What to put the password.

Everyone faced the problem of choosing a password - password.

And so that he would not be lost in memory, and so that no one would be indignant, and so that he would be imitation-resistant - unbreakable. A lot can be written about ciphers and passwords. However, in addition to the unique and "correctly" composed password, it is also necessary to methodically correctly organize its storage and administration. On the other hand - paranoia, and even if you forget it ....

Cracking a password is difficult, but possible. Complicating the work of crackers can be quite serious.

"One" of the largest social networks reported that almost every day, out of more than a billion attempts to enter the system, more than 600 thousand are made by cybercriminals who try to gain access to other people's messages, photos and other personal information.

The American Internet company SplashData has compiled a list of the most stupid and weak passwords used by people around the world. Unfortunately, many users use exactly them - to make it easy to remember.

The most idiotic and, at the same time, dangerous was the password "password" (password).

In second place is the combination of numbers "123456", in third - "12345678". The words "football" and "superman" have crept into the rating.

12345678

trustno1

baseball

I love you

sunshine

passw0rd

superman

Experts urge you to be more careful and not use the same password for mail, Internet banking and other online services. Experts in the field information security warned users not to use the same login-password pair for several different sites. A strong password must contain at least eight characters, including upper and lower case numbers and letters, and special characters (such as underscores, dollar, or percent).

It is much easier to crack simple passwords programmatically, but complex ones by brute force are very difficult.

Simple advice for choosing a relatively complex password.

We take any word. Let's say the name of a loved one (s) or the nickname of a pet. Switch the keyboard to English.

We look at Russian letters and type this unforgettable name.

Of course, with a capital letter!

For example, the name of the dog Sharik is converted to Ifhbr

Miranda's name -> Vbhfylf

It's easy to remember and hard to pick / hack.

To complicate things, you can use the name of your favorite book (songs and so on). Moreover, if the name contains a numeral, that's great! After all, it is possible and even necessary to write this numeral as a number. In this case, spaces can be skipped or replaced with an underscore _

For example:

3veirtnthf -> Three Musketeers

100ktnjlbyjxtcndf -> One hundred years of solitude.

123456, 11111, etc.

qwerty, phyva, abc, "password" / "password", etc.

name (your, loved ones, pet ...)

date of birth (your, loved ones, pet ...)

phone number

And:

the minimum acceptable password length is 8 characters

the password should be meaningless

Why is this so important when choosing a password?

Let's consider each of these positions separately.

Briefly on the first 2 points. These passwords are elementary, common and known to any hacker, rest assured that this is the first thing a person trying to hack into your account will try.

To get an idea of ​​the rest of the positions, let's plunge into the depths of the problem and try to look at everything from the inside.

Any password that you enter during registration, before entering the storage, is necessarily encrypted. There are many algorithms for such encryption. Using the example of the most common of them, one-way MD5 encryption, we will trace the path of our password from registration to its cracking.

So, after encryption, our password takes the form of a HESH (checksum), which in our case consists of 32 specially received characters and looks like, for example: "202cb962ac59075b964b07152d234b70" for the password "123".

If a cracker manages to gain access to the storage and get the HESH of our passwords. Then he is faced with the task of decoding them. In this he will be helped by special software, which can be easily found on the Internet.

Any program for decrypting passwords of this type operates by brute force: full (Brute force), according to the words, by mask. This task, depending on the complexity and literacy of the password, can take from a few seconds to several days, months or even years.

Using a standard PC (CPU: 3 GHz) and software (PasswordPro) "House of Soviets" decided to test the stability of a line of passwords of different lengths and compositions.

So, passwords consisting of numbers will be the first to surrender.

Password: "1234"; search time< 1 c.

Password: "1234894"; search time< 1 c.

Alphabetic passwords will last a little longer.

Password: "adfp"; search time = 2 s.

Password: "adrpsdq"; search time = 22 min. 1 sec.

