Logins and passwords. Creating Passwords: How to Come up with a Strong Password

In the modern world, data protection is one of the main factors of cybersecurity. Fortunately, Windows provides this option without installing additional software. The password will ensure the safety of your data from strangers and intruders. The secret combination becomes especially relevant in laptops, which are most often subject to theft and loss.

The article will discuss the main ways to add a password to a computer. They are all unique and allow you to log in even using your Microsoft account password, but this protection does not guarantee 100% security against unauthorized access.

Method 1: Adding a password in the Control Panel

The password protection method through the “Control Panel” is one of the simplest and most frequently used. Perfect for beginners and inexperienced users, it does not require memorizing commands or creating additional profiles.

1. Press "Start Menu" and click "Control Panel".



2. Select a tab "User Accounts and Family Safety".



3. Click on "Change Windows Password" In chapter "User accounts".



4. From the list of profile actions, select "Create a password".



5. In the new window there are 3 forms for entering basic data that are necessary to create a password.



6. Form "New Password" is for a code word or expression that will be requested when the computer starts, pay attention to the mode "Caps Lock" and the keyboard layout when filling it out. Don't create very simple passwords like "12345", "qwerty", "ytsuken". Follow Microsoft's recommendations for choosing a private key:
   • The secret expression cannot contain the user account login or any of its components;
   • The password must consist of more than 6 characters;
   • It is advisable to use uppercase and lowercase letters of the alphabet in the password;
   • It is recommended to use decimal digits and non-alphabetic characters in the password.



7. "Password confirmation"— a field in which you need to enter a previously invented code word in order to eliminate errors and accidental clicks, since the entered characters are hidden.



8. Form "Enter a password hint" designed to remind you of your password if you can’t remember it. Use data known only to you in the hint. This field is optional, but we recommend filling it out, otherwise there is a risk of losing your account and access to your PC.



9. When you have filled in the required information, click "Create a password".



10. At this stage, the password setting procedure is completed. You can view the status of your protection in the account changes window. After reboot, Windows will require a secret expression to log in. If you have only one profile with administrator privileges, then without knowing the password, it will be impossible to gain access to Windows.

Method 2: Microsoft Account

This method will allow you to access your computer using your Microsoft profile password. The code expression can be changed using an email address or phone number.

1. Find "Computer Settings" in standard Windows applications "Start Menu"(this is how it looks on 8, in Windows 10 you can access "Parameters" can be done by pressing the corresponding button in the menu "Start" or by using a keyboard shortcut Win+I).



2. From the list of options, select a section "Accounts".



3. In the side menu, click on "Your Account", Further "Connect to a Microsoft account".



4. If you already have a Microsoft account, enter your email, phone number, or username and password.



5. Otherwise, create a new account by entering the requested information.



6. After authorization, confirmation with a unique code from SMS will be required.



7. After all the manipulations, Windows will ask you for your Microsoft account password to log in.

Method 3: Command Line

This method is suitable for more advanced users, as it requires knowledge of console commands, but it can boast of fast execution.

Conclusion

Creating a password does not require special training or special skills. The main difficulty is coming up with the most secret combination, not setting it up. However, you should not rely on this method as a panacea in the field of data protection.

Need to work immediately with several companies, which means you need to register with each and use a strong password. For social networks, for example, good protection also wouldn’t hurt... In general, the topic is more than relevant, so today we’ll talk about what the password will be quite complex for hackers, how to remember it, and how to store many complex passwords convenient and in a safe place.

How hackers crack passwords

I immediately remember the series “Sherlock” (season 4 in January, hurray-hurray), where our brilliant detective, in just a few attempts, was able to unravel a very non-trivial password on Irene Adler’s phone:

If she had chosen any random combination of four letters and numbers, it’s unlikely that even Sherlock Holmes would have succeeded. In general, filmmakers love to insert such scenes (remember any other one involving guessing a password), but the most interesting thing is that this kind of thing actually works in real life. This hacking method is called logical guessing— and is based on known information about the user.

