The Prism event happened recently and the former password leak event greatly increased our security problems on the Internet, especially for some important accounts and password, once leak out, our loss will be great and serious. There will be joint problems aroused from password leak on the Internet. Therefore, it is essential to set secure enough passwords and perform a good management of our password to reduce potential threat and guard security.
The scenarios we use passwords can roughly be divided into the following categories:
About Our Property (Important)
This class of accounts is directly related with our economic profits, including bank, alipay, shopping accounts and so on. Once these accounts are stolen, we will suffer from direct economic losses.
About Our Contacts (Important)
This class of accounts mainly includes our email, QQ, MSN which contains persons we frequently contact. Besides, generally, email accounts also can contain many registration information and other passwords and correspondences and so on.
About Our Work (Important)
This class of accounts and passwords we need to use in our work, including server password, FTP password, website backstage password, WIFI password, routing password and some other verification keys.
About Our Privacy (Important)
On the Internet, some websites ask for submitting personal information, other relevant certificates and even photos. Besides some places like network hard disk will keep our private information. Its importance depends on the contents we upload.
Commonly Used (Medium)
This class of accounts is for places we frequently go to while surfing on the Internet, such as websites we frequently browsed, forums, communities and so on. This are not involved with our property neither our private information.
Temporarily Used (Unimportant)
Generally we create a temporary account and set a password when we are searching some data we need from the Internet but we have no access to it unless we register an account. This class of accounts and passwords are temporary even disposable.
Password Strength
First of all, you should classify all your existing web accounts and then set corresponding password whose strength can be weak, medium and strong for certain account according to the importance.
Weak Password Security: This class of passwords generally is easy to remember, no need to recite, for example 123456 or password with less characters, generally 4 to 6 digits. This class of passwords is easiest to be cracked.
Medium Password Security: This class of passwords is generally combined with letters and numbers. Some of them are combination of name and birthday or combination of letters and numbers. Compared with the former class, this class of passwords is more complex and longer but with great chance of being cracked for giving away some personal information.
Strong Password Security: This class of passwords consists of the combination of upper case letters, lower case letters, numbers and special characters. It is quite most complex and not that easy to remember.
Low Correlation
Some does set a complex enough password, but they may use one fixed password across accounts. There exists a risk that once certain account password is stolen, and then all other passwords are clear to others. You may argue that they are not all the same passwords, but the rule and your train of thought is obviously similar.
Setting a complex password is just in case that your password will be cracked by others, but the means to gain a password is more than by cracking. If you want to make sure its safety, having a good master of safety knowledge is the key.
First of all, you should have knowledge of possible means to obtain a password so that you can effectively defend.
Means can be phishing implementation, keyboard recording, and sniffing, brute force, social engineering, read the configuration file.
Coping Strategy: For phishing and keyboard recording, you should raise our vigilance and never open a website casually or files others send to you. Open it after confirmation.
For sniffing, you should defend from the aspect of ARP.
For brute force, you should strengthen our password and set a complex password.
For social engineering, you shouldn’t tell others your password easily and never take it seriously when an email or website asks for a password to go on.
For configuration file, you should strengthen the security of program and Windows sever just in case others check your configuration file. Set need permission to access your files.
Overwhelmed with so many passwords, then how should we manage them? Here provide 3 references.
1. To protect passwords related with your work, you can note them down in a notebook and put it away by locking it into a drawer, and check your password whenever you need it. Doing this mainly to prevent others steal file and password from the Internet. But it has the risk of being taken away physically by others. However, on the whole, it is a feasible and relatively secure way.
2. Save all your passwords in a text, xls or doc file, compress the file and set a stronger password for it. You remember the final password is ok.
3. Remember your password with your own memory. If you remember them by association, you will found that quite easy. As for those commonly used password, I believe you won’t forget them on a daily base.