The combination of lowercase and uppercase letters will significantly increase the time, but still it remains insufficient, given that several PCs can work on decryption at once.

Password: "aBst"; search time = 5 s.

Password: "fdQnnHF"; search time = 1 day, 22 h. 13 min.

And the most ideal option would be a combination of uppercase, lowercase letters, numbers, special characters (usually "-" and "_") and with a length of at least 6 characters.

Password: "As_3"; search time = 7 s.

Password: "fN4u-3k"; search time = 11 days, 13 hours 27 minutes.

Password: "fN4u-3kS8"; search time> 1 year.

The search can be performed not only by periodically combining printable characters, but also according to a certain list of words, a password base, which can include both a dictionary, for example, Dahl or user passwords stolen from other sites, and your personal data prudently found on the Internet. Therefore, it is important that the password is not meaningful and does not contain such obvious data as the day, month, year of your birth, the names of yours and your loved ones, etc.

Is it safe to store the password on the computer?

No. There are a huge number of programs (Trojans, Keyloggers) that are able to search for valuable files on your hard drive, connected flash card, or take notes on the keys you pressed and send the obtained information to their owner.

Crack the password. It is possible, but now it is difficult.

Even if you are protected by a Firewall and antivirus with the latest update, it is better to play it safe and store really important information in a paper notebook.

And then there is the letter ё!

Which password to choose.

1. General information. The vast majority of operating systems use a username and password to identify and authenticate users. For identification, the user must enter his name, and for authentication enter password - a text string known only to him. The username is usually assigned by the system administrator.

The identification and authentication procedure using a username and password is extremely simple. The user enters a username and password from the keyboard, the operating system searches the user list for an entry related to that user, and compares the password stored in the user list with the password entered by the user. If an entry for a logged-in user is present in the user list and the password contained in this entry matches the entered password, identification and authentication are considered successful and user authorization begins. Otherwise, the user is denied access and cannot work with the operating system until he is successfully identified and authenticated. If a user is identified and authenticated while a user logs on to a remote server, the user's name and password are sent over the network (usually encrypted).

To provide reliable protection operating system, the password of each user should be known only to this user and to no one else, including system administrators. At first glance, the fact that the administrator knows the password of a certain user does not negatively affect the security of the system, since the administrator, logging into the system as a regular user, receives rights that are less than those that he will receive by logging into the system on his own behalf. However, by logging into the system on behalf of another user, the administrator gets the opportunity to bypass the audit system, as well as take actions that compromise this user, which is unacceptable in a protected system.

It follows from the above that user passwords should not be stored in the operating system in clear text. Since the system administrator must have access to the list of users in order to perform his duties (this is necessary, for example, to register new users), then if the passwords are stored there openly, the administrator gains access to them. Thus, the administrator is able to log on to the system on behalf of any registered user.

Usually, to encrypt passwords in the list of users, one of the well-known cryptographically strong ones is used hash functions ~ an easily computable function for which the function
(possibly ambiguous) cannot be computed in a reasonable amount of time. The user list does not store the password itself, but the image password, which is the result of applying a hash function to the password. The unidirectional nature of the hash function does not allow recovering the password from the image of the password, but allows, by calculating the hash function, to obtain an image of the password entered by the user and thus check the correctness of the entered password. In the simplest case, the result of encrypting some constant on the password is used as a hash function.

The hash function used to generate password images must be cryptographically strong. The fact is that it is almost impossible to ensure that password images are kept secret from all users of the system. The operating system administrator, using his privileges, can easily read the password images from the file or database in which they are stored. During network user authentication on the server, the password image is transmitted over open communication channels and can be intercepted by any network monitor. If an attacker, knowing the value of the hash function (image of the user's password), can, within a reasonable time, find the function argument corresponding to this value (the user's password or its equivalent password), there can be no question of any information protection in the operating system. This does not mean that password images should be publicly available. Storing password images in a file or database that only system processes can access creates an additional layer of protection.

