Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group
Centre for Materials Physics 2 Why are strong passwords important? Often people have a mentality of “it won’t happen to me.” But often users are only used as a way into the system In the incident here at Durham, a user whose account had a weak password was broken into by brute force. The hacker then used this account to get administrator access on both the supercomputing cluster and the university linux machines which all had to be shut down for 2 weeks. This inconvenienced both the user who had the weak password and all the other users of the system. Any system is only as strong as its weakest link!
Centre for Materials Physics 3 What makes a good password? Length Should be at least 8 characters, the more the better. Not a dictionary word Password guessing attempts often try words from a dictionary. There are only a few hundred thousand words in English. Using one of these will massively increases the speed at which your password can be guessed. Avoid common misspellings and sequences of numbers Use lowercase, uppercase, numeric characters and symbols Vastly increases the complexity of finding it by brute force. The strongest passwords are random combinations of letters and numbers and symbols.
Centre for Materials Physics 4 Remembering a long password Long passwords can be difficult to remember especially if they follow all these rules. Microsoft suggest: Find a sentence or two that would be memorable to you “My dog is called Frank. He is a labrador.” Use the first letter from each word mdicfhial Replace or insert numbers and capitalize some letters, for example capitalizing every 3 rd letter. mdIcf5HiaL For a very strong password, some symbols should also be added. md,Icf5Hial
Centre for Materials Physics 5 Using passwords online In theory – different password for every website E.g. and Online Shopping In practice – Most people tend to use the same password for most things they do online. Dangerous if one site is compromised or malicious. There are tricks/tools that can help with this situation. PwdHash Addon for firefox that will generate a per site password from your original password. Simple per website password Inserting two letters from the site into to your password Mypassword for facebook would become Mypassfbword Best if you use your own algorithm
Centre for Materials Physics 6 Conclusion Remembering long passwords can be a pain! Hopefully these tips will help you create and remember a strong password. Using the same password for multiple things is quite dangerous if it is compromised. Many tools and guides out there to help you generate per website passwords.
Centre for Materials Physics Presentation by Thank You Peter Byrne Superconductivity Group