Share this:

How to create passwords correctly

 

Creating passwords that cannot be cracked is an art that can be learned. Do not think that a good password can be taken from the generator or come up with yourself.

The Brazilian Federal Police arrested a banker named Daniel Dantas in 2008 for crimes commonly attributed to white-collar workers: falsification of accounts, money laundering, bribes, and so on.

Dantas used the TrueCrypt program on his computer, which we already wrote about on our channel, as well as the AES256 encryption protocol, to encrypt compromising information. Special agents worked on his hard drives (and passwords for them) for 18 months, and even with help from the FBI, they could not decrypt the contents. The police failed the investigation, and Dantas was released.

Password must consist of several words in Latin

Many sites have built-in password generators when registering, or in your account. All of these generators offer a password consisting of a long sequence of random numbers, letters, and symbols. Many are sure that this is the best type of password, in fact – it’s just the opposite.

In cryptography there is such a thing as entropy. This is an indicator of how random the conditions for creating a password were and, accordingly, how difficult it is to select. The bigger it is, the better. Now, take a look at a typical password:

Caps Lock – characters written in “caps” add one bit of entropy

Each digit – gives 3 bits of entropy

Characters like% # @ – give 4 bits of entropy each

The average password is 16-28 bits of entropy, it will take 3 days to select it at a speed of 1000 attempts / sec. In addition, such a password will be difficult to remember.

The correct approach is to include a set of random English words in the password. It turns out that just the word “musician” gives the password 11 bits of entropy, so 4 words written in a row is already 44 bits of entropy, or 550 years to guess the password at a speed of 1000 attempts / sec. Remembering such a password will be very easy, just remember the words, imagining what they mean in your mind, or use a different memorization technique.

Optionally, you can add a few numbers or characters to the password that will be easier for you to remember.

Want to know more?

Send a message and our managers will contact you.