Internet privacy and security course
About translation
Previous Next
The secrets of a strong password

Chapter 35

The secrets of a strong password

In this chapter, we will reveal a few secrets to making your password much more protected against such threats as a brute-force attack – when an attacker systematically tries every password until he finds the correct one; password snooping – when an attacker tries to see the login/password combination you enter; forensic analysis – when a malicious intruder attempts to access your passwords or obtain physical access to your device.

Secret 1. Use special characters to protect yourself from a brute-force attack.

In this part, you will find out how to create an extra layer of defense from a brute-force attack (password guessing) by adding special characters to your password. Special characters are usually the symbols we can type using a keyboard &^%^$#@)_|/, but in reality there are a lot more special characters that don’t appear on your keyboard and can be entered only with a special character table (the so-called non-printing characters).

Most password guessing software use only standard special symbols, and in this way it will be useless for the purposes of defeating your password. Even if a password cracking tool is able to check the symbols you use, it’s hardly feasible in real life since, first, you hardly ever encounter this kind of practice and, second, it simply complicates the process of trying all possible password combinations.

We recommend you use the zero-width non-joiner, it’s completely invisible to the human eye, and most systems can read it. Add the zero-width non-joiner to your password, and it will become practically unreachable for a brute-force attack. 

Tip

Add the zero-width non-joiner to your passwords.

This trick has a disadvantage: not all systems can read the zero-width non-joiner, so it’s not applicable everywhere.

Secret 2. Use false key-presses.

Imagine yourself in the following situation: you enter a password while a video camera set up in the ceiling watches every move your hand makes, every keyboard press, no matter how sophisticated your password is, don’t be deluded – your password will be cracked by perpetrators.

You can protect yourself from this threat by using some object to cover the password you enter. Many specialists that deal with sensitive information do this, and we too recommend you cover the keypad with some object or your free hand so that nobody can see what you type in.

Tip

When entering an important password, obscure the keypad with some object or your free hand so that nobody can snoop on what you type in.

Rumor has it that when Edward Snowden happened to be in Hong Kong, he entered his passwords covering himself with a duvet. While this is a foolproof method, you are very unlikely to take your duvet to your office for the purpose of protecting your password.

A simpler way to defend against password snooping would be to add false key-presses. A false key-press involves touching a key-press without actually pressing a key. When a person types in his password fast, a prying person won’t be able to make out if the pressing of the keys was real or not. Even if a snooper sees the keys you fake press, when reproducing them, he will get an incorrect password as one or several presses were false.

We recommend you add two-three fake keystrokes to especially important passwords, however avoid entering them one by one in a row. Simultaneously tilt the screen of your laptop not to give anyone the idea about the exact number of characters you enter as well as cover your keypad from prying eyes.

Tip

Add two-three false keystrokes to especially important passwords.

Tip

When you enter important passwords, tilt the screen of your laptop toward the keyboard.

Secret 3. Type in your password fast.

I’ve often seen how people enter their password as if they do it for the first time. The speed with which you type in passwords directly affects your security: the chances of your sensitive data getting seen. You need to enter your passwords as fast as possible. Train yourself to achieve that.

Train yourself to enter your password fast. Enter it as many times as you need, you will be surprised at how fast and easily you can enter your password and how hard it will be for a snooper to make out what you type in. Your speed is crucial when you use false key-presses in your passwords.

Tip

Learn to type in passwords as fast as possible.

Secret 4. Emergency password erasure.

Whether you store your passwords in a text document or prefer a safer method of using a password manager, you may find yourself in a situation where you need to instantly destroy your passwords as there can be no worse scenario than having all your passwords obtained by a malicious intruder.

Use the program Panic Button for emergency password erasure. When setting up the application and proceeding to the step where you need to choose the files for deletion, add the document with passwords or your password base to this list. Make sure you make a backup copy of the password document or password base in advance and keep it in a secure place.

In the event of an emergency situation, you activate Panic Button, and the program will safely remove all your passwords, not only the passwords you’ve added but also those saved in your browser (you can select this option in the program’s settings).

You can also take advantage of the logic bomb mode that allows Panic Button to destroy your data when detecting unauthorized access attempts on your device. It is an extremely useful feature if you work with sensitive information.

Secret 5. The secret part of your password.

Imagine the following situation: a malicious intruder gains access by force or deception to your password manager or text document with passwords. The intruder copies the password, tries to log in to the system and …sees that the password he’s entered is wrong. He goes on to copy another one, wrong again, the second, the third time – the same results.

How is that possible? It’s actually very simple: make the static part of a password which will always be at the start or the end of your password. It should be easy and easy to remember, for instance, “qwerty1960”. Without the introduction of this secret part of your password, no written password will be accepted. Probably, you’ll find the constant need in entering the secret part of your password a bit of a hassle, but believe me, the level of security you get for all your passwords is worth it.

Tip

Add the secret part to all the passwords you’ve written down and saved.

If you save your passwords in a browser, you need to first save the original password. Then change it in the settings of your account by adding the secret part. When the browser asks you to update the saved password, refuse it. When opening a website, your browser will offer you the saved password that should be extended with the secret part.

Secret 6. Secure transmission of your password.

There are many users who send passwords from one device to another. Somebody uses one-time message services, some send them over an instant messaging client – all these measures are, of course, not really safe, but if you need to do it, you can take advantage of a secret that makes your sensitive data transmission a more secure process.

When sending a password, don’t copy it completely, erase the first or last 2-4 characters. You won’t have any trouble entering them manually, but if your password gets stolen by a malicious intruder, he won’t be able to use it.

Tip

When sending a password, copy only one part of your password.

If you are already using the secret part of your password technique mentioned aboive, you can overlook this advice.

Previous
10926
Next