Password: Selection & Management

Password: Selection & Management

7 min read

There are many people who face difficulty in selecting their right password. In today’s world, almost every website stores user’s data in terms of their passwords to serve them what they require in a user-friendly manner. So, it is often hard to remember so many passwords that we use on different sites. So, many people either choose a common password for all websites they visit or very simple passwords in order to remember them easily. But these are not good practices. We should avoid doing these things if we want to limit the credentials to our own selves. Below I have intended some quick checkpoints to assist you in selecting a strong password.

Disclaimer: It is possible that after reading this article, your password may be revealed.🤣

What should a strong password contain?

  • At least 8 character long
  • Should contain
    • uppercase/lowercase characters
    • numbers
    • punctuation
    • spaces
    • symbols
  • Never use same password twice
  • Never use dictionary words

What are the things we should avoid while creating a password?

Avoid writing:

  • <yourName><number> or <number><yourName>
    • Like keshav123 or 123keshav
  • <yourName><yourName>
    • Like sankalpsankalp
  • Don’t use a word by simply removing vowel as password
    • Like Rajharsh –> Rjhrsh
  • Don’t use key sequences as they can easily be cracked
    • Like asdf, zxcvbnm, qwerty etc
  • Don’t simply grabble letters like converting S to 5, g to 6, I to 1 etc.
    • For example ke5hav61

Tips

  • Try choosing passphrase.
  • Don’t make your password too hard to remember.

How can we judge whether our password is good or bad?

If your password relates these words then your password can easily be cracked:

  • Your Personal Information
  • Location near you
  • Things near you laptop, tube light, fan etc.
  • Easy to remember like let-me-enter, admin123 etc.

If your password contains Paraphrases then it will be too hard to crack like:

     “Lorem ipsum dolor sit amet, consectetur adipiscing elit”

L I D S A C A E     ——-    strong

L I $ S A C A E      ——-    complex

L I $ S a C a E       ——-    very complex

7 1 $ S a C a 3      ——-    increasing complexity

Even you can check your password’s strength at http://www.passwordmeter.com/

What are the ways by which hacker can steal your password?

One of the way is they can guess it by relating it with your belongings and the things which you like. Or hackers can use brute force attack where every possible combination of letters, symbols and numbers is tried in an attempt to guess the password for example a Pentium 100 PC might typically be able to try 200,000 combinations every seconds it means that a six letter password containing only upper and lower case characters could be guessed in around 28 hours! Another way that hacker may use is dictionary attack. Dictionary attack is more intelligent method then brute force attack as here combination tried are first chosen from words available in dictionary.

But you need not worry with increasing attacks on passwords. Nowadays, most of the sites are giving facilities of two step authentication. After entering the correct password you will be asked for something else too which can be a security question like your favorite book, etc. or they will send a 6 digit code at your registered mobile number (known as OTP).

Gmail, Google provides some backup codes that are one time pass-codes that you can use to sign in when you are away from your phone and out of several pass-codes each code can only be used at once.
source-androidauthority.com

And if you are not having your mobile phone at that time then there are some other ways also like in Gmail, Google provides some backup codes that are one time pass-codes that you can use to sign in when you are away from your phone and out of several pass-codes each code can only be used at once.

Using Password Manager 

Password managers are the software which help a user to manage their passwords and important information so that it can be accessed anytime and anywhere if data is stored in online password manager. Offline passwords manager are also available which you can store in your pen drive if you want to use it anywhere.

Passwords can be stored online or locally, online password manager use browser extensions that keep data in a local profile, syncing with your cloud server. Some other password managers use removable media to save the password so that one can carry it when required and don’t have to worry about online issues.

What is special in Password Managers? How can our passwords be safe?

Storing passwords in password managers is not what you think as a risky task. In fact Password Manager use algorithms i.e. encryption algos to secure your passwords.  These algorithms might fascinate you so I am briefing one algorithm here and as always if you want to dig deeper I will provide some links for reference and further reading.

Twofish Algorithm

  • Based on the blowfish algorithm
  • It is basically a symmetric key algorithm
  • Twofish has a block size of 128 bits and accepts a key of any length up to 256 bits.
  • A festal structure like data encryption standard
  • Used in several password manager

Note: The best password manager use a 256-bit(or more) encryption protocol for better security which has been  even accepted by US National Security for top secret information handling,  cool… right!

Some Famous Password Manager

 KeePassX

Features:

KeePassX
KeePassX
  • Free and open source software
  • System Required : MS Window, GNU/Linux, 2000, XP, Vista, Window-7, 8, 10
  • Built by Qt libraries
  • Uses its own random password generator.
  • By using keyword of website it uses quick search of password
  • Customizes groups
  • Free from notes and any kind of confidential text file
  • Simple user interface
  • Auto fill (so that nobody catches your key presses)

Application URL https://www.keepassx.org/

CLIPPERZ
CLIPPERZ

CLIPPERZ

It is a web based open source password manager built to store login information securely and here we can access data anywhere form any device without any installation. It also includes offline version.

Application URL https://clipperz.com/

PASSWORD GORILLA

It is also open source, cross-platform, simple password manager even though its name is quite scary 🤣. It can store login information and notes. It smoothly works on window, linux and Mac OS. It can copy credentials and there is auto clear facility too.

password gorilla
PASSWORD GORILLA

There is one more thing I want to mention about this is that it is SHA256 protected. You might be wondering what is it for the time being you can understand it as a Hashing algorithm with variable input size and fixed output size. There are other algorithms also like SHA-1, 2, 256 & MD-5. I will probably cover this in future articles.

Application URL https://gorilla.dp100.com/downloads/

PASSWORD SAFE

PASSWORD SAFE

Password safe is free open source initiation by Bruce Schneider and released in 2002. Some of its features are mentioned below.

Features:

  • Whole database backup and recovery option are available for ease of use
  • Multiple databases
  • Safe decryption

Application URL https://pwsafe.org/

So I hope you get it now that how passwords can be selected safely and where to store them if you have unorganized bunch of it . If you have any question feel free to ask me in the comment box or you can email me at keshavraturi333@gmail.com as always your suggestions or any error corrections are most welcomed and we can even connect through LinkedIn :). 

Choose your Reaction!
Leave a Comment