If the attacker knows first name, last name and date of birth- in a few minutes he can go through possible combinations and crack a password that uses this information. Well, you probably use at least one of these? :)

By the way, do you know what passwords are found? more often? I found this sign online with examples of the most popular passwords:

As you can see, these are mostly simple combinations of numbers and letters. The frequency is not indicated here, but let’s say at least 1% of users use a primitive password 123456 — how many accounts can a hacker hack on a large service? What if we run through all known popular passwords? That's it…

By the way, there are special password dictionaries that can be downloaded from the Internet. Fortunately, popular sites have long required users to at least minimally complicate the input data - use upper and lowercase letters, at least a couple of numbers, and check that the password is not in the same dictionaries.

However, this may not be enough if the hacker has large resources and special programs. So-called brute force method allows you to guess passwords by simply trying all possible combinations; modern computer capabilities completely allow this.

The more different characters are used (uppercase and lowercase letters, numbers, dots/dashes/commas, etc.) and the longer the password, the more time it will take the computer to check all possible options. How much? Let's say the password uses only lowercase English letters and numbers, then the situation is like this:

As you can see, a password of less than 7 characters can be cracked in one day, and a 7-character password can be broken in a week, and if the hacker is lucky, even faster. In general, this is what password complexity looks like for the brute force method; I think the conclusions are obvious.

However, even if you create a good, complex password, there are bypass ways to hack it. For example, a letter arrives in the mail with a phrase like “to withdraw money, send your password for verification”, of course you do this under no circumstances should! Administration of any website or service never will not ask for your password, they already have it in the database.

Another way to get a password is to somehow “snoop” it. As a child, when I went to a computer club, this was a real problem - there were a lot of people around and entering the password for your game account without anyone spying on it was not easy. There have been cases of theft of game currency and items :)

Attackers can also hijack your computer Trojan program, which records what you type on the keyboard. To protect against such an attack, of course, you need to use antivirus.

Well, now you know the easiest ways to hack your data. How to protect yourself from them and create a complex and reliable password?

How to create and remember a strong password

As we have already found out, the password must be at least 8 characters long, and it is highly desirable that it use different types of characters:

• lower case - a,b,c…;
• capital letters - A, B, C…;
• numbers - 0,1,2…;
• punctuation marks - comma, dash, question mark, etc.;
• Special symbols — @, #, $, %, etc.

You can check the password complexity, for example, on the Kaspersky Lab website, it looks pretty lively:

You don’t have to create a password manually, there are a lot of sites where you can do this, just enter the query “password generator” in a search engine and you will get a large list. Of course, the question arises: does a particular site record entered passwords? Even if so, you still need to know the login, and it is not known where you will use the resulting combination.

To still calm your paranoia, you can generate a password on the site, and then change a few characters in it - the complexity will not change, and brute force hacking will still be very low.

There is only one problem with generated passwords - it’s quite difficult to remember at least one, but ideally Each site needs a unique one. One of the best ways to make things easier for yourself is to use words in your native language in the English layout, diluting them with numbers and symbols.

Here is an example of an easy-to-remember, but very high-quality password. Let’s take the Russian noun “iron” and the logically unrelated verb “green”. As numbers, let’s say there will be the year of birth of the famous writer - Leo Tolstoy, 1828. Well, let’s spice it up with an exclamation point!

Let's mix it up a little and we get the following password: en.u18!ptktyttn28. I wrote down Russian words using the English layout, divided the year of birth into 2 parts and put an exclamation mark at the end of each word. It seems to be nothing complicated, but the password turns out to be of very high quality:

You can come up with other similar ways to create a password - they will all give excellent results. However, this still does not help to follow the rule 1 site - 1 password, it’s difficult to remember more than five combinations and not start using them several times. It turns out that you need a place to store important data.

Programs for storing passwords

Separately, I would like to say that writing it down on a piece of paper and sticking it to the monitor is a so-so idea :)

You can, for example, write down passwords in a notebook, but this is not very convenient - you need to enter the password manually every time and also carry it with you everywhere. And anyone who sees you looking at a notebook and entering something on the computer will quickly understand what’s what and may try to steal it.

Still, it is more practical, in my opinion, to use a specialized program for storing passwords. Firstly, they can be stored directly in the browser— after the first introduction you are asked whether you need to save or not:

This is quite convenient, and accessing the storage is not so easy - the main thing is to update the browser on time, vulnerabilities are constantly being eliminated. Of course, there are also disadvantages - if someone else uses the computer, he can easily use the saved passwords.

