accounts.

      • Don’t share passwords.

You may well trust the person but it’s possible for a attacker to eavesdrop or intercept your transmission, or indeed to hack your computer. If you suspect someone knows your password, change it immediately.

      • Don’t put password in a email.

E-mails aren’t normally encrypted, which means they can be easy for attackers to read. If you have to share any passwords, use a secure method such as pwpush.com, you can then set the link sent out to expire after the first view.

      • Don’t save your passwords in a web browser.
        Many browsers fail to store the passwords securely, so use a password manager instead. See the section on password managers above for more information.
      • Don’t save passwords or use “Remember Me” options on a public computer.

If you do this then the next person to use that computer will be able to access your account. Also make sure you log out or close your browser when you are done.

      • Don’t write down your password.

If it’s on a piece of paper and someone can find it, it isn’t secure. Put passwords in a password manager, that way they are encrypted. See Using a Password Manager for more information. This has one exception, unrecoverable passwords (like your master password for your password manager, or an operating system account) store them somewhere secure. One way to secure these is to keep them in a safe deposit box/safe.

      • Avoid changing your passwords, unless you you think it may be compromised.

As long as your password is created using the methods outlined in this post, changing it regularly won’t really do anything to reduce the risk of it getting compromised. Regularly changing passwords can be troublesome. And a lot of the time people adopt bad practices or habits to make the process simpler. This increases their site or accounts vulnerability to attacks. If you think your account or site has become compromised, then it’s always a good practice to change your password.

RGB offers a updates and security service we can keep your  site up to date and secure for you with out you having to worry check it out  RGB Updates,Security and Back-up services

Check out the post on WordPress Security to find out more about securing your WordPress install.

 

 

No comments yet.

Leave a Reply