In 1964, the IBM company created a multi-user computer – a mainframe, it is a computer designed for the simultaneous work of several users. The mainframe worked in time-sharing mode, and in order for users to use it simultaneously, separate accounts were created for each of them. A password was required to log in to the account.

More than 50 years have passed since then, and we still haven’t learned how to create strong passwords, store them correctly, and use them. Research by the National Cyber Security Centre (NCSC) of the United Kingdom found that less than half of the surveyed people use a separate, hard-to-guess password for their primary e-mail account. Let’s figure out how to create a strong password and avoid becoming a victim of on-line fraud.

What should be avoided when creating a password

Any password can be cracked, and it’s only a matter of time for attackers. The user himself can both complicate and facilitate this task. Hackers can guess 10% of all existing passwords in 4 attempts.

The following passwords cannot be used:

  • 123456, 123456789, qwerty, password and 1111111;
  • one password for all services;
  • a password that contains important dates of the user’s life;
  • a password consisting of meaningful words and well-known phrases;
  • password from unverified on-line generators.

Ordinary users and even system administrators create passwords according to the outdated principle:

  • the password must consist of Russian words in English layout;
  • it contains formulas, non-existent e-mail addresses and rhymes;
  • the minimum password length is 8–12 characters;
  • it contains all available symbols, capital letters and transliteration.

Such methods increase the reliability of the password, but it is more difficult to remember it. As a result, users will simplify the password and this will compromise it. The modern approach for creating reliable passwords is based on the method of rejecting simple passwords based on dictionaries and source databases, as well as on monitoring and changing passwords in case of compromise.

How to create a strong password

To create a password that hackers cannot crack, or at least it would take more than four attempts to crack, it needs to be hashed with “salt”. A “salt” is a permanent part of a password that is assigned to it and hashed with it. But you should understand that if you use one salt for all passwords, there is a possibility that attackers will get access to all your data.

Therefore, you should have three options for salts:

  • “super salt” is for protection of work information;
  • “spare salt” is for social network accounts, on-line stores, on-line ticket purchase sites, etc.
  • “personal salt” is for protection of personal and financial information.

In practice, “salted” passwords look like this: Matros nasos kirpich rabota), Matros nasos kirpich viber), Matros nasos kirpich OSBBnashdvor).

Creating a strong password is very easy. We take four random, unrelated words, for example, correct horse battery staple. Such a password is easy for the user to remember, but it is hard to guess it by a brute-force attack. The longer the password, the better.

How to save passwords correctly

It is not recommended to use the same password for all sites, because after hacking one user’s page, for example, in social networks, hackers will be able to easily enter the user’s cloud storage, mail and other services by entering the same set of letters and numbers. Therefore, the user needs a large number of different passwords.

The main problems with passwords that users have are the following:

  • The password is hard to come up with. There are special programs for this – password generators.
  • It is difficult to remember a large number of different passwords. Password managers must be used.
  • Passwords are difficult to keep secret. A file encryptor is used for this.

A password manager is a service designed to store confidential information in encrypted form on remote servers or in a local secure folder. Let’s take a closer look at cloud and on-premise password managers.

LastPass is a cloud service that works on Windows, Linux, Mac, IOS, Android and integrates with Chrome, Firefox, Safari and Opera. It allows you to store your entire database on its secure servers. At the same time, only the user can access his data. Cloud storage is convenient because the user can access passwords and other confidential information from anywhere in the world.

KeePass is free service with open source code. It stores all confidential information locally on the user’s computer. It is possible to configure database synchronization via Dropbox on all devices. It has a built-in password generator. The password database can be backed up. The program is available on Windows, Mac OS, Linux, iOS, Android, Blackberry and integrates with Chrome, Firefox, Opera, but it does not integrate with Safari.