It is quite possible to store not particularly important data in the browser - from some accounts on forums or free services, hacking of which will not cause you much harm.

More valuable data should be stored with at least additional security measures. There is a special extension for browsers LastPass, which does roughly the same thing as the browser itself, but better. The vault itself can be locked with a password; you will need to come up with just one using the “green iron” method and remember it.

The disadvantage of LastPass is that your passwords are still on third-party servers, and if they are hacked (and stories of hacking of major corporations indicate that no one is safe), the data will leak to the attackers.

I had a more inspiring experience working with a regular Windows password storage program - KeepPass. It is free and based on open source, which means many programmers have checked it and have not found hidden tricks that allow data to be stolen.

It is English-speaking, perhaps this is the only negative that I have found so far. The meaning is this - all passwords are in a database, which is protected by a separate password and a key file:

The Master Password should be very complex, but since there is only one, it is easier to remember. The password database looks like this:

I have several groups of passwords - Mail, Forex, Social Networks, etc., each of them stores different entries. In principle, everything is quite simple, especially if you know English.

You would probably like detailed instructions on how to use KeePass. Let's do this - if at least 5 different people in the comments ask to write an article or ask something about a program for storing passwords, I will assume that the audience is interested and will do it next week :)

And that's all! So you found out basics of creating and storing strong passwords. Let's check how things are going with Webinvest readers :) We need a site that everyone can use... I think social networks will do. So, I ask you to use the poll to tell us how complex the password you use for your favorite social network is:

I hope that after my article the situation will improve.

Friends, in general, do you take passwords responsibly? Or do you think that you shouldn’t worry too much, the hassles aren’t worth it and you can get by with fairly simple ones? Leave your opinions in the comments.

See you in new articles from Webinvest! Winter is coming... please don't get sick.

(add as a friend

We often say in the site's step-by-step instructions that passwords need to be created strong, long and complex. But what does all this mean in practice?

Let's understand the topic of creating strong passwords right now and learn how to create good passwords that attackers cannot crack.

Let us immediately note that none of the following tips provides 100% protection against hacking or theft. There is simply no such method in the world that would guarantee accurate protection against scammers!

If hack professionals want to get your password, they will do it, but strong passwords can weed out some newbies and non-specialists, complicate the task of hacking your account and greatly spoil the nerves of attackers, and therefore there is still a point in good passwords.

How do scammers find out your password?

There are several ways to obtain your secret password:

1. Simple theft, theft, password theft:

• through special programs
• over the Internet,
• through fake websites
• through fake programs,
• through access to your computer or the sheet of paper on which you write down passwords,
• finally, through blackmail, torture and interrogation (the latter is a joke, of course, but some girls actually use these methods to extract their boyfriends’ passwords in order to control their correspondence!).

Often these scammers can disguise their goals as completely harmless, for example, you are asked to provide your profile login information in order to enter the program or to confirm your registration or unlock your profile.

2. Social engineering. The essence of the method includes a logical approach and analysis of your person, identifying your personal information (year of birth, names of loved ones, passport details, telephone numbers, names of relatives, names of pets...).

3. Simple search through dictionaries. The simplest and stupidest way, which still manages to crack simple passwords consisting of dictionary words, popular combinations like 123456789 or abcdef or qwert. Here, a program with a built-in dictionary is actually launched and dictionary combinations are searched.

4. Brute search. Similar to the previous method, but includes all possible combinations in general. The system tries any values, and the fraudster hopes for luck that some options may coincide.

Considering the speed of such search (about 100,000 or even 1,000,000 combinations per minute), the probability of a match is quite high.

How to create/come up with a good password

A strong password should:

a) consist of letters and numbers;
b) have 8 or more characters;
c) contain both uppercase (lowercase) and lowercase letters;
d) include symbols (not alphanumeric characters);
e) do not coincide with any dictionary word (in all languages).

To quickly create a good password, we would advise taking a memorable phrase or expression that has nothing to do with you and typing it without spaces in the English layout.

