This translation is older than the original page and might be outdated.

Secure passwords

Draft Newest approved | Approver: psycore

This is an old revision of the document!


Secure passwords

Version 3.0

1.0 Introduction

In today's world, passwords are becoming more and more important. Online banking, FTP access and website accounts force us to have more and more passwords. Of course, you can manage everything with a password, but whether this is in the sense of security I dare to doubt. In this tutorial, I will discuss what a password should look like and what you should keep in mind when managing it.

2.0 Dealing with passwords

Let's start by clarifying two things: The wrong and the right way to handle passwords, as well as the unrealisable ideal state.

2.1 Ideal state

The ideal way of dealing with passwords would be as follows: Integrated in our brain would be a MySQL database that could hold infinite information and retrieve it at any time. We would then be able to remember every password. Of course, this is completely utopian. At least with the current state of technology. But what we can't do, a computer can do for us. But more about that later.

2.2 Wrong management

Let's look at a few things that are fundamentally wrong with password management:

  1. Passwords should never be written down
  2. Keeping passwords in a text file on your computer is not safe either.
  3. Sticking them under the keyboard is not ideal either.

2.3 Proper management

Passwords should be managed thoughtfully. There are so many different ways in which passwords can be attacked that we must not simply act thoughtlessly. There are several ways to manage them well and securely:

  1. Password matrices
  2. Special hardware
  3. Card-based password management systems
  4. Password programs

I will discuss password programs in more detail in the following, as they are the most useful for private users.

2.4 Password programs

Password programmes are usually databases that clearly store the data. What must such a programme be able to do?

  1. A password generator should be integrated
  2. The database must be protected by a master password
  3. Adjustable length
  4. Combination of numbers, upper and lower case letters and special characters
  5. The database must not be stored in plain text.

Such a programme is hier available.

3.0 Structure of the password

A secure password must fulfil certain requirements. We will now go into these in more detail.

3.1 Passwords should not look like this

Not like this:

  • “qwrt” and similar keyboard combinations.
  • Pure numbers
  • Pure letters
  • Simple words like sex, god etc.
  • No personal data such as sister's name or year of birth.

3.2 Number of characters

A good password should have at least 12 characters. In addition, it should be a combination of numbers, upper and lower case letters and special characters. Examples of good and secure passwords are: ZfA5ZWc~$w8A j?7!!G54ks54 @ZT§$&3&?D7€ ?1~3€G1EN2!!! Since we would certainly have problems keeping such passwords, I have previously discussed the programmes that can manage them.

4.0 Passwords without programmes

If you don't want to create a password with a programme, there is a fairly simple method to come up with a secure password yourself. We form a sentence:

Dies ist ein Satz, der mit der Zahl 0 und 9

We take the first letters of the sentence and the numbers and form the password:

DieSdmdZ0u9

In this way, you can quickly and easily create a password that will be remembered.

5.0 On the Internet

In order to ensure a certain basic security of one's data on the Internet, it is important to observe a few things:

  • Passwords should always be sent over a SSL connection
  • Use a different password for each site
  • The basic Windows security tips note
  • Never share passwords

6.0 Multifactor authentication

Wherever possible MFAs (multi-factor authentication) should be used (e.g. via an authenticator app or a hardware token).

7.0 Conclusion

The times are over when we could carelessly handle access data. Phishing strategies and hacker attacks are on the increase and one must adapt to the trend in order to be able to counteract them. Of course, there is never a 100% guarantee of security, but you can at least take good precautions to avoid becoming a victim of data theft.

A practical tool for generating passwords can be found here in the Wiki.

en/it-security/passwords.1697658705.txt.gz · Last modified: 2023/10/18 21:51
CC Attribution-Noncommercial-Share Alike 4.0 International