You've loaded an old revision of the document! If you save it, you will create a new version with this data. Media Files====== Secure passwords ====== | Version | 3.0 | ===== 1.0 Introduction ===== In today's world, passwords are becoming more and more important. Online banking, FTP access and website accounts force us to have more and more passwords. Of course, you can manage everything with a password, but whether this is in the sense of security I dare to doubt. In this tutorial, I will discuss what a password should look like and what you should keep in mind when managing it. ===== 2.0 Dealing with passwords ===== Let's start by clarifying two things: The wrong and the right way to handle passwords, as well as the unrealisable ideal state. ==== 2.1 Ideal state ==== The ideal way of dealing with passwords would be as follows: Integrated in our brain would be a [[wpde>MySQL]] database that could hold infinite information and retrieve it at any time. We would then be able to remember every password. Of course, this is completely utopian. At least with the current state of technology. But what we can't do, a computer can do for us. But more about that later. ==== 2.2 Wrong management ==== Let's look at a few things that are fundamentally wrong with password management: - Passwords should never be written down - Keeping passwords in a text file on your computer is not safe either. - Sticking them under the keyboard is not ideal either. ==== 2.3 Proper management ==== Passwords should be managed thoughtfully. There are so many different ways in which passwords can be attacked that we must not simply act thoughtlessly. There are several ways to manage them well and securely: - Password matrices - Special hardware - Card-based password management systems - Password programs I will discuss password programs in more detail in the following, as they are the most useful for private users. ==== 2.4 Password programs ==== Password programmes are usually databases that clearly store the data. What must such a programme be able to do? - A password generator should be integrated - The database must be protected by a master password - Adjustable length - Combination of numbers, upper and lower case letters and special characters - The database must not be stored in plain text. Such a programme is [[https://keepass.info/index.html|hier]] available. ===== 3.0 Structure of the password ===== A secure password must fulfil certain requirements. We will now go into these in more detail. ==== 3.1 Passwords should not look like this ==== Not like this: * "qwrt" and similar keyboard combinations. * Pure numbers * Pure letters * Simple words like sex, god etc. * No personal data such as sister's name or year of birth. ==== 3.2 Number of characters ==== A good password should have at least 12 characters. In addition, it should be a combination of numbers, upper and lower case letters and special characters. Examples of good and secure passwords are: ZfA5ZWc~$w8A j?7!!G54ks54 @ZT§$&3&?D7€ ?1~3€G1EN2!!! Since we would certainly have problems keeping such passwords, I have previously discussed the programmes that can manage them. ===== 4.0 Passwords without programmes ===== If you don't want to create a password with a programme, there is a fairly simple method to come up with a secure password yourself. We form a sentence: <code text> Dies ist ein Satz, der mit der Zahl 0 und 9 </code> We take the first letters of the sentence and the numbers and form the password: <code text> DieSdmdZ0u9 </code> In this way, you can quickly and easily create a password that will be remembered. ===== 5.0 On the Internet ===== In order to ensure a certain basic security of one's data on the Internet, it is important to observe a few things: * Passwords should always be sent over a [[https://de.wikipedia.org/wiki/Transport_Layer_Security|SSL]] connection * Use a different password for each site * The basic [[windows:security:basics|Windows security tips]] note * Never share passwords ===== 6.0 Multifactor authentication ===== Wherever possible [[https://de.wikipedia.org/wiki/Multi-Faktor-Authentisierung|MFAs (multi-factor authentication)]] should be used (e.g. via an authenticator app or a hardware token). ===== 7.0 Conclusion ===== The times are over when we could carelessly handle access data. Phishing strategies and hacker attacks are on the increase and one must adapt to the trend in order to be able to counteract them. Of course, there is never a 100% guarantee of security, but you can at least take good precautions to avoid becoming a victim of data theft. A practical tool for generating passwords can be found [[software:omegapass|here in the Wiki]].Please solve the following equation to prove you're human. 85 +7 = Please keep this field empty: SavePreviewCancel Edit summary Note: By editing this page you agree to license your content under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International