How to set up smartphones and PCs. Informational portal
  • home
  • Errors
  • Complex digital passwords. Distribution of characters in passwords

Complex digital passwords. Distribution of characters in passwords

29.05.2019 Errors

It's getting harder and harder to come up with a good password to remember as we have to memorize more and more. The combination of words, phrases, numbers and their encoding using simple replacements ensures that your personal information is safe. One of the most common mistakes is the creation of a password based on replacing letters with numbers. This might stop most people, but hacking programs usually check for such replacements first. It is important to create a password that encrypts sufficiently personal information, but this password must be sufficiently complex and combined to ensure the security of the data. Therefore, the ability to come up with suitable password is a crucial skill that is sure to come in handy for everyone.

Steps

Use phrases

    Create some kind of complex word. For example, you get an easy-to-remember password if you combine three small words that are very important to you, turning them into a single password. For example, if you need to create a password in Latin, it can be: "moyasobakaspot" or "jenyajenadimy".

    Connect the first letters of the sentence to the password. Create a password using the first letters of a sentence or phrase that means something to you. For example, it can be a line from the national anthem or your personal slogan: "Do not buy, but order online": "NpazpI".

    Pick two words and combine the letters of those words. Pick the first letter of one word and the second letter of another word, repeat this until you get to last letters every word. For instance:

    • Let's say that the most important things to you are "semia" and "druzia".
    • Password: sdermuizaia

  1. Come up with a passphrase. Password length is a huge benefit to remember. If you can memorize the phrase word for word, consider passwording a phrase from a book, speech, or movie, for example:

    • "It was a dark and cold night!"
    • "Dear Russians!"
    • "Houston, we have a problem."
    • The length will help keep the password secure, even if you don't include it in the password Special symbols... In addition, such a password is suitable for sites where characters cannot be entered during registration.
    • Add punctuation and capital letters to your phrase to keep your password in line.

Use codes

  1. Take a word or phrase and remove all vowels from it. For example: "hochu cheeseburger" becomes "hchchsbrgr".

    Move your fingers one key away from your usual position on the keyboard. If your password does not use the letters Q, A, Z, you can move your fingers one letter to the left (or to the right if the password does not letters P, L, M). The "speed racer" password affects the extreme letters of both sides, but, for example, the word "wikiHow" could become the code "qujugiq" or "eolojpe". You can also move one letter up and then right or left. Then instead of "wikiHow" you get "28i8y92" or "39o9u03".

    You can take the year that is currently running and the first three letters of the current month. Then add three letters from your name. In this case, the password will look like this: "2017oktDim". Next month you can change it to "2017noyaDim". Such a password cannot be repeated twice or forgotten.

    Combine any dates into one big password. This will make it easier to change it from time to time. Remember, you should never use just a date as a password. If you have a password made from only one date, there is a high risk of being hacked.

    Pick your favorite part from the book and use a word from that part. For example, if your favorite book is The Eye of the World by Robert Jordan, and your favorite passage is the second paragraph on page 168, you could take a word from that passage. For example, use the word "Draghkar" as your password. You can make the password "2Draghkar168". 2 is the paragraph number and 168 is the page number.

Duplicate password

Shuffle letters and numbers

  • If you say letters and numbers aloud as you type them, you will hear a pattern and remember the password faster.
  • You can combine several of the above methods and come up with a memorable and completely secure password.
  • Most high level security for those passwords that consist of letters, capital letters, numbers and symbols. You can come up with a password with the first four characters, or with characters from three to seven (whichever you want). You don't have to stop and remember where you put this exclamation mark, whether you replaced S with 5 or $ this time.
  • You should not use numbers and numbers that you know, but do not use those that do not apply in any way to yours. real life or to the keyboard layout. For example: NYC2023334444.
  • When coming up with a mnemonic sentence, try to make it funny and the most appropriate for you. Thus, it will be easier for you to remember the sentence itself and the password.

Warnings

  • Make sure you don't use the same password again. It is very tempting to use one password for all services. But for everything personal and financial information there must be different passwords.
  • Do not use personal information (such as phone number, address, or health insurance number) as a password.
  • Don't use the passwords shown in this article as examples! Someone might see them and hack your account. Create your own password!

A password is a string of characters used to access information on a computer. Passphrases are long passwords that improve safety and contain many words that make up the phrase.

Passwords and passphrases allow to exclude unauthorized access to files, programs and other resources.

When creating a password or passphrase, make them reliable so that they are difficult to guess or hack.

It also doesn't hurt to use strong passwords for all accounts on your computer. If used corporate network perhaps an administrator may require a strong password.

Note: V wireless network secure key Wi-Fi access Protected Access (WPA) supports the use of a passphrase. The passphrase is converted into a key that is used for encryption (this process is invisible to the user). additional information about keys WPA security see What are the ways to secure my wireless network?

What makes a password and passphrase secure

Strong password:

Strong passphrase:
  • contains at least eight characters;
  • does not consist of a whole word;
  • significantly different from the previous password;
  • contains from 20 to 30 characters;
  • consists of words that form a phrase;
  • does not contain common phrases found in literature and music;
  • does not contain words that can be found in the dictionary;
  • does not contain a username, real name, or organization name;
  • significantly different from the previous password or passphrase.

