What are the best practices to create secure passwords? I would like to make them tougher to crack with brute force tools.
Part II
Are there any tools that can generate these passwords so I do not have to think one up myself?
Answer
On Unix systems PAM, or Pluggable Authentication Module is a nice administrative tool that comes with a crack library that you can test passwords against.
After doing some recent security work, I know that Government standards usually have these guidelines when it comes to a password:
- Minimum Length of 14 characters
- At least 2 special characters
- At least 2 lower case characters
- At least 2 upper case characters
- At least 2 digits
- Must be changed every 60 days
- No dictionary words or usernames
Common sense suggests you shouldn't put the 2 numbers and special characters at the beginning or end, but interspersed. While working on these guidelines it brought up the question whether having such complex passwords was really worth it. With passwords so complex, it seems that they have a higher probability of being stored as plain text somewhere by the user or written down somewhere.
In personal use, I typically go less stringent than those guidelines, but definitely no dictionary words or L33t speak.
No comments:
Post a Comment