Take Control of Your Passwords (1.1) SAMPLE

More documents

Recommendations

Info

Learn about Password Security We begin with a brief lesson on password security. I do want to keep this brief, so I’m not going to go into tremendous detail about encryption algorithms and cryptographic mathematics, and I’m going to do a bit of hand-waving when we get to the geekier concepts so as not to bore you with useless facts. But I think it’s important to have a basic grasp of the principles of password usage so you know what you’re up against, and why simple-sounding solutions are often extremely unwise. What Makes a Good Password? To put it simply, a good password is one that you won’t forget but that no one else (human or computer) can guess. Behind that straightforward description are two knotty, interconnected problems: • Guessability: Most users have an unrealistic idea of what “guessable” means. You may imagine that no one could connect the password ninjaboy with you, but the computer I’m using right now could figure that out before I finish typing this sentence. As I explained in The Major Threats, even if a human who knew everything about you would never guess your password, sophisticated cracking algorithms may be able to figure them out unless you take deliberate steps to thwart them (discussed at length just ahead). For you to avoid that risk, your passwords should be far more complex than you might imagine. • Memorability: If you can’t remember a password, it’s useless. But as a password’s complexity (and thus its strength) increases, its memorability tends to decrease. Let’s face it, iYb48nzJ#;sEoR may be several orders of magnitude stronger than ninjaboy, but it doesn’t exactly trip off the fingertips. 29 Click here to buy the full 103-page “Take Control of Your Passwords” for only $10!
Creating memorable but unguessable passwords—and not just one or two, but potentially hundreds—may sound like an intractable problem. But hang tight; we’ll get to a strategy shortly. All about Entropy Let’s quantify this vague notion of guessability. In ordinary speech, the word entropy means disorder, randomness, or unpredictability. Cryptographers use the term entropy to refer to a mathematical measurement of a password’s complexity. A password with higher entropy is harder for a person (and, more importantly, a machine) to guess. So, for passwords, higher entropy is a very good thing. Note: Cryptographers measure password entropy in bits. While I prefer not to go into the complicated math behind calculating entropy, suffice it to say that a larger number of bits means higher entropy. But how does higher entropy (or complexity) help make passwords harder to guess? You already know that cracking algorithms can check billions of passwords per second in an attempt to figure out what yours is. But even brute-force searches don’t go in alphanumeric order. (If they did, then zzzzzzzzzz would be much stronger than aaaaaaaaaa, but it isn’t.) Instead, cracking software identifies common patterns of characters that few humans would notice. It uses this information to test more likely passwords before less likely ones, reducing the average time it takes to produce a match. Because higher-entropy passwords are less likely to be used than lower-entropy passwords a brute-force search tends to take longer to find it. In other words, it’s like the difference between finding a particular fish in an aquarium versus finding a particular fish in the ocean. It could happen, but the odds against it are immense. High-entropy passwords thwart cracking algorithms by giving them an unreasonably large search space to explore—they might churn away for decades or even centuries, on average, before they find a match. Unless they get very lucky indeed, they’ll give up long before they find your password. 30 Click here to buy the full 103-page “Take Control of Your Passwords” for only $10!
Page 1 and 2: EBOOK EXTRAS: v1.1 Downloads, Updat
Page 3 and 4: Keep Your Passwords Secure ........
Page 5 and 6: Basics Here are a few basic concept
Page 7 and 8: Introduction Think of a card, any c
Page 9 and 10: My goal in this book is to lay out
Page 11 and 12: Passwords Quick Start To get the mo
Page 13: So, your goal when selecting any ne
Page 17 and 18: Figure Out Which Passwords You Must
Page 19 and 20: essentially encrypted databases wit
Page 21 and 22: passwords, but if you do, you’d b
Page 23 and 24: • Inconvenience: Two-factor authe
Page 25 and 26: • Even without a password manager
Page 27 and 28: About This Book Thank you for purch
Page 29 and 30: About the Publisher Publishers Adam
Page 31: Featured Titles Click any book titl

Take Control of Your Passwords (1.1) SAMPLE

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?