Basic security with passwords
To make users create strong passwords, and in that way improve the security of a system, it's a good idea to define the type of password that can be created. There are several ways to do this:
  • make them use a password generator
  • setup some guidelines like how much the password has to be long, what characters have to be used, etc.
  • check the integrity of existing passwords with a cracking program and alert users with a weak password.
There are various cracking programs that you can use, some of them are:It's wise to change the password frequently as well as avoiding having people look at you when you type your password. There's never enough paranoia when it comes to protecting your data.

Default passwords

Many applications, that need identification in order to be used, have a default password. Although this password may be easy to remember, you should change it as soon as possible. Lists of default passwords can be found all over the net and that's probably one of the first things an attacker is going to try using. The same thing applies for any situation when a password is assigned to you, login and change it, right away.

An example of a list of default passwords can be found here.

For much more information on passwords and other methods of authentication, I recommend reading the excellent Authentication: From Passwords to Public Keys by Richard Smith.

As it says on the Addison-Wesley book page:

"[This book] gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed."

And, to close this article, here are two interesting articles you might be interested in:


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th