subject: Internet password and its ideal complexity [print this page] Internet password and its ideal complexity
Strong password is recommended to use for any online transaction, combines with letter, character, symbols and etc. There are too many ways to create complex password. This article will brief you the basic tips to put your password as complex and not to use one which can be easily cracked by intruders.After reading so many blogs, white papers, collaterals and from my experience in this security field, I came to a conclusion that normal users tend to use the below following combinations while selecting their password over internet.
Your partner, child, or pet's name, possibly followed by a 0 or 1 (because they're always making you use a number, aren't they?)
The last 4 digits of your PAN/ROLL/B'DATE/ANNIVERSARY/etc number.
123 or 1234 or 123456.
"password"
Your city, or college, most beloved name.
Date of birth yours, your partner's or your child's.
"god"
"chocolate"
"money"
"love"
These kinds of passwords can easily be cracked through Brute Force attack or simple social engineering.
Now, here are some password tips:
Long and complex password is always recommended.
Randomly substitute numbers for letters that look similar. The letter o' becomes the number '0', or even better a @' or *'. (i.e. m@l0dy like melody)
Randomly throw in capital letters (i.e. M@l0Dy)
DON'T CHOOSE ANYBODY'S name, try to put something when you was younger
Ideal complex password should combine (length with numbers with punctuation and symbols
Remember, the technique is to break anything you access over internet just to guess/figure out your standard password, and then compromise everything else. This doesn't work if you don't use the same password everywhere.
MY ADVISE TO SYSTEM ADMINISTRATORS, to use PWGEN tool to generate such complex password, which supports the below following combinations for Admin/RDP/SSH/etc login session.
Password length can be maximize or minimize
Character Set supported with "HEX", "Special CH", LETTER, BASE64 encode.
