Blog de Matias Katz Hablamos un poco de seguridad?

¿Do Google, Twitter, Facebook and company worry about your passwords?

(Note: This post has been automatically translated by Babelfish, sorry for any inconsistencies)

The security has taken a very important role nowadays, to protect our personal information and the information that our systems store is vitally important.

Normally the users tend to use passwords that are easy to remember. Like the name of its pair, of its dog, the name of its favorite equipment or its city of birth. For an attacker it would not be difficult to observe as they are the obsessions of the user to try to find out his password.

An attacker who wants to enter of form manual the account of a user, first who will try will be words that are important for him. If it does not secure results of fast form, the following thing will be an attack by dictionary and if this does not work either an attack by brute force will try using multiple combinations of characters although at the moment the technology puts limits to this type of attacks… although implemented not always well.

When a password is created, we must use one that is not in a dictionary. And it releases all it and complex so that an attack of brute force cannot solve it because it requires long time and processing, since a password is made more complex exponentially by each character that you add increasing its length.

Worry the social networks, webmails of which we use robust passwords?

Unfortunately, the majority of them does not demand a robust password to us, although they have indicators of the strength of the password.

Guide for the generation of passwords

The weak passwords have the following characteristics. They are possible to be found in a dictionary. They are of common use like: names of relatives, fantastic mascots, friendly, personages, terms of computer, commandos, cities, companies, hardware, software, dates of birthday and another personal information like directions or telephone numbers. Or landlords like aaabbb, qwerty or words followed or preceded of digits.

The strong passwords have the following characteristics: they contain very small and capital characters, digits and special characters. 0-9! @#$%^& * () _+|- = \ `{} []: " ; '? . /They have at least 8 characters of length. They are not in any dictionary. They are not based on personal information. One is due to try to create a password easy to remember. A form to do it is to create a password based on a song, affirmation or phrase. For example " Stairway To Heaven" it could be St41rW4y2H34v3n@.

In addition we counted on tools for the generation of automatic passwords, like for example ours bot that has a service to it.

Standard of protection of passwords

• To change to the passwords every 30 days.
• Not to write the passwords and to leave them within reach of the others.
• Not to keep the passwords without basing them.
• Not to use the same password for the accounts of the organization who stops the personal accounts (email, bank…).
• Not to share the passwords in the company with anybody, including the administrative personnel, secretaries.
• All the passwords must be treated like sensible, confidential information.
• Not to give the password by telephone to anybody.
• Not to give the password by email.
• Not to give the password to the head.
• Not to say the password in front of people.
• Not to reveal the questionnaire password.
• Not to share the password with relatives or fellow workers during the vacations.
• Not to use the option " to remember password" in the applications (IE, MSN, Mozilla,…)
• If we suspected that a key could have been usurped, to report the incident to the personnel of security of YOU and to change all the passwords.
• Audits will be due to do of crackeo of password by the security personnel.
  If some password is obtained during these escaneos it will have to be documented to the user so that it comes to change it.

In addition it would be necessary to see what usuary existing in the systems does not need password nor shell, so that there is not form of which they enter the systems.

The robustness of the passwords is a fundamental point that it is in forward edge for the protection of the user accounts. To choose a weak password will jeopardize of critical form the resources.

Source (Spanish): http://www.securitybydefault.com/2009/09/se-preocupa-google-twitter-facebook-y.html