The procedure for generating a password image must necessarily participate markant - a randomly generated number or string stored in clear text along with the password image. This is necessary in order for different images to correspond to the same passwords. Otherwise, an attacker can carry out a series of attacks against operating system, the most dangerous of which is as follows.

An attacker takes an electronic dictionary and for each word from this dictionary generates exactly the same hash function that is used to generate a password image. The words and their corresponding hash functions are stored in the database. Having intercepted a password image of a certain user, the attacker searches this database for a word that matches the intercepted password image. This is the desired password (or the password equivalent to the desired one). The probability of successfully obtaining a password from an image can be made arbitrarily high - all you need to do is to have a sufficiently large dictionary. At the same time, in order to replenish the dictionary, an attacker does not need to have access to the attacked operating system. Moreover, an attacker can store the dictionary outside the attacked system, for example, on his home computer. This attack can only be carried out when the same passwords match the same password images. If a token is used to generate a password image, this attack is unfeasible.

If the user who logs on to the system entered their username or password incorrectly, the operating system should give him an error message without indicating which information is incorrect. Otherwise, password guessing is greatly simplified.

When passwords are used to authenticate users, there are two main threats to the operating system's authentication subsystem — password theft and password guessing.

To provide reliable protection against password theft, the operating system's security subsystem must meet the following requirements:

The password entered by the user is not displayed on the computer screen;

Entering a password from the command line is not allowed.

In addition, users of the operating system should be instructed on:

The need to keep the password secret from other users, including operating system administrators;

The need to immediately change the password after it has been compromised;

The need to regularly change the password;

It is inadmissible to write the password on paper or in a file.

2. Password guessing methods. There are the following methods for guessing user passwords.

1. Total bust. In this case, the attacker will sequentially try all possible password variants. If the password is longer than four to six characters, this method is completely ineffective.

2.A brute-force search, optimized for the statistics of the occurrence of symbols. Different characters appear in user passwords with different probabilities. For example, the likelihood that a user's password will contain the letter "a" is much higher than the likelihood that the password will contain the letter "l". According to various studies, the statistics of the occurrence of characters in the password alphabet is close to the statistics of the occurrence of characters in natural language.

In practical application of this method, the attacker first tries passwords consisting of the most frequently encountered characters, due to which the search time is significantly reduced. Sometimes, when guessing passwords, not only the statistics of the occurrence of characters is used, but also the statistics of the occurrence bigram and trigram - combinations of two and three consecutive symbols, respectively.

Many programs have been written to guess passwords using this method at different times. Some of them alternately supply different password variants to the input of the operating system authentication subsystem, while others test the password variants by generating a hash function and then comparing it with a known password image. In the first case, the speed of password guessing is determined by the performance of the operating system. In the second case, the average time to guess a password from 6 to 8 characters, which does not include either numbers or punctuation marks, varies from several tens of seconds to several hours, depending on the computing power of the computer and the efficiency of the implementation of the hash function generation algorithm in the password picker.

3.A brute force search optimized with dictionaries. In most cases, user passwords are English or Russian words. Because it is much easier for a user to remember a meaningful word than a meaningless sequence of characters, users prefer to use meaningful words as passwords. At the same time, the number of possible password variants is sharply reduced. Indeed, the English language contains only about 100,000 words (not counting scientific, technical, medical and other terms), which is 6.5 times less than the number of all combinations of four English letters.

Using this method guessing passwords, the attacker will first try as passwords all words from the dictionary containing the most likely passwords. An attacker can compile such a dictionary himself, or he can take it, for example, on the Internet, where there is a huge number of such dictionaries adapted for different countries of the world. If a brute-force password is not in the dictionary, the attacker will try all possible combinations of words from the dictionary, words from the dictionary with one or more letters, numbers and punctuation marks added to the beginning and / or to the end, etc.

Usually this method is used in combination with the previous one.

