• home
  •  > 
  • Education and science
  •  > 
  • How to reset your privacy password. Protecting your personal data and choosing the right password...

How to reset your privacy password. Protecting your personal data and choosing the right password...

Author of the article

Kompaniets Elizaveta, student of MBOU Secondary School No. 28, 11th grade A

Goals

What is the history of passwords?

How do passwords protect data on computers and disks?

How do hackers crack passwords?

How to make a password resistant to hacking?

Hypothesis

The password is the most acceptable and therefore the most commonly used means of establishing authenticity, based on the knowledge of the access subjects.

Protecting data using a computer

Password history

Password(French parole - word) is a secret word or set of characters designed to confirm identity or authority. Passwords are often used to protect information from unauthorized access. In most computing systems, the username-password combination is used to authenticate the user. Passwords have been used since ancient times.

Polybius describes the use of passwords in ancient Rome as follows:

The way in which they ensure safe passage at night is as follows: from the ten maniples of each branch of infantry and cavalry, which is located in the lower part of the street, the commander chooses who is exempt from guard duty, and he goes every night to the tribune, and receives his password is a wooden tablet with the word. He returns to his unit, and then goes with the password and sign to the next commander, who in turn passes the sign to the next one.

Passwords are used to prevent unauthorized access to data stored on your computer. The computer allows access to its resources only to those users who are registered and have entered the correct password. Each specific user may be allowed access only to certain information resources. In this case, all unauthorized access attempts can be recorded.

Protecting access to your computer.

User settings are protected in the operating system Windows (when the system boots, the user must enter his password), however, such protection is easily overcome, since the user can refuse to enter a password. Password login can be set in the program BIOS Setup , the computer will not start loading the operating system unless the correct password is entered. It is not easy to overcome such protection; moreover, serious data access problems will arise if the user forgets this password.

Protecting data on disks.

Every drive, folder and file on the local computer, as well as on a computer connected to the local network, can be protected from unauthorized access. They can have specific access rights (full, read-only, password), and the rights can be different for different users.

Hacking computer passwords

Password hacking is one of the common types of attacks on information systems that use password or username-password authentication. The essence of the attack comes down to the attacker taking possession of the password of a user who has the right to log into the system. The attractiveness of the attack for an attacker is that if he successfully obtains a password, he is guaranteed to receive all the rights of the user whose account was compromised, and in addition, logging in under an existing account usually causes less suspicion among system administrators. Technically, an attack can be implemented in two ways: multiple attempts at direct authentication in the system, or by analyzing password hashes obtained in another way, for example, by intercepting traffic. The following approaches can be used:

Direct search. Searching through all possible combinations of characters allowed in a password. For example, the “qwerty” password is often hacked because it is very easy to guess by looking at the first keys on the keyboard.

Dictionary selection. The method is based on the assumption that the password uses existing words of a language or combinations thereof.

Method of social engineering. Based on the assumption that the user used personal information as a password, such as his first or last name, date of birth, etc. E.g. Vasya Pupkin, born December 31, 1999 often has a password like “vp31121999” or “vp991231”. Many tools have been developed to carry out the attack, for example, John the Ripper.

Password Strength Criteria

Based on the approaches to carrying out an attack, it is possible to formulate criteria for password strength against it. The password should not be too short, as this makes it easier to crack through brute force. The most common minimum length is eight characters. For the same reason, it should not consist of only numbers.

The password should not be a dictionary word or a simple combination of them; this simplifies its selection from a dictionary.

The password should not consist only of publicly available user information.

Recommendations for creating a password include using a combination of words with numbers and special characters (#, $, *, etc.), using less common or non-existent words, and maintaining a minimum length.

Conclusion

Passwords have been used since the early days of their creation to this day. They successfully help us protect information from unauthorized access.

In the modern world, more and more personal data ends up on the Internet. These include various financial services and applications. This data must be reliably protected.

