Shibumi Dojo » password http://www.shibumidojo.org Mon, 16 Jan 2012 07:48:55 +0000 en hourly 1 http://wordpress.org/?v= Securing Your Passwords http://www.shibumidojo.org/index.php/2009/09/13/securing-your-passwords/ http://www.shibumidojo.org/index.php/2009/09/13/securing-your-passwords/#comments Sun, 13 Sep 2009 10:59:58 +0000 CorpusCallosum http://www.shibumidojo.org/?p=329 Password problems are quite common issues and making them secure is probably the fundamental protection for cyber security. However, most of the companies and individual internet users still have not password policies for their internet activities. Generally people have password dilemmas between easy remembered and complex passwords. This guide will help you to understand how you can create complex passwords and at the end of the article i will give a python code which creates complex and more secure passwords.

Due to cost and compatibility with legacy systems, the most popular form of user authentication continues to be a secret password.

  • Users may write them down or share them, so that they are no longer really secret.
  • Passwords can be guessed, either by a person or a program designed to quickly try many possibilities.
  • Passwords may be transmitted over a network either in plaintext, or encoded in a way which can be readily converted back to plaintext.
  • Passwords may be stored on a workstation, server or backup media in plaintext, or encoded in a way which can be readily converted back to plaintext.

The fundamental and the biggest problem is remembering complex passwords for the people. When people have trouble remembering their passwords, they do one or more of the following things:

  • Write down their passwords — and reduce security to the protection afforded by a piece of paper.
  • Forget their passwords — and require frequent assistance from a computer help desk organization to reset it.
  • Use very simple, easily compromised passwords.
  • Reuse old passwords as often as possible.

The number of possible password combinations is calculated by taking the number of legal characters in a password, and raising that number to the number of characters in the password. The possibilities for some likely combinations are shown below:

Legal characters 5 6 7 8 9 10
0-9 1.00e05 1.00e06 1.00e07 1.00e08 1.00e09 1.00e10
a-z 1.19e07 3.09e08 8.03e09 2.09e11 5.43e12 1.41e14
a-z,0-9 6.05e07 2.18e09 7.84e10 2.82e12 1.02e14 3.66e15
a-z,0-9,3 punct 9.02e07 3.52e09 1.37e11 5.35e12 2.09e14 8.14e15
a-z,A-Z 3.80e08 1.98e10 1.03e12 5.35e13 2.78e15 1.45e17
a-z,A-Z,0-9 9.16e08 5.68e10 3.52e12 2.18e14 1.35e16 8.39e17
a-z,A-Z,0-9,32 punct 7.34e09 6.90e11 6.48e13 6.10e15 5.73e17 5.39e19

Users must be obliged to choose their passwords from the widest possible set of characters, subject to the constraints of the systems where those passwords reside. For example, most mainframes do not distinguish between uppercase and lowercase, and only allow three punctuation marks (fourth row in the table above).

It is possible to divide creating secure passwords into two basic criterias; password length and password complexity. The passwords length is important to increase sample space of the probability, so at least 7 characters passwords must be used. However, this is not enough to provide protection. Additionally, password complexity is the supplementary precaution for the password security. The complexity consists of using lower case alphabets, upper case alphabets, numbers and special characters.

So with these information above, how can it be possible to create secure passwords?

The first thing to fallow Comlen rule. Never heard about it ? Don’t worry ! this is what i called it… Comlen means enough complexity with enough length. For example, 8 unique characters with 4 complexity units (1 uppercase, 1 lowercase, 1 number, 1 special char). As I mentiioned you above, these kind of password structures are not easy remembered unfortunately. Even remembering the complex passwords is the best solution, if you cannot do that, you can use password manager programmes. Using password management tool to store passwords should really become a habit. Anytime you create a password, note it down on a password manager tool, that will encrypt the password and store it safe for you. Another deal is using passphares to remember them. If you don’t want to use password management tool, Use Passphrase to easily remember the passwords. You can use initials of a song or a phrase that are very familiar to you. for e.g. “Passwords are like underwears, change yours often!” phrase can be converted to a strong password “Prlu,Curs0!”

There are common senses below. All the following points are nothing new and very much common senses. But most of the time, we tend to ignore these items.

  1. Create unique passwords every time.
  2. Change your passwords for all your accounts once every 6 months.
  3. Never write down your passwords.
  4. Don’t share with anyone.
  5. Never keep the same password for two different sites.
  6. Don’t type your password when someone is looking over your shoulder.
  7. Never send your password to anybody in an email.
  8. Change password immediately when they are compromised.
  9. Don’t use the “Remember password” option on the browser without setting the Master Password.
  10. Don’t type your password on a computer that does not belong to you.

There is a simple python function which produces complex passwords:

 

  1.  
  2. def ProducePass():
  3.     Alphabet = ‘abcdefghijklmnopqrstuvwxyz@!+-*/ABCDEFGHÄ°JKLMNOPRSTUVYZ123456789′
  4.     minnmbchar = 8
  5.     maxnmbchar = 16
  6.     numberofpass= 10
  7.     string=
  8.     FILE = open("password.txt","a")
  9.     for count in xrange(1,numberofpass):
  10.        for x in random.sample(Alphabet,random.randint(minnmbchar,maxnmbchar)):
  11.           string+=x
  12.        FILE.write(string+\n)
  13.        string=
  14.     FILE.close()
    ]]>     http://www.shibumidojo.org/index.php/2009/09/13/securing-your-passwords/feed/ 0