Along the way, it is necessary to dilute this phrase with simple symbols and numbers, but in such a way that it is illogical. After this, all that remains is to replace a few lowercase letters with uppercase ones, and the job is done, a good password is ready. But all this is easier to understand with examples.

EXAMPLE of creating a good password #1

Step #1

Let’s take the same phrase “strong password”, type it in the English keyboard, and get “yflt;ysq gfhjkm”.

Step #2

Now we remove the space between the words and replace a couple of lowercase letters with capital ones, we get “yflt;ysQgfhjKm”.

Step #3

Now let’s add a couple of numbers, for example, at the beginning and end of the phrase, we get “2yflt;ysQgfhjKm1”

TOTAL: our password has 16 characters, there are uppercase and lowercase letters, there are numbers and symbols, there are no dictionary words! This is a good and strong password that is easy to remember using the phrase “2STRONG PASSWORD1” (only without a space in the center).

EXAMPLE of creating a good password #2

Step #1

Let’s take the following phrase “peace be at home”, type it in the English layout, and get “vbh ljve”.

Step #2

Now let’s remove the space between the words and replace a couple of lowercase letters with capital ones, we get “vBhljVe” (replaced the 2nd from the left and 2nd from the right letters in the phrase).

Step #3

Now let’s add numbers, for example, at the end of the phrase, we get “vBhljVe21”.

Step #4

Let’s complicate the passphrase with some symbol, but not between words, but after the first letter, to make it illogical, we get “v~BhljVe21”

TOTAL: our password has 10 characters, there are uppercase and lowercase letters, there are numbers and symbols, there are no dictionary words. This is how the phrase “peace at home” turns into a cool and complex password for us! And it's easy to remember.

The more illogical and unusual your password creation techniques are, the more secure it will be!

It’s so easy to create a complex and reliable password that will protect your profile well from simple hacking. It is worth remembering that different passwords must be created for different sites, and all of them must meet the above requirements.

If you ignore these tips, use simple combinations, personal data or dictionary words, the same passwords everywhere, don’t be surprised at your profiles being hacked, we warned you….

And under no circumstances enter passwords on sites or programs that raise even the slightest doubt! After all, it’s easier for an attacker to steal your password than to guess it.

Only at first glance, impenetrable passwords do not contain a logical structure and look like gobbledygook. Complex passwords are such only for those who do not know the recipe for creating them. You don't have to remember letter cases, numbers, special characters and their order. All you have to do is choose a memorable one and follow simple tips for creating strong passwords.

Nursery rhymes

We take any children's rhyme or counting rhyme as the basis for the password. It is advisable that it be found only in your area and not be generally known. And better than your own composition! Although any children's rhymes will do, the main thing is that the lines are firmly stuck in your head from a young age.

The password will consist of the first letters of each word. Moreover, the letter will be written in uppercase if it is the first in the sentence. We replace some letters with numbers similar in spelling (for example, “h” with “4”, “o” with “0”, “z” with “3”). If you don’t want to get too confused with replacing letters with numbers, look for a counting rhyme that already contains numbers. Don't forget about punctuation marks that separate words and sentences - they will come in handy.

Example:

The turtle has its tail between its legs

And she ran after the hare.

Got ahead

Who doesn't believe it - come out!

We replace the letters “h”, “z” and “o” with similar numbers. The second, third and fourth lines begin with capital letters and are therefore written in uppercase. Include four punctuation marks. Of course, we write in Russian letters, but on the English keyboard layout.

The 17-character password is ready! It may not be perfect because it contains repeated characters and consecutive lowercase letters and numbers. But to call it simple is certainly hard to come by.

Favorite sayings

The scheme is similar to children's counting rhymes. Only as a basis you take your favorite and very memorable phrases of thinkers, celebrities or movie characters. You can complicate your life somewhat by replacing the letter “h” not with “4”, but with “5”, for example. There can never be too many confusing maneuvers!

Example:

I found out that I have

There is a huge family:

River, field and forest,

In the field - every spikelet...

Replace the letter “h” with “8”, do not forget about upper case and punctuation marks.

Ze,8evTjc^H,g,bk,Dg-rr…

Jargon and terminology

This implies the use of professional jargon that is understandable to an extremely narrow number of people. These words are much more distant from the average person than the criminal sayings that are widely covered on television and the streets of any city.

