|
|
Selecting a Secure Password
To develop and maintain your Web site, you'll typically need a password to
access a server, either for email or FTP. Selecting a secure password will help ensure that
your accounts remain secure and not subject to password cracking.
Many password cracking techniques in popular usage today involve "dictionary
guessing" where computers are used to automate a trial-and-error
guessing process to discover the correct password to an account. Using a
large word list or dictionary the attackers try every word or permutation
of words in an attempt to guess the password. This process can be surprisingly successful.
As a result you should not
use weak passwords that could be feasibly listed in any dictionary,
including any foreign language dictionary, such as:
- spelling a dictionary word
- account name backwards
- concatenating one or
more dictionary words
- prefixing or suffixing dictionary words with
letters or digits
- Trivial permutations should also be avoided because they are among the first
permutations a dedicated attacker will check
Characteristics of good
passwords include sufficient:
- Length: Traditional UNIX systems recognize
and use the first eight characters of the password so plan on choosing
passwords seven to eight characters in length.
- Complexity: UNIX passwords are case sensitive, meaning that uppercase and lowercase
letters are not the same, and they may also contain unusual characters
such as punctuation characters, so plan on using strange or unusual
capitalization and characters.
- Obscurity: Never use a
password that incorporates personal information about yourself that could
be easily obtained.
In the book Practical Unix Security, Simson Garfinkel and Gene Spafford
offer the following checklist of things to consider when choosing
password. To be secure, a password should not be any of the following:
- Your name
- Your spouse's name
- Your parent's name
- Your pet's name
- Your
child's name
- Names of close friends or coworkers
- Names of your favorite
fantasy characters
- Your boss's name
- Anybody's name
- The name of the
operating system you're using
- The hostname of your computer
- Your phone
number
- Your license plate number
- Any part of your social security number
(or equivalent)
- Anybody's birth date
- Other information that is easily
obtained about you
- Words such as "wizard", "guru",
"gandalf", and so on
- Any username on the computer in any form
(as is, capitalized, doubled, etc)
- A word in the English dictionary
- A word
in a foreign dictionary
- A place
- A proper noun
- Passwords of all the same
letter
- Simple patterns of letters on the keyboard, like "qwerty"
- Any of the above spelled backwards
- Any of the above followed or prepended
by a single digit
The authors continue and state that good passwords are passwords that
are difficult to guess. In general, good passwords have the following
characteristics:
- Both uppercase and lowercase letters
- Digits and/or
punctuation characters as well as letters
- Easy to remember, so they do
not have to be written down
- Seven or eight characters long
- Can be
typed quickly, so somebody cannot follow what you type by looking over
your shoulder
Following a sensible password policy will help ensure that
your accounts remain secure.
Copyright 2000-2017 Internet Health Resources
About Us
|