Security: Choose a password

Published by TheJoe on

Estimated reading time: 4 minutes


This article was published more than a year ago, there may have been developments.
Please take this into account.

Keeping your data safe is important, and on the web the only obstacle that separates us from an attacker is a strong password. Normally we consider a password of medium strength when a certain requirements which will then go to list. It is noted that following this step by step guide there is a possibility that the password is stolen, however,. Aside from reasons such as the installation of malware, could happen because the thief uses a network of supercomputer with a speed of calculation beyond expectation, but fortunately happens mainly in the field of industrial espionage.

Today's article will not give instructions to the professionals, but try to be a guide for the average user who does not want to see each other stolen personal information.

We begin by saying that a good password should be long enough. Will contain more characters, the greater the combinations that the thief will have groped, thus losing time and maybe even hope. To make a comparison absurd: if the password was composed of a single character the thief could groped capital letters, lowercase letters, maiuscole their accents, the lower-case accented, count it, i simboli (+, -, x, :, etc..). With a character combinations it fills up fast. If the password is composed of two characters, the thief must prove all previous passwords multiplied by the same number. With three characters the same figure is multiplied again, and so on exponentially.

Considering an average password robust when it is composed of at least 8 alphanumeric characters, containing case, tiny, symbols and numbers arranged so apparently random.

As mentioned above it is clear that we will use to compose more characters, the lower the risk for us.

It is then important to ensure that the different characters are distributed in such a way unordered. A password like “aaAA11–” is easily decryptable. A password like “aW1- e-qK” is already more complex. To get an idea of ​​the complexity of the password Microsoft makes available between the pages of your site a small tool to do the test the site Comparitech us help. As you can see from the first password I mentioned stops at step lprimo, the second arrives just at the second “brick”, and is considered of medium complexity.

It is true that there are no passwords completely “safe”?

It, for the same reason before I brought up the supercomputer. There is a completely secure password (unless it is used to encrypt an image, or a particular file), discover the password for a thief is only a matter of time. Usually you connect from your PC and you run the automated programs that try out all combinations. One pc with high computational power will be able to enter the first, an old PC will succeed after. Succeed however in any case. If then the password must decrypt service on the internet (banking, mail, etc.) then there is the physical limit of the band of the thief and the victim. The information passing through the telephone wires as the water passes in a pipe. If the limit of a tube of a 1m diameter is 10lt of water per second, to make it go 20 we will have to wait two seconds, and so on. The passwords are not eternal, but need to be changed once in a while.

Every now and then my bank obblica to change the password to access my account online because they are too old. Is it really necessary?

Changing your password is a bit’ annoying, especially remember a new distance of two months, mostly because not everyone we access daily to the online account, but it is necessary because, as we said, the password is not effective eternal. Depending on the length it can be estimated in the effectiveness of the password time, if we do not spend the time to test its effectiveness just keep in mind to choose a medium strength and remember to change it once every two / three months.

Look here:  Change the password of a chrooted user

There is no security measures are an alternative that can keep me “a password for life”?

Recently, Google has implemented the password verification in two steps. It came communication to all Gmail users, or to those who had a GoogleID. The old password remains so (no one forbids us to change it anyway), plus get a text message to the number set by the owner of the Gmail inbox or GoogleID. The message contains a short code, inserting it, you have finally access to your Google account. It must be said that it is a very secure solution, but it is not congenial for laziness if a user is reluctant to change the password. There is also the risk that the mobile is switched off, without battery, stolen or lost. In that case, temporarily do not have access to their data, until we come again in possession of the number.

What are common mistakes in choosing a password? There is a look into the things not to do?

Usually you tend to choose a password easy to remember. You try to tie it to an event, person, a date or anything else that has a connection with our life. Nothing could be more wrong. And breve:

  • avoid names their common or, places, the words obvious, words that might contain a dictionary, terms of sense, youth slang, or local dialects,
  • avoid as much as to replace some characters with numbers which recall the shape (the “the” with “zero”, the “i” with “one”, etc.). Who wants to steal a password is not stupid, replacing characters with numbers of similar shape is one of the first attempts to attack,
  • it is not necessary, not to write down the password, try to memorize. The paper is volatile and easy to steal. We could save, for instance a number of dummy phone in our section that contains the password (Also this is not a secure method too), or save an e-mail that we will forward,
  • do not keep the same password for a long time. An average delivery time for not taking risks is the limit of two months,
  • try do not use the same password for multiple web services or accounts.

For some time they have arisen in some web sites that offer to save passwords of users and make it available within the account (Roboform, Lastpass, etc..). Ci sono da fare alcune considerazioni. È indubbiamente comodo avere tutte le password a portata di mano in un solo colpo, but this is clearly a decrease in safety. Just find a password in order to have available other. There is to say that you have to have a good confidence in your site that you sign up to provide all the passwords of all the services used. Often this solution is strongly recommended on the blog, o sui social network, but unless you know exactly to whom we supply our login wouldnt cautious.


I keep this blog as a hobby by 2009. I am passionate about graphic, technology, software Open Source. Among my articles will be easy to find music, and some personal thoughts, but I prefer the direct line of the blog mainly to technology. For more information contact me.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.