For example, you can use a hospital discharge or a tricky medical definition.

Example:

Cyclopentaneperhydrophenanthrene is a 28-letter term. It turns out to be a bit long, so I propose to throw out the vowels and dilute the remaining consonants with upper case.

Memorable dates

Of course, your birthday or the day you start your married life is not the best basis for a password. The event should be of exceptional importance, and only you should know about it. For example, this could be the day you ate gum for the first time, ran away from class, or broke your heel. Since the password will be based on numbers, it would not be a bad idea to mix them with letters.

Example:

10/22/1983 and 06/16/2011

Replace the dots separating the day, month and year with any letter, for example the small English “l”, which is very similar to the quite commonly used separator “/”. Between dates we will put an underscore character “_”. Let's replace the zeros with the letters "o".

Visual Key

Use the smartphone unlocking technique on your keyboard as well. Think of any shape and “slide” your finger along its contours.

Don't forget to go through the numbers, change the horizontal and vertical direction of movement. And, unlike me, be imaginative!

Conclusion

The proposed methods for creating a password that is memorable, but at the same time quite difficult to understand, can be changed and combined at your discretion. It is enough to think about your super password once, and you can use it in the presence of a stranger without fear.

How do you choose your password?

One of the most significant security concerns in an organization is passwords for important user accounts. Even if you carefully plan and configure Group Policy security settings, including firewall settings with advanced security, deploy antivirus software and keep your system and antivirus software up to date, configure IPSec policies, deploy Network Access Protection servers, and If your users don't have strong enough passwords, the security of your entire company could be at risk.

Of course, you can, and should, use Group Policy to limit the creation of complex passwords, set the interval for account lockout in case of incorrect password entry, and set up audit policies to analyze failed login attempts. But even passwords that the operating system considers complex (that is, the password will exceed a certain number of characters, the password will contain uppercase, lowercase, and numbers) may actually be vulnerable and easy for attackers to crack. . It is this stage of ensuring the security of your company that may be the most difficult for you, since here your participation plays only a mediocre role, and any negligence on the part of your users can have a fatal impact on the infrastructure of the entire company. In other words, in this case, you need to try to get your users to create secure passwords, remember them, change these passwords periodically, and also keep these passwords to themselves, which, in fact, can be much more difficult than planning the organization's infrastructure, as well as Deploy and maintain servers with appropriate server roles.

In this article, I will talk a little about the reasons why which passwords cannot be created, as well as exactly how you need to create passwords for your accounts. Let's look at everything in order.

Password cracking methods

One of the most common methods of attack on any infrastructure is hacking the passwords of users who are authenticated in order to gain access to the organization's internal network. Accordingly, if an attacker gains access to a user account, he will have the opportunity to access any internal company documents and other protected information. In addition to user accounts for accessing an organization's internal network, attackers also often try to hack email accounts, social networks, blogs, and other things. Therefore, users should be advised that they cannot use the same password for all their accounts, much less a simple password.

In principle, there are many methods for cracking passwords, but this article will briefly discuss only the main methods that are most common these days. These methods include logical guessing, dictionary-based password guessing, brute force (or brute force), and the most serious method - the use of the human factor.

Logical guessing

This method is the simplest, and usually begins with logical guessing of the password. For example, an attacker could try to guess your users' passwords by knowing your user's first and last name and, say, their year of birth. For example, if a user creates a password like “Last name + year of birth” or a login specified in reverse order, you don’t have to worry too much, such a password will be hacked in a few minutes.

Searching passwords using a dictionary

Since many users like to use one word as a password for any of their accounts, be it the name of a volcano in Iceland or the name of their favorite rabbit and, at most, add one digit to such a password, attackers can hack such a password using pre-selected passwords , which are loaded from special dictionaries. Such dictionaries usually include words from different languages, which can be used by inexperienced or indifferent users. Guessing a password using this method usually doesn’t take much time, and an attacker can gain access to your users’ data in just a few hours. And since there are a lot of similar dictionaries on the Internet, you should immediately explain to users that they should not use such passwords, since not only their account on a social network, but also the entire infrastructure of the enterprise may suffer.