4. Password guessing using user knowledge. As mentioned above, users try to use passwords that are easy to remember. Many users, in order not to forget the password, choose their first name, last name, date of birth, phone number, car number, etc. as a password. In this case, if the attacker knows the user well, he usually only needs 10-20 attempts.

5.Selection of the password image. If the operating system's authentication subsystem is designed so that the password image is significantly shorter than the password itself, an attacker can guess not the password, but its image. However, in this case, the attacker, having picked up the password image, must obtain the password itself that matches the selected image, and this is possible only if the hash function used in the system does not have sufficient strength.

3. Protection against compromised passwords. We will say what happened compromise password if the user's password has become known to some other user. Compromise can occur as a result of either user negligence, or theft or brute-force attack on a password. There are a number of methods that can somewhat reduce the threat of compromised user passwords.

1. Password expiration limitation. When using this method, each user of the operating system is obliged to change the password at regular intervals. It is advisable to limit the maximum password validity period to 30-60 days. Weaker restrictions do not have the desired effect, and using stronger restrictions dramatically increases the likelihood that the user will forget their password. After the password has expired, the user must change his password for some time (usually 1 - 2 days) after the first login after this period. If the user has not changed the password within the allotted time, the operating system prohibits him from logging in until the system administrator explicitly permits it.

The password validity period should be limited not only from the top, but also from the bottom. Otherwise, by changing the password, the user can immediately revert to the old password by changing the password again.

It is also advisable to check the uniqueness of the new password each time the password is changed. To do this, the operating system must store not only an image of the user's current password, but also images of the last 5-10 passwords that it used.

2.Restrictions on the content of the password. This method consists in the fact that the user can choose as a password not an arbitrary string of characters, but only a string that satisfies certain conditions. The following conditions are commonly used:

Password length must not be less than a certain number of characters; in the literature on computer security and in the documentation of operating systems, it is usually recommended to prohibit the use of passwords shorter than 6-8 characters, but taking into account the rapid progress computing technology, at present it is advisable to limit the length of passwords to already 10-14 characters;

The password must contain at least 5-7 different characters;

The password must include both lowercase and uppercase letters;

The user's password must not be the same as his name;

The password should not be on the list of "bad" passwords stored in the system.

As a rule, operating system administrators can vary these restrictions both within the entire operating system and for individual users. For example, if a username is used for a guest login, it is not practical to set restrictions on the password used.

When choosing password restrictions, keep in mind that if the password restrictions are too strong, it will be difficult for users to remember their passwords.

3.Terminal blocking. When using this method, if the user makes a mistake several times in a row when entering the name and password, the terminal from which the user logs in is blocked, and the user cannot continue further attempts to log in. The parameters of this method are:

Maximum allowed number of unsuccessful attempts to log in from one terminal;

Time interval after which the counter of unsuccessful login attempts is reset;

Terminal blocking duration (can be made unlimited - in this case, the terminal blocking can only be removed by the system administrator).

4. Blocking a user. This method differs from the previous one only in that it is not the terminal from which the user logs in to the system that is blocked, but the user account.

5.Generation of passwords by the operating system. V In this case, users cannot independently invent passwords for themselves - the operating system does this for them. When the user needs to change the password, he enters the appropriate command and receives a new password from the operating system. If the proposed password option does not suit the user, he may ask the operating system for a different option. The main advantage of this method is that the operating system generates passwords randomly, and it is almost impossible to guess such passwords. On the other hand, such passwords are usually difficult to remember, which forces users to write them down on paper. If this is not a threat to the security of the system (for example, if the user only logs into the system via the Internet from their home computer), this authentication model is close to ideal. Otherwise, it is impractical to use it.

6.Password and revocation. When using this authentication scheme, when a user logs on to the system, the operating system gives him a random number or a string for which the user must give correct feedback. In fact, the password is the parameters of the algorithm for converting the operating system request into a correct user response. These parameters are randomly selected by the operating system for each user, which effectively reduces this authentication scheme to the previous one.

