Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
en:it-security:passwords [2023/10/18 21:51] – angelegt psycoreen:it-security:passwords [2024/02/05 08:33] (current) – old revision restored (2024/02/04 23:29) psycore
Line 1: Line 1:
 +{{tag>english startpage it-security blog}}
 ====== Secure passwords ====== ====== Secure passwords ======
  
-| Version | 3.|+| Version | 3.|
  
 ===== 1.0 Introduction ===== ===== 1.0 Introduction =====
  
-In today's world, passwords are becoming more and more important. Online banking, FTP access and website accounts force us to have more and more passwords. Of courseyou can manage everything with a password, but whether this is in the sense of security I dare to doubt. In this tutorial, I will discuss what a password should look like and what you should keep in mind when managing it.+Passwords are becoming increasingly important these days. Online banking, FTP access and website accounts are forcing us to have more and more passwords. Of course you can manage everything with a password, but I doubt whether this is in the interest of security. In this tutorial, I will explain what a password should look like and what you should bear in mind when managing it.
  
 ===== 2.0 Dealing with passwords ===== ===== 2.0 Dealing with passwords =====
  
 Let's start by clarifying two things: Let's start by clarifying two things:
-The wrong and the right way to handle passwords, as well as the unrealisable ideal state.+The wrong and the right way to handle passwords, as well as the unrealisable ideal situation.
  
  
  
-==== 2.1 Ideal state ====+==== 2.1 Ideal situation ====
  
-The ideal way of dealing with passwords would be as follows+The ideal handling of passwords would look like this
-Integrated in our brain would be a [[wpde>MySQL]] database that could hold infinite information and retrieve it at any time. We would then be able to remember every password. Of course, this is completely utopian. At least with the current state of technology. But what we can't do, a computer can do for us. But more about that later.+Integrated into our brain would be a [[wp>MySQL]] database that could store an infinite amount of information and retrieve it at any time. We would then be able to remember every password. Of course, this is completely utopian. At least with the current state of technology. But what we can't do, a computer can do for us. But more on that later.
  
  
  
-==== 2.2 Wrong management ====+==== 2.2 Incorrect administration ====
  
-Let's look at a few things that are fundamentally wrong with password management:+Let's look at a few things that are fundamentally wrong when it comes to password management:
   - Passwords should never be written down   - Passwords should never be written down
-  - Keeping passwords in a text file on your computer is not safe either. +  - Storing passwords in a text file on your computer is also not secure 
-  - Sticking them under the keyboard is not ideal either.+  - Sticking them under the keyboard is not ideal either
  
  
  
-==== 2.3 Proper management ====+==== 2.3 Correct administration ====
  
-Passwords should be managed thoughtfully. There are so many different ways in which passwords can be attacked that we must not simply act thoughtlessly. There are several ways to manage them well and securely:+Passwords should be managed carefully. There are so many different ways in which passwords can be attacked that we must not simply act rashly. There are several ways to manage them well and securely:
   - Password matrices   - Password matrices
   - Special hardware   - Special hardware
-  - Card-based password management systems +  - Card-supported password management systems 
-  - Password programs +  - Password programmes 
-I will discuss password programs in more detail in the following, as they are the most useful for private users.+I will go into the password programmes in more detail below, as these are the most useful for private users.
  
  
  
-==== 2.4 Password programs ====+==== 2.4 Password programmes ====
  
-Password programmes are usually databases that clearly store the data.+Password programmes are usually databases that store data in a clearly organised manner.
 What must such a programme be able to do? What must such a programme be able to do?
   - A password generator should be integrated   - A password generator should be integrated
Line 49: Line 50:
   - Adjustable length   - Adjustable length
   - Combination of numbers, upper and lower case letters and special characters   - Combination of numbers, upper and lower case letters and special characters
-  - The database must not be stored in plain text.+  - The database must not be stored in plain text
  
-Such a programme is [[https://keepass.info/index.html|hier]] available.+Such a tool is [[https://keepass.info/index.html|available]] here.
  
  
 ===== 3.0 Structure of the password ===== ===== 3.0 Structure of the password =====
  
-A secure password must fulfil certain requirements. We will now go into these in more detail. +A secure password must fulfil certain requirements. We will now look at these in more detail.
  
