Basic Password Security thoughts to follow

Post Reply
User avatar

Topic author
Dirk

Tester VIP For his activity Supporter
V.I.P. of V.I.P.
V.I.P. of V.I.P.
Posts: 80
Joined: Mon Feb 08, 2016 12:11 am
Medals: 4
Gender:

Basic Password Security thoughts to follow

Post by Dirk » Sat Apr 30, 2016 12:31 pm

.
.


Just a helpful Guide listing many of the Do's And especially Don'ts when considering creating passwords and how LuJoSoft PassGenOrganizer can help.


Almost everywhere you go today some site wants you to join to get it's full benefits, But managing this can be a daunting task, so here comes LuJoSoft PassGenOrganizer.

go here to get the program viewtopic.php?f=96&t=691

To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, you should notice that:

1. Do not use the same password for multiple important accounts.

2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol. (Note: Not All sites allow the use of special symbols or characters like, $,@,&,etc. - If they do USE THEM) If you consider these sites to be ones you want HIGH security from, Like a financial site, Contact them and ask for this higher security level. I have found many of the sites I've contacted over the years to be more than willing to allow these characters. In many cases it was just because they never thought of it.

3. Do not use the names of your families, friends or pets in your passwords.

4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.

4A. If a site requires you to answer security questions, it is going to require you to answer such things as the following:

What is the name of your first pet?
What is the first name of your best friend in High School?
What is your fathers middle name?
Where did you meet your wife?
Where did you go on your Honeymoon?
ETC.

The easy way from getting yourself into trouble with these, is just to record the question and your answer. Your answer however, Should ALWAYS be a LIE.

5. Do not use any dictionary word in your passwords.

6. Do not use something that can be cloned( but you can't change ) as your passwords, such as your fingerprints.

7. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) store your passwords, since all passwords saved in Web browsers can be revealed easily.

8. Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.

9. Do not send sensitive information online via HTTP or FTP connections, because messages in these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS and SFTP whenever possible.

10. When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a private VPN on your own server( home computer, dedicated server or VPS ) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer( or a remote server of your own ) with PuTTY and connect your programs( e.g. FireFox ) to PuTTY. Then even if somebody captures your data as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer, he'll won't be able to steal your data and passwords from the encrypted streaming data.

11. How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company's server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.

To check the strength of your passwords and know whether they're inside the popular rainbow tables, you can convert your passwords to MD5 hashes on this MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is "0123456789A", using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it? You can perform the test yourself.

12. It's recommended to change your passwords every 26 weeks.

13. It's recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software like LuJoSoft PassGenOrganizer.

14. Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.

15. Turn on 2-step authentication whenever possible.

16. Do not store your critical passwords in the cloud.

17. Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not a phishing site before entering your password.

18. Protect your computer with firewall and antivirus software, download software from reputable sites only, and verify the MD5 or SHA1 checksum of the installation package whenever possible.

19. Be careful when using online paste tools and screen capture tools, do not let them upload your passwords to the cloud.

20. If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer), software keyloggers and hidden cameras when you feel it's necessary.

21. If you're a webmaster, do not store the users passwords in the database, you should store the salted hash values of passwords instead.

User avatar

Superl The Boss
Site Admin
Site Admin
Posts: 1244
Joined: Sat Apr 16, 2011 7:49 am
Location: Montreal, Canada
Gender:
Contact:

Re: Basic Password Security thoughts to follow

Post by Superl The Boss » Sun May 01, 2016 7:16 am

Good info for security :-bd :-bd :-bd


Come and say hello in here
Any donation will help click here please.

Have a nice day :-h

Post Reply

Return to “PassGenOrganizer”

Who is online

Users browsing this forum: No registered users and 1 guest