Strong passwords and passphrases contain characters that fall into four categories:

A password or passphrase can meet all of the above requirements and still be unreliable... For instance, Vaccinated B7! meets all the characteristics of a strong password, however, it is unreliable because it contains a whole word. Password Priv1t B 7! is an reliable option- in the word, some letters are replaced by numbers, and the password itself contains spaces.

How to remember a strong password or passphrase:

Create an acronym from a block of easy-to-remember information... For example, choose a phrase that makes sense to you, like My son's birthday is December 12, 2004... Using this phrase, you can create a password like Dnms12 / Gr, 4.

Replace letters or words with numbers, symbols and spelling mistakes in an easy-to-remember phrase. For instance, My son's birthday December 12, 2004 can turn into DnN @ r M0g0Sun @ 12124(you cannot use spaces in passwords).

Associate a password with a hobby or favorite sport... For example, I like to play badminton can turn into Any # 8B @ dm1nt () n.

If you want to write down your password so you don't forget it, do not mark it as a password and keep it in a safe place.

Passwords using ASCII characters

You can also create passwords and passphrases containing extended ASCII characters ... Using extended ASCII characters will help secure your password or passphrase as the number of characters you can select to create a password increases.

Before using extended ASCII characters, make sure the password or passphrase is compatible with the software you use at home or work. Use extended ASCII characters with caution in passwords and passphrases if your company uses multiple operating systems or other versions of Windows.

Additional ASCII characters can be found in the character table. Some additional characters ASCII should not be used in passwords and passphrases. Do not use a symbol unless a keyboard shortcut is specified for it.

Windows passwords can consist of significantly more characters than the recommended above (eight). In fact, the password can be up to 127 characters long. However, if you are on a network to which computers under Windows control 95 or Windows 98, use a password that is 14 characters or less. If the password is longer than 14 characters, it may happen that you cannot log on to the network from computers running these operating systems.

The other day I came across interesting conclusions from the analysis of recently leaked accounts from Sony servers. I think these conclusions will be interesting and relevant.

As you know, in Lately Sony is the whipping boy among hackers. Thanks to Sony, many accounts and passwords are circulating on the Internet. Recently, Troy Hunt did a little analysis of these passwords. Here is an excerpt from his post:

  • Of the roughly forty thousand passwords, a third is susceptible to a simple dictionary attack.
  • Only one percent of passwords contained non-alphanumeric characters.
  • 93 percent of passwords contained between 6 and 10 characters.

In this post, we will examine the remaining 24,000 passwords that survived the dictionary attack.

Distribution of symbols
As Troy notes, the vast majority of passwords contained only one type of character - or all of lower case, or all at the top. However, things are even worse when we consider the symbol rate.

There are 78 unique characters in the password database. If these passwords were truly random, each character should occur with a probability of 1/78 = 0.013. But when we calculate the real frequency of symbols, we will clearly see that the distribution is not random. The next graph shows the top 20 password characters and the red line shows the expected 1/78 distribution.

Unsurprisingly, the vowels "e", "a" and "o" are very popular, as well as the numbers "1", "2" and "0" (in that order). Capital letters are not in the top twenty. We can also plot the cumulative probability for the symbols. In this chart, the red dots show the expected pattern when using real random passwords(link to a larger chart).


It is clear that passwords are not as random as we would like.

Order of characters
Let's take a look at the order of characters in a password. For simplicity, we will only take 8-character passwords. The most popular number in a password is "1". If its location were random, then we would expect a uniform distribution. But instead we get:
## Distribution of "1" over eight character passwords
0.06 0.03 0.04 0.04 0.13 0.13 0.22 0.34
It follows from this that out of 84 percent of passwords that contain the digit "1", this digit occurs only in the second half of the password. It is clear that people like to put a one at the end of a password.

The same picture with the number "2":
0.05 0.05 0.04 0.05 0.13 0.11 0.30 0.27
And with "!"
#Small sample size here
0.00 0.00 0.00 0.00 0.00 0.11 0.16 0.74
We see similar patterns with the rest of the alphanumeric characters.

The number of characters needed to guess the password
Let's say we collect everything possible passwords using the first N most popular characters. How many passwords will we cover in our sample? The following graph shows the proportion of passwords covered in our list using the first N characters:



To cover 50% of the passwords in the list, we needed the first 27 characters. Actually, using only 20 characters covers about 25% of passwords, and using 31 characters covers 80% of passwords. Remember that these passwords did not give in dictionary attack.
Outcome
Usually, when we calculate the probability of guessing the password, we assume that each character is chosen with the same probability, that is, the probability of choosing "e" is equal to choosing "Z". This is clearly not true. Also, recently, many systems force users to choose different types characters in passwords. And it's so easy to add a number to the end. I do not want to consider effective techniques guessing passwords, but it is clear that brute-force is not the right method.

Personally, I gave up trying to remember passwords a long time ago and just use a password manager. For example my Wordpress password is longer than 12 characters and consists of completely random numbers, letters and specials. characters. Of course, you just need to keep your password manager secure ...

From the translator: Yes, I still fell into the category of people attributing units and exclamation marks to bypass annoying sites.

Top related articles

Different mouse movement vertically and horizontally
Different mouse movement vertically and horizontally
How to compress textures in fallout 4
How to compress textures in fallout 4
It remains only to understand the required level
It remains only to understand the required level
Categories:
© 2021 bumotors.ru. How to set up smartphones and PCs. Informational portal.