What makes a good password?

Introduction

From the times reading of "Schnider on Security" 20 years ago I've started my fight for secure passwords. It seems I still lose in this game as many people tend to:

  • Use single password for everything
  • Use too simple passwords (90% of passwords are hackable with dictionary attack)

Why is is so difficult

  • Because most of people don't aware of the methods of password cracking
  • Some don't think that they are valuable enough to be hacked
  • It is difficult to store many different passwords secure
  • It is difficult or impossible to remember randomly generated passwords

Solution

I would like to explain how to fight every part of the problem.

Use password storage tool

  • There are many tools available. For Linux I prefer 'pass' utility which also have many UX clients (I am using emacs helm-pass package).
  • You can also use some half-commercial tool like LastPass, 1Password and many others.

Strong and easily rememberable passwords

From first glance this seems to be impossible - the stronger password, the bigger it is and so those factors contradict, is not it. But in reality, it turns to be false and it is possible to have rememberable and very strong passwords. The method relies on password strength calculation and human mind specific abilities: it is called diceware system.

Great video on this topic: https://www.youtube.com/watch?v=Pe_3cFuSw1E&t=575s

Comments

Comments powered by Disqus