Tips for Better Passwords.

Recently in my intership with Sennovate,I am writing a few blogs as a technical blogger regarding some security topics and tips for the internet.This one is about passwords.In a few points I have discussed about the tips I would give anyone for a better making a better password/passphrase and Internet Hygiene.So check it out and let me know if there are any other points you would like to add upon that I missed.

For better passwords:

  • Firstly use passphrases instead of passwords
    • It is good to have a strong password for your accounts,but for the security consious users using passphrases instead of passwords is better as it help in easy retention of passwords.
  • Make it Long
    • Always have long passwords/passphrases to make it harder for attackers to guess and brute force your account.
    • Make sure that make the passwords it is always easy to remember but hard to guess.
  • Ensure High Entropy
    • High entropy resolves to higher order of randomess necessary for a good password.
    • High entropy ensures that is password is hard to crack and makes the pasword/passphrase strong.
    • One way you can improve entrpy of password is by replacing standard letters with numerals or special characters and make an informal language of your own.
    • One tool that helps you do this:https://github.com/s0md3v/Locky
  • Enable Obfuscation where you can
    • Obfuscating in simple terms is the action of making something obscure, unclear, or unintelligible.
    • Obfuscation merely converts a plain text value into a indiscernible value that is harder to read and will be less likely to be retained by a casual observer.
    • To obfuscate passwords and improve your password strength is good but one important thing to note is that obfuscated passwords can be hard to remember.
    • A tools that allows you to obfuscte passwords
    • https://github.com/shagunattri/pwGen
  • Store passwords in a password manager
    • Password managers are great if you want to store all your passwords in one place and leave the device to remember and store all your passwords.
    • Sounds like a security risk to do so but using good passwords managers does more good than harm.
    • Unix systems have pass(1) which can be used as a password manager.
    • There are many good cross-platform passwords managers that will do all the heavy-lifting for you to better secure your accounts online.
  • Make it unique and easy to remember passwords
    • It is key that your passwords are unique,easy to remember and hard to crack.
  • Do not include personal info
    • Passwords are your gateway tokens to access an application and it is necessary for you to make it secure as possible.
    • Using personal info such as your pet’s name,your company name and other details will not help in makeing a strong password/passphrase.
  • Avoid REUSE OF PASSWORDS
    • Be it laziness or bad security practices, never ever reuse passwords application across.
    • If you can’t stop the urge to reuse passwords,use a password generator for your help.
  • Update passwords regularly
    • Set a window to update your passwords and implement a cycle to regularly update passwords.
  • Maintain Internet Hygiene
    • Having a good Internet hygiene is essential to reduce risks for a hack on your account.
    • Only use sites that you trust and are valid.
    • Always look for site certificate to avoid phishing attempts and reduce the risks of a passwork breach.
    • Use temporary mail service for use-and-throw accounts on sites that you don’t use often.
    • Eg: www.temp-mail.org
    • https://github.com/s0md3v/ote
  • Use HTTP(S) enabled sites
    • Always use sites that have HTTPS connection enabled and only enter passwords in HTTP sites if you trust the concerned stakeholders and site operators.

A refined version of this topic will also be posted on the company blog which I will link to when it is posted.