Another method associated with dictionary brute force is called brute force against a table of hashed passwords. This method is used when the attacker was able to determine password hashes and all he has to do is find a password in the database that will fully match this hash.

Brute force method

The brute force method or full (direct) search differs from the previous method in that when selecting a password, it is not a specific dictionary that is used, according to which you can select a simple password, but a large number of any possible combinations. In this case, as you understand, everything depends only on the complexity of the password and the number of characters. I think many of you have seen the following table, based on which you can roughly estimate the complexity of the passwords being created, given that the passwords will only contain letters of the same case with numbers and the search speed is 100,000 passwords per second:

Number of signs	Number of options	Search time
		less than a second
		less than a second
		less than a second
	2,821 109 9?1012	11 months
	1,015 599 5?1014
	3,656 158 4?1015
	1,316 217 0?1017
	4,738 381 3?1018	1,505,615 years

Accordingly, a more or less strong password can be considered a password whose length will consist of at least eight characters. Since when writing this article, the main task was to consider methods for creating strong passwords, it will not consider means of implementing brute force password searches.

Using human factors

Despite the fact that no technology is used when using the human factor, this method in most cases is considered the most effective and sometimes even the fastest, since in this case attackers obtain passwords using an illegal method from the users themselves, and the latter can even don't suspect. First of all, when using this method of obtaining user passwords, the attacker usually learns the names of the organization's employees, which he can either know initially or find on the same, say, company website, and after that, according to a pre-thought-out scenario, the attacker can obtain almost any data from users. There are a lot of methods for obtaining user passwords using the human factor. Let's briefly look at the main methods:

· Phishing. It is a fairly common method of obtaining the necessary information from users. The term phishing itself comes from the English word fishing, which translates as fishing and is a type of fraud whose main objective is to gain access to confidential user data. The attack itself occurs as follows: the user receives a letter in his mailbox, say, from a bank, where the user is asked to, by clicking on the provided link, change his password on the site for security purposes. In fact, such a link leads to the hacker’s website with a page that is very similar to the bank’s page and if you try to change your password, the password will be sent to the attacker;

· Infecting computers with Trojan horses. As you know, a Trojan horse is a malicious program that is distributed by attackers, with the help of which he can gain access to data, depending on what task he has set for himself. In turn, user passwords are no exception;

· Qui about quo. This method comes from the Latin expression qui pro quo (one instead of the other), which also means a misunderstanding resulting from the fact that one person, thing or concept is mistaken for another. In the case of password theft, this method involves the attackers calling the company. An attacker can pose as a technical specialist and learn about vulnerabilities that may exist in the organization and take advantage of them. Or simply find out the user password over the phone;

· Pretexting. This method is the easiest. By and large, using this method of password theft, the attacker may even be, to some extent, far from hacking, since in this case, actions are performed that are worked out according to a pre-compiled pretext or, more simply, a script. He can start communicating with the user on some website, via email, UIM messengers, etc. For obvious reasons, this method may take much longer than all those mentioned earlier, but, nevertheless, it is also in demand.

The simplest method of password theft is shown in the following illustration:

Creating complex passwords

Most likely, you have all seen the following picture.

Here, in a rather simple and humorous form, it is outlined what passwords can be created and how your users will interact with such passwords. To be honest, you may not agree with the method indicated in the picture, since the second password can be hacked faster than the first, although it will take the attacker some time.

First of all, as I said at the beginning of the article, in any case, you need to configure restrictions on the creation of complex passwords using Group Policy, and such policies should not be linked to any specific department, but to the entire domain. Of course, by setting up security policies, you will prevent the creation of passwords like "123456" or "qwerty" that users are so fond of creating, user passwords may still be vulnerable to hackers.

For example, if you have a user in your sales department, Vladimir, who was born on the 9th of a month, his password may well be something like “Vladimir9”. As you can see, this password is nine characters long, which will most likely exceed the password length preset by Group Policy. In addition, this password contains letters from different case (well, it’s not good to indicate your name with a small letter) and this password contains numbers (in this case, the user’s birthday). Accordingly, the password will satisfy the requirements specified using Group Policy, but it can be cracked literally in a matter of seconds.

