Learn about how to create strong and secure passwords
- Understand password basics
- Create a strong password
- Test the strength of your password
- Use two factor authentication
Passwords are often the first and only barrier between your information and anyone who might want to read, use, or destroy it without your mission
Passwords are important for both online security and privacy. Bad passwords can easily nullify most of your other efforts.
In general, when you want to protect something - whether a house or an email account - you lock it up with a key. All keys, physical and electronic, have one thing in common: they open their locks just as effectively in the hands of somebody else.
You can use the most advanced security tools, but if your password is week, or if you allow it to fall into the wrong hands, they will not do you any good.
A password should be difficult for a computer program to guess, difficult for others to figure out, and should be chosen so as to minimise damage if someone does learn it. We recommend you use a Password Manager like KeePassX to keep track of your passwords.
The longer a password is, the longer it takes to guess it. Use more than ten characters or ideally a long phrase or sentence. Short passwords of any kind, even totally random ones, are not strong enough for use with encryption today.
Strong passwords are long and include a combination of lower and uppercase letters, numbers and special characters; their strength increases with length and complexity.
Don't choose a word or phrase based on information such as you name, telephone number, child's name, pet's name, birth date, or anything else that a person could easily learn by doing a little research about you.
Don't share your password with anybody unless absolutely necessary! If you must share a password with a family member or colleague, you should change it to a temporary password first, share that one, then change it back when they are done using it.
Don’t use the same password across devices or for multiple accounts. Otherwise anyone who learns that password will be able to access all accounts with the same password
It's important to change your passwords regularly, regardless of how strong of a password you have. We recommend you change your password at least once every three months.
Password patterns can allow you to use very different but related phrases for all of your accounts, basing one off of the other. For example, if you use your mother’s birthday, you could use your dad’s, brother’s, grandmother’s or dog’s for other accounts.
Repeating patterns will make your passwords easy to remember, though it can put you at risk if an adversary gains access to multiple passwords and recognizes the patterns.
Of course, any pattern model becomes ineffective as soon as it is written or suggested anywhere online (so never use the one we just suggested).
To test your password, you can play around with the “How secure is my password?” tool. This site will calculate how quickly a desktop PC could crack your password. “Hello12,” for example, would take about 19 seconds.
But caution: after you enter your password into this public site, it might not be a bad idea to change it. And if you really believe that you are up against advanced adversaries, keep in mind that they’ll have much more computing power than a normal desktop PC.
Take advantage of online services that offer two-factor authentication. These programs require not only a password, but also, say, a code sent to you in a text message.
You input the code to verify that you are indeed the person trying to access the account. Google, Twitter and Dropbox were the first to offer this procedure. However now, the practice is widespread in common service providers.
What is gitbook used for?
Is it quiz?
- en/topics/understand-3-opsec/0-getting-started/1-1-intro.md: Digital security basics
- en/topics/understand-2-security/0-getting-started/1-1-intro.md: Understand security basics -
- Electronic Frontier Foundation: Security Self-Defense