{{tag>english startpage it-security blog}}
====== Secure passwords ======
| Version | 3.1 |
===== 1.0 Introduction =====
Passwords are becoming increasingly important these days. Online banking, FTP access and website accounts are forcing us to have more and more passwords. Of course you can manage everything with a password, but I doubt whether this is in the interest of security. In this tutorial, I will explain what a password should look like and what you should bear in mind when managing it.
===== 2.0 Dealing with passwords =====
Let's start by clarifying two things:
The wrong and the right way to handle passwords, as well as the unrealisable ideal situation.
==== 2.1 Ideal situation ====
The ideal handling of passwords would look like this:
Integrated into our brain would be a [[wp>MySQL]] database that could store an infinite amount of information and retrieve it at any time. We would then be able to remember every password. Of course, this is completely utopian. At least with the current state of technology. But what we can't do, a computer can do for us. But more on that later.
==== 2.2 Incorrect administration ====
Let's look at a few things that are fundamentally wrong when it comes to password management:
- Passwords should never be written down
- Storing passwords in a text file on your computer is also not secure
- Sticking them under the keyboard is not ideal either
==== 2.3 Correct administration ====
Passwords should be managed carefully. There are so many different ways in which passwords can be attacked that we must not simply act rashly. There are several ways to manage them well and securely:
- Password matrices
- Special hardware
- Card-supported password management systems
- Password programmes
I will go into the password programmes in more detail below, as these are the most useful for private users.
==== 2.4 Password programmes ====
Password programmes are usually databases that store data in a clearly organised manner.
What must such a programme be able to do?
- A password generator should be integrated
- The database must be protected by a master password
- Adjustable length
- Combination of numbers, upper and lower case letters and special characters
- The database must not be stored in plain text
Such a tool is [[https://keepass.info/index.html|available]] here.
===== 3.0 Structure of the password =====
A secure password must fulfil certain requirements. We will now look at these in more detail.
flowchart TD
A[Secure password]
B[Letters]
C[Numbers]
D[Special characters]
E[Length]
B1[A-Z]
B2[a-z]
C1[0-9]
D1[+-!?_-]
E1[12]
A-->B
A-->C
A-->D
A-->E
B-->B1
B-->B2
C-->C1
D-->D1
E--minimum-->E1
==== 3.1 Passwords should not look like this ====
Not like this:
* "qwrt" and similar keyboard combinations
* Pure numbers
* Pure letters
* Simple words such as sex, god etc.
* No personal data such as sister's name or year of birth
==== 3.2 Number of characters ====
A good password should have at least 12 characters. In addition, it should be a combination of numbers, upper and lower case letters and special characters.
Examples of good and secure passwords are
ZfA5ZWc~$w8A
j?7!!G54ks54
@ZT§$&3&?D7€
?1~3€G1EN2!!!
As we would certainly have problems remembering such passwords, I have previously discussed the programmes that can manage them.
===== 4.0 Passwords without programmes =====
If you don't want to create a password with a programme, there is a very simple method for coming up with your own secure password. We form a sentence:
Ich bilde einen Satz mit Groß- & Kleinbuchstaben und den Zahlen 0 und 9
We take the first letters of the sentence, the special character and the numbers and form the password:
IbeSmG&KudZ0u9
This is a quick and easy way to create a password that you will remember.
===== 5.0 On the Internet =====
To ensure a certain basic security of your data on the Internet, it is important to keep a few things in mind:
* Passwords should always be sent via a [[wp>Transport_Layer_Security]] connection
* Use a different password for each site
* Follow the basic [[en:windows:security:basics|Windows security tips]]
* Never share passwords
===== 6.0 Multifactor authentication =====
Wherever possible [[wp>MFA]] should be used wherever possible (e.g. via an authenticator app or a hardware token).
===== 7.0 Conclusion =====
The days when we could carelessly handle access data are over. Phishing strategies and hacker attacks are on the rise and you have to adapt to the trend in order to counteract them. Of course, there is never a 100% guarantee of security, but you can at least take good precautions to avoid becoming a victim of data theft.
There is a practical tool for generating passwords [[en:software:omegapass|here in the wiki]].