You should try to encourage your users to create complex passwords for all their accounts, create different passwords for each account, and store their passwords in their memory. The last two points are the most difficult, since most users are used to having one password for their account in Active Directory, and also, it’s good, if so, to have one password for mailboxes, social networks, trackcreas, forums, and so on. If you still forced your users to create a complex password, pay attention to the fact that many people like to write it down on a piece of paper and stick it to their monitor, keyboard, etc., which is unacceptable, since it is difficult to call it a password.

How to create your own password

It is desirable that the user password be at least 8 characters long, and that the password contains Latin letters in different cases in random order, that the password contains numbers, and that there are also special characters. If a password is created for an account that will log into the server, then it is advisable to create passwords that will exceed 12 characters in length. In most cases, users rarely bother coming up with such passwords. Therefore, you will need to come up with passwords instead, which is extremely inconvenient, because... if you have 20 users, it will take some time, but you can handle it, but if you have more than 100 users, then such a pointless task will take a whole day. But they still need to be changed periodically, because... no password can be perfect.

Therefore, you can either direct users to sites with password generators, for example, to the site http://genpas.narod.ru or to sites with similar functionality. There are actually a lot of such sites. You can also write a page on your internal web server that will provide the same functionality, which is also unlikely to take much time, even if you have no web programming skills. And you can notify users about the presence of such a page on the site, say, using an official newsletter. Accordingly, your users will not need to waste time coming up with a complex password, but will only have to remember it.

You can also walk your users through simple scripts to create a complex but easy-to-remember password. There are hundreds of different interesting scenarios you can come up with. Let's look at a few of these scenarios.

1. Take two Russian words - a verb and a noun. For example, the words “cook” and “candlestick”. Add an arbitrary number that will be divided into two parts, for example, the year of birth of your favorite writer, say, 1966, and also take any special character, for example, a question mark. Now write down everything you found earlier in the following order: the first word with a capital letter, the first two numbers from the year of birth, a question mark, the second word with a capital letter and the last two numbers. It should look something like this: “Cook19?Candlestick66.” Now let’s type the received password on the English keyboard. As a result, your user will have the following password: " Ujnjdbnm19?Gjlcdtxybr66" This password contains 23 characters, and it is impossible to find it using a dictionary search method, and using the brute force method, it will take an attacker, to put it mildly, more than one month.

2. Take any tongue twister, for example, “In the depths of the tundra, otters in spats poke cedar kernels into buckets” and take the date of birth of the user’s cousin, say, October 29, 1957. Now write down each first letter of each word in English, and write down each the second letter is in uppercase and between some words put one number, and at the end of the password put an exclamation mark. It should look like this: " vN2tV9vG10tV19vY57k!" Again, such a password will be very difficult to guess.

3. Take any line of your favorite poem, for example, “It’s not for nothing that all of Russia remembers Borodin’s day!” and write down two letters from each word on the English layout, and for each new word, indicate the letter in upper case. You can put your birthday at the end. For example, in this case it should look like this: “ YtGjDcHjGhLt " received another complex password.

4. Take a difficult word that you remember, but that this word is not often used in colloquial speech. For example, let's take a word that is embarrassing not to know, namely the name of the volcano that erupted in Iceland in 2010, namely: Eyjafjallajökull. There are 16 letters in this word, so we’ll insert the year of the event after the 8th letter, i.e. 2010 and write all the words, as in the previous examples, on the English layout. We get the following complex password: “ ”qzamzlk2010fq`r.lkm».

You can come up with a lot of different interesting scenarios. The most important thing is that such passwords are not difficult to remember and are considered complex.

There are many ways to check the complexity of the created password. For example, Microsoft has a password checker that will let you know how strong the password you generated is. To do this, go to the Password Checker page and enter your password in the appropriate text field. You will immediately receive a notification indicating the type of complexity of your password. An example of this tool is shown in the following illustration:

Conclusion

This article talked about methods for cracking user passwords, as well as how you can create a password that is difficult to crack, but fairly easy to remember. I hope that using the four simple examples in this article, you can teach your users how to keep their data safe and create strong passwords. What scripts do you use to generate complex passwords?