7.One-time password. V In this case, the user's password is automatically changed after each successful login. This authentication scheme reliably protects against brute-force passwords, because even if an attacker has brute-force a certain password, he will be able to use it only once. In addition, a user whose password is compromised will not be able to log on to the system next time, as he will try to enter the previous password already used by the attacker. The disadvantage of this scheme is that it is almost impossible to remember many constantly changing passwords. In addition, users often "get lost" by trying to enter a password when logging into the system, which is outdated or has not yet taken effect. Due to these and some other shortcomings, this scheme is practically not used in practice. Some of the listed methods can be used in combination.

Agree that nowadays it is difficult to imagine a computer life without constantly entering a password. We need a password everywhere - from turning on the computer, registering on various sites and forums, accessing our mailboxes and ending with the creation of accounts (pages with personal data and settings) in payment systems and sending / receiving payments electronically.

And if with a one-time registration on any random site (for example, just to download the game) you can without hesitation specify any password (even "123456"), then when creating a permanent account on an important site (especially if it is connected with money operations), the password must be very strong.

Otherwise, the password can be hacked by an intruder, and the obtained personal data can be used to communicate on the network on our behalf (at best) or to obtain loans or open accounts. Therefore, it is better to take care of protection in advance, and today change all your "weak" passwords to more secure ones.

In this article, let's understand what a strong password is, and also talk about the basic rules when creating and storing passwords.

How can our password be cracked? And why can't the password be anything? After all, it would seem, how can you guess the password that I personally invented?

It's pretty simple! In most cases, no one guesses anything! The most popular hacking method is the usual brute force possible options- the so-called "brute force" method or brute force. Standard passwords("123456", "111111", "789456", "qwerty", "fyvapr", "ytsuken", etc.) are checked first, and then there is an elementary substitution of all characters.

Naturally, the enumeration is not done manually, but using special programs that are able to sort out a huge number of different combinations in a short time.

For example:

The password "09071985" (date of birth) will be picked up in 1-2 seconds;

The password "andrey" will be picked up in 4 seconds

The password "Andrey" will be picked up in 3-4 minutes;

The password "1n2f4g8y0" will be picked up in 4 days;

The “EC3 + gHFBI” password will be brute-force for 12 years;

And the password "kKC% 5426hMIN" will take several million years.

What conclusions can be drawn at this stage?

Conclusion 1. Password should not be short.

It is generally undesirable to have a password of less than 8 characters, and it is even better that the password contains 10-12 characters or more.

Conclusion 2. The password should not contain only numbers or only letters (especially repetitive ones). It is best when letters and numbers alternate, and even better if special characters or punctuation marks are added to the password.

Conclusion 3. It is important to use uppercase and lowercase characters (both large and small) in the same password. This is done using the key Shift.

Another way to crack a password is to analyze data about a person. Knowing the information about a person, it is easier to guess his password.

All information about a person is collected (either manually, or with the help of special programs), and then checked in various combinations.

For example, a long password "andreykurganov" will be brute-force brute-force for about 150 thousand years, but if the attacker knows whose password he is dealing with, then such a password will be among the first to be checked. And then what is the use of such a password?

In addition, in this way, attackers can choose not the password itself, but the "secret question", which is often used for. It is often easier for an attacker to click on the "Forgot your password?"

And where is the easiest place to find out data about a person? Of course in "social networks".

It's very easy to go to the site or and find out about a person his name, surname, year of birth, names of children, wife / husband or pets. You can find out quickly and practically everything, right down to your favorite music group, color, or your favorite phrases and sayings.

And if Sasha Petrov to enter your account "Classmates" the password "SashaPetrov" is used, then this is at least the height of carelessness. And then we are surprised that friends receive messages on our behalf with requests to replenish the account of an unknown phone or to borrow money (for example, by transferring to the specified card).

