{"id":5231,"date":"2014-12-16T10:21:40","date_gmt":"2014-12-16T15:21:40","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5231"},"modified":"2020-02-26T15:10:45","modified_gmt":"2020-02-26T15:10:45","slug":"false-perception-of-it-security-passwords","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/false-perception-of-it-security-passwords\/5231\/","title":{"rendered":"False Perception of IT Security: Passwords"},"content":{"rendered":"<p>Welcome to the second post in a series of blog posts regarding the <a href=\"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-predicting-the-future\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">false perception of IT- security<\/a>. In this post we will describe some of the issues associated with password management. As you know it is quite important to have a strong password, but what is a strong password?<\/p>\n<p>When asking random people about passwords, they always agree that having a strong password is very important, but it is also very difficult to remember all these passwords. I get the feeling that instead of trying to come up with a good solution we simply give up and use that as an excuse to have a poor password policy.<\/p>\n<p>One problem is that we don\u2019t even know what a strong password is. A lot of people think that a strong password is a complex string, with random letters, numbers and special characters. But when looking at it from a security perspective, rather than from a cryptographic perspective, a strong password does not have to be completely random, and therefore super-difficult to remember.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Remembering long lists of <a href=\"https:\/\/twitter.com\/hashtag\/passwords?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#passwords<\/a> require us to do something we may not enjoy: study. <a href=\"https:\/\/t.co\/Dnbt1Dju5E\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Dnbt1Dju5E<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/524351956819927040?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 21, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>I am expecting a lot of password maniacs to holler at me now, but please remember that this blog post is not about describing the most complex and secure password algorithm out there, but to simply give some good tips and tricks for how individuals can stop using crappy passwords or using the same password on every single site where they need to authenticate.<\/p>\n<p>You can of course use a password management tool such as <a href=\"https:\/\/www.kaspersky.com\/password-manager\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaspersky Password Manager<\/a>, but this post will hopefully teach you simple password management without using any tools.<\/p>\n<p>So, let\u2019s take a look at how we can generate a strong password. First of all, I think that the most important thing to consider when creating a strong password is to make it personal. I agree that trying to remember a computer-generated password with random letters, numbers and special characters is difficult to remember. But if it\u2019s a phrase that is personal to you, it will probably be much easier to remember.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Tips on how to remember strong #passwords<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FPv2o&amp;text=Tips+on+how+to+remember+strong+%23passwords\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>There are tons of different methods for generating passwords, but I would like to share one way with you. It\u2019s probably have been described by others before, but I would like to call it the \u201cStory Algorithm\u201d. There are a lot of variants on this one, so feel free to come up with your own variant that you think best helps you.<\/p>\n<ol>\n<li>Think about a phrase, lyrics from a song, quotes from a movie or simply a lullaby from when you were a child.<\/li>\n<li>Take the first letter from the five first words.<\/li>\n<li>Between every letter add a special character.<\/li>\n<\/ol>\n<p>At this stage you will have created a static string, and from now on you will base all your unique passwords on this string. But since it\u2019s a static sting it won\u2019t be unique for every site that you need a password for. What you need to do now is to use the power of association.<\/p>\n<p>When you think of Facebook, Twitter, eBay, dating sites, online gaming sites or any other site, write down the first word you associate with the site you need a password for. For example, you are creating a password for Facebook you might associate Facebook with the blue color in the logo: so then you can simply append the world \u201cblue\u201d, but maybe in capitals, after your static string.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/12\/05195808\/ComStar-scaled.jpeg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-5233\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/12\/05195808\/ComStar-1024x342.jpeg\" alt=\"ComStar\" width=\"1024\" height=\"342\"><\/a><\/p>\n<p>Let\u2019s play with the idea that the phrase I think of is \u201cTwinkle Twinkle Little Star How I Wonder What You Are\u201d, and the special character I want to use is the hash character \u2018#\u2019. Then my password for Facebook would be something like: T#T#L#S#Hblue. It makes no real sense when you look at it, or if someone gave it to you. But since its personal, you understand the system used to generate any of your passwords; and since you associate the word with the site, it\u2019s also easy for you to remember any of them. And it is quite strong \u2014 you can test it with our <a href=\"https:\/\/www.kaspersky.com\/blog\/password-check\/\" target=\"_blank\" rel=\"noopener nofollow\">Password Check<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Don't forget to check your password! <a href=\"https:\/\/twitter.com\/hashtag\/PassChecker?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#PassChecker<\/a>  <a href=\"http:\/\/t.co\/vXnwmfqSWh\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/vXnwmfqSWh<\/a> <a href=\"https:\/\/t.co\/P9Pm0SGc4n\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/P9Pm0SGc4n<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/524916379968077825?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 22, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There is one password that you should be extra careful about, and maybe you should even use a completely different phrase when generating this password. This is the password to your email account. If someone can access your email, they can also use the \u201cforgot login\u201d function and not only get access to your email, but also change password for every site you have access to that\u2019s connected to that email address.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Prioritizing the Protection of Primary Webmail Accounts \u2013  <a href=\"https:\/\/t.co\/l0ip3Wk1uc\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/l0ip3Wk1uc<\/a> via <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/519147922542587904?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 6, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Please remember to use strong passwords. It is only a bad excuse not to do it, and it\u2019s a false perception that password management is difficult. Just remember these golden rules:<\/p>\n<ul>\n<li>The length is very important to create secure passwords!<\/li>\n<li>The uniqueness is very important! One password per site!<\/li>\n<li>Complexity is not how random the password is, but how <a href=\"https:\/\/www.kaspersky.com\/blog\/password-check\/\" target=\"_blank\" rel=\"noopener nofollow\">difficult it is to crack<\/a>!<\/li>\n<li>Make the password personal, it\u2019s MUCH easier to remember that way!<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to the second post in a series of blog posts regarding the false perception of IT- security. In this post we will describe some of the issues associated with<\/p>\n","protected":false},"author":336,"featured_media":5232,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2026],"tags":[2412,849,584,187,97,131],"class_list":{"0":"post-5231","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-advice","9":"tag-false-perception-of-it-security","10":"tag-great","11":"tag-passwords","12":"tag-security-2","13":"tag-tips"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/false-perception-of-it-security-passwords\/5231\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/false-perception-of-it-security-passwords\/4463\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/4400\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/4933\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/false-perception-of-it-security-passwords\/6460\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/7036\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/false-perception-of-it-security-passwords\/5851\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/false-perception-of-it-security-passwords\/6460\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/false-perception-of-it-security-passwords\/7036\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/false-perception-of-it-security-passwords\/7036\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/advice-2\/","name":"advice"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5231"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5231\/revisions"}],"predecessor-version":[{"id":19170,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5231\/revisions\/19170"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5232"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}