Friday, 26 January 2018

security - What are the guidelines for creation of a secure passwords?


What are the best practices to create secure passwords? I would like to make them tougher to crack with brute force tools.


Part II


Are there any tools that can generate these passwords so I do not have to think one up myself?



Answer



On Unix systems PAM, or Pluggable Authentication Module is a nice administrative tool that comes with a crack library that you can test passwords against.


After doing some recent security work, I know that Government standards usually have these guidelines when it comes to a password:



  • Minimum Length of 14 characters

  • At least 2 special characters

  • At least 2 lower case characters

  • At least 2 upper case characters

  • At least 2 digits

  • Must be changed every 60 days

  • No dictionary words or usernames


Common sense suggests you shouldn't put the 2 numbers and special characters at the beginning or end, but interspersed. While working on these guidelines it brought up the question whether having such complex passwords was really worth it. With passwords so complex, it seems that they have a higher probability of being stored as plain text somewhere by the user or written down somewhere.


In personal use, I typically go less stringent than those guidelines, but definitely no dictionary words or L33t speak.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...