Conclusion 4. Do not use a password that contains any information about you or your family - all kinds of memorable dates (births, weddings, etc.), names and surnames of relatives, apartment numbers, documents or phone numbers. It is also unacceptable to use any combination of personal data.

Conclusion 5. The password should be meaningless, so it is best to discard a password that is any existing one vocabulary word(in any language).

Conclusion 6. Do not use "secret questions", the answers to which can be easily found out or picked up.

Now a little about storing passwords and their number.

Let's say we created a strong password and even remembered it. Remembering the second password will be harder, the third even harder ...

It is for this reason that many users when registering on different sites use the same password, or create passwords like "password1", "password2", "password3" or "Mail password", "Skype password", etc. But this is unreasonable, tk. when such a password is cracked, an attacker will have access to all of our accounts at once.

Of course, remembering several passwords consisting of a random set of characters is impossible, so you need to somehow record and store passwords, but ...

Agree, it's stupid to create a strong password, and then write it down on a sticker and stick it to the edge of the monitor. But many do just that, and the most interesting thing is not at home, but in offices. I personally saw this in the tax office !!! But such a computer can contain the entire database with information about taxpayers. Here is the answer to the question, where did the fraudsters get passport data for obtaining loans.

Approximately the same meaning will turn out if you put a notebook in front of everyone, on the cover of which “MY PASSWORDS” is written in bold letters, or on Desktop Windows host text file with the same name.

Conclusion 7. You must use a unique password for each individual Internet service, forum, site.

Conclusion 8. Do not keep passwords in plain sight.

Conclusion 9. Do not store passwords on the Internet or on your computer as a text file.

If an attacker gains access to our computer (this is not as difficult as it might seem), then it will be even easier to find a file with passwords for him (moreover, anywhere on the hard disk).

Passwords and "security questions" should be taken as seriously as the information protected by these passwords, so do not share your password with ANYONE. Keep your password secret from your loved ones (especially children) and friends. A possible exception would be the password for the general bank account (family) if other family members should have access to this account.

Store passwords only in a safe place! This is important not only from the point of view of password theft by unauthorized persons, but also from the point of view of accidental loss of the password (due to our negligence or inexperience).

Conclusion 10. Do not store passwords using the browser's built-in password savers.

First, you can never be sure of the reliability of such a "guardian" and that the browser itself does not contain "holes" in protection. Attackers are primarily looking for "holes" in browsers, because Everyone uses browsers.

Secondly, if the browser or the entire system malfunctions, then there is a very high probability that we will lose access to all the passwords that the browser stores, and this, although not a hack, is also unpleasant.

Conclusion 11. Make copies of passwords.

If you use special software, then do not forget to periodically do backups databases with passwords. If you store passwords on a piece of paper, then make a second copy of such a sheet (or notebook) and store the original and the duplicate in different (secluded) places.

Conclusion 12. Do not enter passwords in third-party programs, on third-party sites, and do not send passwords by mail (even upon request from the support service or site administration). The administration of a REAL serious site will never require a password, so if you received such a request, then this is most likely a job.

Conclusion 13. Try to enter passwords as rarely as possible using other people's computers, and especially in public places (Internet cafes, terminals, etc.). It is highly undesirable to enter passwords on someone else's computer to enter the account of payment systems or use Internet banking, because it is possible that this computer is using a device or program to remember keystrokes (keyloggers).

Conclusion 14. Change passwords periodically (especially if you used a password on someone else's computer). The stronger the password, the longer you can use it. A strong password of 12-14 characters, compiled taking into account the recommendations described above, can not be changed for several years.

Sometimes it's too lazy to come up with a new strong password every time, so for such cases you can use special programs -. Such a program randomly generates a combination of characters, and we instantly receive a strong password.