You ensure the protection of your own data yourself, using various passwords, on which the security of various accounts depends. So, how can you make your password so that it is easy to remember and difficult to hack?

Common Mistakes

Many users around the world do not pay special attention when choosing a secure password, which is why they end up victims of Internet scammers who hack their accounts in 5-6 attempts. For many years, users have been using the simplest combinations - 1234567, 12345554321, 1q2w3e4r5t6y: thereby exposing themselves to the threat of hacking.

Most cyber security experts point out that the two main criteria for a secure password are complexity and length. In their opinion, when creating a password, you need to use a long combination using various characters - numbers, letters, symbols, punctuation marks.

How to create passwords correctly

  • Use more than 8 characters
  • For each account, use your own unique password, since if you use the same password on all accounts, if one of them is hacked, the fraudster will be able to open other accounts as well
  • You should change your passwords periodically – at least once every 3 months. To do this, set an automatic reminder so as not to forget about such an important procedure.
  • A variety of characters in a password is a guarantee of reliability. But do not use the recently common replacement of letters with numbers or symbols, for example, “FOR” with “4”.
  • Use the full range of symbols available on the keyboard

Also, do not forget - passwords must be stored in a place that only you have access to.

Avoid using as much as possible when creating passwords:

  • Vocabulary words in any language
  • Repetitions or symbols placed sequentially one after another. For example: 1234567, 55555, abcwhere, etc.
  • Passwords using personal data: full name, date of birth, serial numbers of documents, and so on.

In general, take password creation seriously, as your financial well-being or reputation may depend on what they protect.

Greetings to everyone who watches this video!
This is not my first article, but it is the first in the field of teaching users not to do stupid things.

In this video and the text of the article, I will tell and show what you should do and what you should not do when entering a password or selecting one.

There are different passwords: some people store them in their heads, some write them down on a piece of paper, some in text documents.
Keeping passwords in your head means the following:
passwords will be:
1. short length;
2. the same on different resources,
and therefore if you register by mail, and then in the chat, then after hacking the chat the person will have access to your mail, which is not good...

storing passwords on paper is also not an option, although it is better than the first, but since we are moving away from even paper books,

electronic storage media, then I suggest storing passwords in text form.

This method also has disadvantages as well as advantages.
Disadvantage: an attacker, having access to your password file, will know all the resources and can gain access on your behalf.

Advantages: gaining access to resources (more difficult for third parties) since you can create complex passwords and not be afraid to forget them
You can improve this method by remembering 1 complex 10-digit password or more,
and simply use it to decrypt a password-protected archive with passwords.
I'll show you later...

Now I’ll show you how difficult it can be to decrypt a normal password.

Currently, quite a lot of encryption algorithms have been invented. The most popular, in my opinion, is MD5 and its modifications.

Let’s take as an example different passwords and their hashes, and try to decrypt them, and see how much time it will take.

And so, now we will decipher and look at the time...

At first we will use only numbers, and then increase the complexity...

Split seconds...
The same…
The same thing, but we know that the password contains only numbers, and if it also contained characters it would take much more time...
Next password...
We didn’t find the password using numbers... let’s add symbols... lower case...
added 1 character (not a number and that's how it simplified the process)
On a fairly weak machine, a password of 8 characters using upper and lower case letters will take a very, very long time to decrypt, and this is provided that the MD5 is not modified...
It’s a pity that not every site/service/server can use additional characters...

Pay attention to the screen, this is how they use them would complicate the process of direct enumeration...
With their use, the password is practically invulnerable, unless, of course, supercomputers are used to decrypt it

And as promised, I show how you can store passwords for accessing resources knowing one password:

This password is of course difficult to remember, so let’s simplify it a little... a little later
w1W4W5a$4PYi

By using such a password, your passwords will be safe.
You can shorten it, as I said, to 10 characters... Or so...
It’s easier to remember, just like hacking, but I don’t think that your passwords will be hacked on purpose
Yes, and the file name “Passwords” will attract attention, so change the name to something less catchy...

That's all!