In this chapter, we will reveal a few secrets to making your password much more protected against such threats as a brute-force attack – when an attacker systematically tries every password until he finds the correct one; password snooping – when an attacker tries to see the login/password combination you enter; forensic analysis – when a malicious intruder attempts to access your passwords or obtain physical access to your device.
Secret 1. Use special characters to protect yourself from a brute-force attack.
In this part, you will find out how to create an extra layer of defense from a brute-force attack (password guessing) by adding special characters to your password. Special characters are usually the symbols we can type using a keyboard &^%^$#@)_|/, but in reality there are a lot more special characters that don’t appear on your keyboard and can be entered only with a special character table (the so-called non-printing characters).
Most password guessing software use only standard special symbols, and in this way it will be useless for the purposes of defeating your password. Even if a password cracking tool is able to check the symbols you use, it’s hardly feasible in real life since, first, you hardly ever encounter this kind of practice and, second, it simply complicates the process of trying all possible password combinations.
We recommend you use the zero-width non-joiner, it’s completely invisible to the human eye, and most systems can read it. Add the zero-width non-joiner to your password, and it will become practically unreachable for a brute-force attack.
TipAdd the zero-width non-joiner to your passwords.
This trick has a disadvantage: not all systems can read the zero-width non-joiner, so it’s not applicable everywhere.
Secret 2. Use false key-presses.
Imagine yourself in the following situation: you enter a password while a video camera set up in the ceiling watches every move your hand makes, every keyboard press, no matter how sophisticated your password is, don’t be deluded – your password will be cracked by perpetrators.
You can protect yourself from this threat by using some object to cover the password you enter. Many specialists that deal with sensitive information do this, and we too recommend you cover the keypad with some object or your free hand so that nobody can see what you type in.
TipWhen entering an important password, obscure the keypad with some object or your free hand so that nobody can snoop on what you type in.
Rumor has it that when Edward Snowden happened to be in Hong Kong, he entered his passwords covering himself with a duvet. While this is a foolproof method, you are very unlikely to take your duvet to your office for the purpose of protecting your password.
A simpler way to defend against password snooping would be to add false key-presses. A false key-press involves touching a key-press without actually pressing a key. When a person types in his password fast, a prying person won’t be able to make out if the pressing of the keys was real or not. Even if a snooper sees the keys you fake press, when reproducing them, he will get an incorrect password as one or several presses were false.
We recommend you add two-three fake keystrokes to especially important passwords, however avoid entering them one by one in a row. Simultaneously tilt the screen of your laptop not to give anyone the idea about the exact number of characters you enter as well as cover your keypad from prying eyes.
TipAdd two-three false keystrokes to especially important passwords.
TipWhen you enter important passwords, tilt the screen of your laptop toward the keyboard.
Secret 3. Type in your password fast.
I’ve often seen how people enter their password as if they do it for the first time. The speed with which you type in passwords directly affects your security: the chances of your sensitive data getting seen. You need to enter your passwords as fast as possible. Train yourself to achieve that.
Train yourself to enter your password fast. Enter it as many times as you need, you will be surprised at how fast and easily you can enter your password and how hard it will be for a snooper to make out what you type in. Your speed is crucial when you use false key-presses in your passwords.
TipLearn to type in passwords as fast as possible.
Secret 4. Emergency password erasure.
Whether you store your passwords in a text document or prefer a safer method of using a password manager, you may find yourself in a situation where you need to instantly destroy your passwords as there can be no worse scenario than having all your passwords obtained by a malicious intruder.
Use the program Panic Button for emergency password erasure. When setting up the application and proceeding to the step where you need to choose the files for deletion, add the document with passwords or your password base to this list. Make sure you make a backup copy of the password document or password base in advance and keep it in a secure place.
Download widget: Panic Button
In the event of an emergency situation, you activate Panic Button, and the pr