I had a lecturer, he gave the following example: there are thousands of criminal organisations that want to take something from you. And they think and devise 24/7 how to do it, and they do it and get a good reward. And against them were only a dozen who think in working hours only for poor pay. Conclusion – balance! Criminals will not become less.

Using your pet’s name, your street name or a random word can be easy to remember, but can also be easy to guess.

Even if the website uses hash functions, if the passwords are dictionary words, the attacker can generate lots of possible passwords, hash them and see whether any of them match a stored one. Attackers always start with dictionary words and variations thereof, as most passwords are normal words.

So your accounts will be more secure using passwords made up of a collection of numbers, letters and symbols that don’t resemble a dictionary word. One way of coming up with such passwords is first to choose a memorable phrase and convert it in the way described in the image below.

Strong passwords – long, non-dictionary words that are not easily guessable – are vital. The other thing to remember is to use a different password for every account.

The majority of cases in which someone’s password has been compromised have occurred when an attacker has cracked someone’s password on a low-value, low-security site, and that user used the same password for another, higher-value site. The attacker either knows or guesses the target’s username on the higher-value site and then tries the cracked password on it.

Good password checklist

• Don’t use simple, easy to guess passwords such as names of friends, family and pets. Don’t use words from the dictionary or commonly used passwords such as 12345 or QWERTY.

• Don’t share passwords with other people. If they need access to data they should be given their own login.

• Don’t leave passwords lying around in notebooks, or on sticky notes close to your computer, or in files on your computer where they can easily be read.

• Before you enter a password into a website, make sure it is using a secure connection beginning with https:// (it might also show a small padlock close to the address) this means the site is using a secure link that cannot be intercepted by attackers.

• When you register with some online services they will send you a password so that you can log in. Many sites force you to change the password when you first log in, if they don’t, change it when you first visit the site.

• If possible, change the default password on devices such as your internet router. This is programmed at the factory and some companies have a single password for all their devices. An attacker only needs to know the make of your router to gain access.

• If you have trouble remembering passwords try a password manager program that not only stores passwords, but can generate new, highly complex passwords for you.

• Two-factor authentication give you additional protection as it requires two pieces of information (such as a password and a random number sent by SMS) to provide access to your data. If a company offers two factor authentication, you should use it..

Test it using the password-strength meter on the OpenLearn site:


Password Rules

-I use about 30+ different passwords per day in my work and My mother tongue is not english and I know 4 different languages, so even if i use as my password  “letmein” in mix language, the hackers will never get it lol. All my passwords are stored mostly in my head and most of my passwords are at least 20+ characters and non of them are same and add salt as symbols and numbers, also use upper case and lower case letters. On the other hand, I get angry when my computer and my information suffer from the attack, but this is the fastest way and motivated to learn.-

If you need any IT Support contact: www.naushad.co.uk