 +<mermaid>
 +  flowchart TD
 +      A[Secure password]
 +      B[Letters]
 +      C[Numbers]
 +      D[Special characters]
 +      E[Length]
 +      B1[A-Z]
 +      B2[a-z]
 +      C1[0-9]
 +      D1[+-!?_-]
 +      E1[12]
 +      A-->B
 +      A-->C
 +      A-->D
 +      A-->E
 +      B-->B1
 +      B-->B2
 +      C-->C1
 +      D-->D1
 +      E--minimum-->E1
 +</mermaid>
  
 ==== 3.1 Passwords should not look like this ==== ==== 3.1 Passwords should not look like this ====
  
 Not like this: Not like this:
-  * "qwrt" and similar keyboard combinations.+  * "qwrt" and similar keyboard combinations
   * Pure numbers   * Pure numbers
   * Pure letters   * Pure letters
-  * Simple words like sex, god etc. +  * Simple words such as sex, god etc. 
-  * No personal data such as sister's name or year of birth.+  * No personal data such as sister's name or year of birth
  
  
Line 73: Line 95:
  
 A good password should have at least 12 characters. In addition, it should be a combination of numbers, upper and lower case letters and special characters. A good password should have at least 12 characters. In addition, it should be a combination of numbers, upper and lower case letters and special characters.
-Examples of good and secure passwords are:+Examples of good and secure passwords are
 ZfA5ZWc~$w8A ZfA5ZWc~$w8A
 j?7!!G54ks54 j?7!!G54ks54
 @ZT§$&3&?D7€ @ZT§$&3&?D7€
 ?1~3€G1EN2!!! ?1~3€G1EN2!!!
-Since we would certainly have problems keeping such passwords, I have previously discussed the programmes that can manage them.+As we would certainly have problems remembering such passwords, I have previously discussed the programmes that can manage them.
  
 ===== 4.0 Passwords without programmes ===== ===== 4.0 Passwords without programmes =====
  
-If you don't want to create a password with a programme, there is a fairly simple method to come up with secure password yourself. We form a sentence:+If you don't want to create a password with a programme, there is a very simple method for coming up with your own secure password. We form a sentence:
  
 <code text> <code text>
-Dies ist ein Satz, der mit der Zahl 0 und 9+Ich bilde einen Satz mit Groß- & Kleinbuchstaben und den Zahlen 0 und 9
 </code> </code>
  
-We take the first letters of the sentence and the numbers and form the password:+We take the first letters of the sentence, the special character and the numbers and form the password:
  
 <code text> <code text>
-DieSdmdZ0u9+IbeSmG&KudZ0u9
 </code> </code>
  
-In this way, you can quickly and easily create a password that will be remembered.+This is a quick and easy way to create a password that you will remember.
  
 ===== 5.0 On the Internet ===== ===== 5.0 On the Internet =====
  
-In order to ensure a certain basic security of one'data on the Internet, it is important to observe a few things:+To ensure a certain basic security of your data on the Internet, it is important to keep a few things in mind:
  
-  * Passwords should always be sent over a [[https://de.wikipedia.org/wiki/Transport_Layer_Security|SSL]] connection+  * Passwords should always be sent via a [[wp>Transport_Layer_Security]] connection
   * Use a different password for each site   * Use a different password for each site
-  * The basic [[windows:security:basics|Windows security tips]] note+  * Follow the basic [[en:windows:security:basics|Windows security tips]] 
   * Never share passwords   * Never share passwords
  
 ===== 6.0 Multifactor authentication ===== ===== 6.0 Multifactor authentication =====
  
-Wherever possible [[https://de.wikipedia.org/wiki/Multi-Faktor-Authentisierung|MFAs (multi-factor authentication)]] should be used (e.g. via an authenticator app or a hardware token).+Wherever possible [[wp>MFA]] should be used wherever possible (e.g. via an authenticator app or a hardware token).
  
 ===== 7.0 Conclusion ===== ===== 7.0 Conclusion =====
  
-The times are over when we could carelessly handle access data. Phishing strategies and hacker attacks are on the increase and one must adapt to the trend in order to be able to counteract them. Of course, there is never a 100% guarantee of security, but you can at least take good precautions to avoid becoming a victim of data theft.+The days when we could carelessly handle access data are over. Phishing strategies and hacker attacks are on the rise and you have to adapt to the trend in order to counteract them. Of course, there is never a 100% guarantee of security, but you can at least take good precautions to avoid becoming a victim of data theft.
  
-practical tool for generating passwords can be found [[software:omegapass|here in the Wiki]].+There is a practical tool for generating passwords [[en:software:omegapass|here in the wiki]].