{"id":2031,"date":"2013-06-07T10:25:45","date_gmt":"2013-06-07T14:25:45","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2031"},"modified":"2020-02-26T18:57:22","modified_gmt":"2020-02-26T14:57:22","slug":"21st-century-passwords","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/21st-century-passwords\/2031\/","title":{"rendered":"21st Century Passwords"},"content":{"rendered":"<p>Almost all computer security instructions, whether it is a help page on Facebook, corporate regulations or part of the \u201c\u2026 for dummies\u201d series, urge us to use strong passwords at all times. As time passes this advice has become standard, even though the whole notion of a \u201cgood\u201d password has steadily changed. It\u2019s no longer worth referring back to the advice of the \u201990s when coming up with a password \u2013 so let\u2019s think again about how to create strong and reliable passwords!<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/06\/05113435\/passwords_title.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2032\" alt=\"passwords_title\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/06\/05113435\/passwords_title.jpg\" width=\"640\" height=\"420\"><\/a><\/p>\n<p><b>Why do we need this nonsense?<\/b><\/p>\n<p>Passwords combining letters, figures and special characters first began to be used to protect computer accounts or local documents and archives. Even when encrypted, these could still be physically accessed by a perpetrator, prompting the risk that someone could merely keep entering passwords until the correct \u201ckey\u201d was found. This method, called bruteforcing, was highly efficient with short passwords. The more diverse and longer the password is, the more time it takes to perform the exhaustive search. Passwords of 4-5 characters give way to a perpetrator in a few seconds, though each new character increases the time needed tenfold. The same applies to a combination of letters, symbols and numbers \u2013 including these characters greatly reduces the chance of bruteforcing a password.<\/p>\n<p>Of course, there\u2019s a catch \u2013 if a password appears to be simply a word, even a long and exotic one, it is easy to find. Just try every word in the dictionary \u2013 there are not that many words in the world. An extra figure in the password significantly increases the complexity. That is why experts have recommended using the combinations of letters, figures and other characters \u2013 yet, in addition to being harder to guess, it\u2019s also harder to keep in mind.<\/p>\n<div class=\"pullquote\">If a password appears to be simply a word, even a long and exotic one, it is easy to find.<\/div>\n<p>Today the situation is mixed: many online services block any possibility of bruteforce, though there are some <a href=\"https:\/\/threatpost.com\/evernote-compromised-says-no-user-data-affected-030313\/\" target=\"_blank\" rel=\"noopener nofollow\">cases<\/a> when it is still possible. Moreover, botnets of infected computers give hackers significant computing power, which can be used to crack passwords faster.<\/p>\n<p><b>The realities of the new age<\/b><\/p>\n<p>Today almost everybody uses dozens of web services and each service demands a password. Simply sticking to a single password is risky, since compromising the password for one site could open the door to your entire online life. However, only very talented people can recall a unique combination like Xp89$ABG-faw?6 for every site they visit. How can we choose a password that is both secure and convenient.<\/p>\n<p><b>The perfect password recipe <\/b><\/p>\n<p>The most important rule for today\u2019s passwords is that it must be long. You can add some characters, though you need not make it gibberish. Use a clear phrase that is easy for you to remember and make a few changes to thwart a simple dictionary attack. ThereIsNothingEitherGood0Bad \u2013 is recognizable, isn\u2019t it? It is much easier to remember a code phrase and a couple of modifications than a set of senseless characters. Be careful, though, Shakespeare and other classics are not the best choice for a code phrase. It is better to think up your own phrase that is easy to remember. Use one phrase for one service.<\/p>\n<p>When choosing the length and complexity of your phrase, keep a few things in mind: the value of the data under protection, the likely frequency of entering the password, and the potential need to type on a mobile device.* These factors influence the complexity of modifications. For instance, EitherGood0Bad is perfect for a free music service, but for your main mailbox or online banking service you should invent something like There1sNothingEitherGood0BadButThinkingMakes1tSo1603. We are noting once again, passwords must be different for different services and based on various code phrases.<\/p>\n<p>This creates another challenge \u2013 some services limit the password length, so it is better to avoid using such services.<i>\u00a0<\/i><\/p>\n<p><i>*If you create a 10-character password using letters from the Latin alphabet, figures and special characters, the number of combinations for a bruteforce attack would be 2.8*10<sup>18<\/sup>. A password of only four widespread English words would give you 1.6*10<sup>17 <\/sup>variants, which isn\u2019t much less. And if you include five words, it is easy to increase the number of variants to 3.2*10<sup>21<\/sup>. Common words turn out to be more efficient than unmemorable rubbish.<\/i><\/p>\n<p><b>A modern method<\/b><\/p>\n<p>Although code phrases are significantly easier to use than a mish-mash of characters, it\u2019s still important to keep each password unique. According to a <a href=\"https:\/\/me-en.kaspersky.com\/blog\/infographic-password-protection\/%5F\" target=\"_blank\" rel=\"noopener\">password survey<\/a>, an average Internet user has five different accounts. Each account should have its own password, which can easily test the user\u2019s memory. Some users have much more than five accounts \u2013 and this is a real challenge for any brain. For these cases a specific application category was invented \u2013 it is called password storage. There is a module of this kind included in <a href=\"https:\/\/www.kaspersky.com\/products\/home\/pure\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky PURE<\/a>. This module contains a database with user account information for all possible web sites, resources, etc. This table is carefully encrypted with powerful algorithms, so the owner only needs to come up with one very strong password to access that table. Simply keep that one firmly in mind, and your computer will take care of the rest.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Almost all computer security instructions, whether it is a help page on Facebook, corporate regulations or part of the \u201c\u2026 for dummies\u201d series, urge us to use strong passwords at<\/p>\n","protected":false},"author":32,"featured_media":2033,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[412,187,363],"class_list":{"0":"post-2031","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-online-security","9":"tag-passwords","10":"tag-personal-data"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/21st-century-passwords\/2031\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/21st-century-passwords\/2031\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/21st-century-passwords\/2031\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/21st-century-passwords\/2031\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/21st-century-passwords\/2031\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/21st-century-passwords\/945\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/21st-century-passwords\/2031\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/21st-century-passwords\/2031\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/online-security\/","name":"online security"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2031"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2031\/revisions"}],"predecessor-version":[{"id":15562,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2031\/revisions\/15562"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2033"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}