If you need a generator here and now, then it is in front of you. Set the password length (number of characters) and just press the button Generate:

PASSWORD GENERATOR

I also want to give you a couple of links to sites that allow you to check the strength of the password used:

On this site, you need to insert the password into an empty field, after which a message will be immediately displayed, indicating the time during which the attacker will crack your password using brute force.

It just clearly shows how "strong" the entered password is.

Well, the last piece of advice ...

If you notice incomprehensible changes on any of your accounts or suspect that someone has gained access to your information, then change the password as soon as possible and, if necessary, inform the administration or the support service of the site or the organization representing this account.

Welcome to the blog site! I have long wanted to write an article about what the password for an account should be so that it would be very difficult to crack it. This article will show you how to create a strong password. We will discuss techniques that will help you not only make your password safe, but also not difficult for you to remember.

Now we can no longer imagine our life without the Internet. Almost every site asks for registration. The most popular resources are social networks. Every day, millions of users are authorized in their accounts. We run the risk of making a lot of mistakes by sending important data in messages. It's good when there is a complex password for VK or another popular social network, it helps to protect yourself from intruders.

Several methods to complicate the password

What should be the password? This question is being asked by hundreds of Internet users. There are the following types of passwords:

• alphabetic;
• symbolic;
• digital;
• combined (a combination of the previous options);
• use of register.

The first three are not credible. It too simple ways create a password. Out of inexperience, we make mistakes and set them up. Okay, this will be a "password" for an account on a forum or some other similar place. And, if this is the entrance to the bank's office, all your money will be lost. The only thing that saves is that the security service of such sites has developed a system to reject light passwords.

Letters, numbers and symbols

A combination of letters, symbols and numbers is the safest kind of password. You need to seriously break your head to guess it.

Experienced "users" advise beginners to use this particular combination. Also, don't make it too short. A long combination will keep your data and correspondence safe from third parties.

The main thing is not to use the banal phrases below:

• "123";
• "123456";
• "321";
• "Qwerty";
• "Asdfg".

These and other similar sets of characters from the keyboard are guaranteed to be hacked. Not only they come to your head first, but hundreds of people. They will not even be calculated special program, but usually the ill-wisher.

How to choose a password for mail or other type of authorization? This issue is worth tackling on your own. Several more options for complicating the password will come to the rescue.

Register

Before entering a username and password, you should pay attention to the case-sensitive case of some forms. Combining uppercase and lowercase letters will make your password more secure.

When composing a secret word, think about its variety. Alternate uppercase and lowercase letters one or more at a time. This method will seriously upset online villains.

The most annoying thing is if you yourself forget the order. By recommendation experienced users it is necessary to make the first character uppercase, the second - lowercase, and then alternate one by one. It is better to take note of this advice, so as not to rack your brains later.

It is possible to do without the introduction of register features into the "password", but this is still another method to increase the complexity of the password.

Shifters

The date of birth that any user will remember is the most banal and simplest way. If you beat it correctly, it can turn out to be a good option. Using the "flip", many have managed to create a winning password that is unlikely to be solved.

The method is based on writing characters in reverse order. Choose any date, for example, when you were born and type the text in reverse. If you have conceived the phrase "081978", then turning it over, we get "879180". It's pretty easy to remember how such a password is spelled.

Consider other more complex ideas as well. Let's say your password is based on your first and last name. We type, already knowing the technique using the register - "PeTrPeTrOv". Now we will apply the tactics of "shape-shifters". We apply the date, for example, when the user was born - February 21, 1982. Plus we add symbols to everything. At the end, we get the following example of a password - "PeTrPeTrOv! 28912012". The result turned out to be overwhelming, because for the "user" it is simple and easy, but not for the intruders.

Check the strength and security of your password with online services:

• https://password.kaspersky.com/en/
• https://howsecureismypassword.net/

Encryption

What should be the password? Let's find out another great way. We will consider the principle of encryption. In fact, all the methods discussed earlier have something in common with this. Here we will show what passwords are by encrypting phrases.

