In this chapter, we will reveal a few secrets to making your password much more protected against such threats as a brute-force attack – when an attacker systematically tries every password until he finds the correct one; password snooping – when an attacker tries to see the login/password combination you enter; forensic analysis – when a malicious intruder attempts to access your passwords or obtain physical access to your device.
Secret 1. Use special characters to protect yourself from a brute-force attack.
In this part, you will find out how to create an extra layer of defense from a brute-force attack (password guessing) by adding special characters to your password. Special characters are usually the symbols we can type using a keyboard &^%^$#@)_|/, but in reality there are a lot more special characters that don’t appear on your keyboard and can be entered only with a special character table (the so-called non-printing characters).
Most password guessing software use only standard special symbols, and in this way it will be useless for the purposes of defeating your password. Even if a password cracking tool is able to check the symbols you use, it’s hardly feasible in real life since, first, you hardly ever encounter this kind of practice and, second, it simply complicates the process of trying all possible password combinations.
We recommend you use the zero-width non-joiner, it’s completely invisible to the human eye, and most systems can read it. Add the zero-width non-joiner to your password, and it will become practically unreachable for a brute-force attack.
TipAdd the zero-width non-joiner to your passwords.
This trick has a disadvantage: not all systems can read the zero-width non-joiner, so it’s not applicable everywhere.
Secret 2. Use false key-presses.
Imagine yourself in the following situation: you enter a password while a video camera set up in the ceiling watches every move your hand makes, every keyboard press, no matter how sophisticated your password is, don’t be deluded – your password will be cracked by perpetrators.
You can protect yourself from this threat by using some object to cover the password you enter. Many specialists that deal with sensitive information do this, and we too recommend you cover the keypad with some object or your free hand so that nobody can see what you type in.
TipWhen entering an important password, obscure the keypad with some object or your free hand so that nobody can snoop on what you type in.
Rumor has it that when Edward Snowden happened to be in Hong Kong, he entered his passwords covering himself with a duvet. While this is a foolproof method, you are very unlikely to take your duvet to your office for the purpose of protecting your password.
A simpler way to defend against password snooping would be to add false key-presses. A false key-press involves touching a key-press without actually pressing a key. When a person types in his password fast, a prying person won’t be able to make out if the pressing of the keys was real or not. Even if a snooper sees the keys you fake press, when reproducing them, he will get an incorrect password as one or several presses were false.
We recommend you add two-three fake keystrokes to especially important passwords, however avoid entering them one by one in a row. Simultaneously tilt the screen of your laptop not to give anyone the idea about the exact number of characters you enter as well as cover your keypad from prying eyes.