We take the most meaningless and unique phrase that will easily be memorized. Let there be "space cockroaches". You can use any lines from songs and poems, preferably not very famous.

Then we apply a cipher to our phrase. Let's consider several correct ways:

• rewriting the Russian-speaking word into English layout;
• "Changeling";
• replacing letters with symbols that look similar (for example, "o" - "()", "i" - "!", "a" - "@");
• removal of paired or unpaired characters;
• throwing out consonants or vowels;
• addition with special characters and numbers.

So, let's think of a few words with the meaning - "space cockroaches". We take 4 letters from each, we get "kosmtara". Switch to English and retype "rjcvnfhf". We complicate things by starting the cipher with a capital letter and adding symbols.

This is what the password should look like using the example of the originally conceived phrase - “ [email protected]».

A reliable combination with a lot of symbols was invented. Password strength is checked using special services, for example, passwodmetr.com. The combination, as we managed to do not just guess the scammers, because the user's personal data is not involved. But for the "user" such a "password" is a godsend, since remembering such a strong password will not be difficult.

Generator

For those who do not want to spend too much time thinking, developers have long invented complex password generators. This method provides some degree of reliability. The best are still considered "passwords" invented by their own mind.

What is a generator and how do I use it? it smart program, which displays random passwords - randomly dropped combinations. He uses many of the methods discussed, but does not take "flip-flops" into account.

The complex password generator is downloaded from the network. For example, let's take "keepass". Like any other generator, it is not difficult to work. The application and the generation itself are launched by pressing special button... After the performed operation, the PC issues a password option. The only thing left to do is to write the resulting combination in an unchanged form or with additions.

Difficult passwords invented by an iron friend are very difficult to remember. Few people keep them in mind, more often they have to write them down. There are usually a lot of passwords, because we do not sit on one site and constantly register again and again on other resources. Therefore, it is not convenient for everyone to store a bunch of such information. You can completely lose all the papers with notes.

There is one way out with storage - to print them in a computer file. This is one of the safest cases. One has only to remember that the PC system is not eternal and also deteriorates.

All methods of creating complex passwords have already been discussed above and you can create a password for Email that will reliably protect your data from third parties.

Here are some useful tips for creating passwords:

• not to mention personal information about the user (name of relatives, nicknames of pets, phone numbers, addresses, dates of birth, etc.);
• you cannot use the Cyrillic alphabet in the password;
• do not use phrases that are easily calculated using the dictionary of popular passwords (yastva, love, alfa, samsung, cat, mercedes and others like them, as well as their other derivatives and combinations);
• take into account the length of characters - preferably at least 10;
• complicate the password with a combination of various methods - upper and lower case letters, numbers, symbols;
• do not use the most frequent passwords - patterns, think in an original way (a robot that calculates your password cannot be as smart as a person).

Mandatory requirements for a strong password

Password should not contain

• Personal information that is easy to find out. For example: first name, last name or date of birth.
• Obvious and simple words, phrases, expressions and character sets that are easy to pick up. For example: password, parol, abcd, qwerty or asdfg, 1234567.

Password Generation Methods

• Come up with an algorithm for generating passwords.
  For example, take your favorite poem or saying as a basis. Write it down in lowercase and uppercase Latin letters and replace some of them with similar numbers or symbols: I_p0Mn | O_4y9n0e Mg№vEn | E (I remember a wonderful moment).
• Use a password generator.
  With the help of Kaspersky Password Manager, you can generate complex passwords, check their strength and store them securely. You can also install the Kaspersky Password Manager extension in your browser to automatically fill in data entry fields on websites.

How often to change your password

Password protection

• Do not share or send your passwords to anyone.
• Do not leave passwords written down on paper in an accessible place.
• Use a password manager or the browser's built-in password storage.
• Use different passwords for your accounts. If you use the same passwords, and an attacker learns the password from one account, he will be able to access everyone else.