Passwords
Content
1. overview
Protect your user account (account) with a good password that you can easily remember and that a stranger or a programme will find very difficult or impossible guess (in a reasonable amount of time). Programmes that want to “crack” passwords “(password crackers) generally work with dictionaries so that every password work with dictionaries, so any password that can be found in a dictionary is a bad password. “peter”, “pEter”, “pEter84” or similar passwords can be found by a programme in no time at all. As computing power ever greater, programmes can also try to generate and test all possible passwords. Today’s workstations (May 2008) can generate approx. 100,000,000 passwords per second per second. If your password consists of only five lower case letters (e.g. “peter”), the programme only has to test all passwords passwords consisting of 26 letters with the lengths one, two, three four and five to generate your password with certainty. with certainty. In this case, a maximum of “26 + 262 + 263 + 264 + 265 = 12,356,630” passwords would have to be generated and be compared. The programme would have found your password using the so-called Brut-Force method on today’s workstations in about 0.12 seconds. If you had chosen a similarly simple password with a length of eight characters, the programme would have would have to generate about 2.17 * 1011 passwords and would take up to 36 minutes.
If your password contains upper and lower case letters, numbers and special characters special characters (e.g. from the following ten special characters “,;.:-_!%/#”) you would already have a character set of 26 + 26 + 10 + 10 = 72 characters. With a password length of eight, the programme would have to generate and compare around 7.3 * 1014 passwords in a Brut-Force attack, which would take around 84 days. would take. As a rule, the programme would find your password much faster. If you are unlucky, your password your password is at the beginning of the generated password list and is found found after just a few seconds. On average, a password found by these programmes in half the time (i.e. around 42 days). found. For this reason, today’s programmes generally use programmes generally use so-called dictionary attacks instead of brute-force attacks, as they can reach the target faster with many passwords more quickly. Further information can be found at Wikipedia.
In reality the programme should have access to the table with the encrypted passwords, as otherwise it would not be able to compare the generated otherwise it would not be able to compare the generated passwords with the real passwords.
2. good passwords
A good password fulfils the following requirements:
-
it contains at least one uppercase and one lowercase letter letters, at least one number and at least one special character. special character.
-
it is at least twelve (preferably 14) characters long.
-
it does not appear in any dictionary without taking into account numbers and special characters and capitalisation in any dictionary (not even in foreign-language dictionaries). foreign-language dictionaries).
-
if you change the password, change at least three characters. three characters.
**Keep your password secret! A password that you reveal to other people or write down or write it down and keep it near your computer is not a good password! is not a good password!
You can memorise complicated passwords using mnemonic phrases, e.g. the mnemonic phrase “My new password is now 12 characters long” could replace the good password password “M#nP%ij12Z;l” (initial letters of words and special characters after capital letters). capital letters). Do not use well-known literature quotations as as mnemonics, as these are also known to the cracker programmes. programmes.
3. change password
Under UNIX operating systems (Solaris, Linux, Cygwin) the password is changed in a command line window with the command passwd. First you must enter your old password to authenticate yourself and then enter the new password. After you have entered the new password again for confirmation the new password for confirmation to rule out typing errors, the password is changed by the system. You will not receive an echo for characters entered, so you will not see anything when you type your password. password. The system will still recognise your password. UNIX prevents another user from entering the length of your password. user can spy out the length length of your password to make it easier to break it. easier to break.
Under Microsoft Windows 10 you must select Accounts in the Settings. There you can then click on Sign-in options. In the “Password” field, click on “Change”. Now enter your old password for authentication and enter the new password twice to avoid typing errors. Leave the field for the password hint empty, as the hint is is visible to all users of the computer and would allow them to guess the password. would allow them to guess the password. The “Settings” can be found by clicking with the right mouse button on right mouse button on Start (bottom left in the menu bar) and then clicking on click on “Settings”.
If the user logs in via the Novell Client for Windows (generally Windows computers in the computer computers in the computer rooms), press the “<Ctrl keys “” at the same time. The window “Novell Client for Windows” window opens. Select “Change password”. Now click once on the name of the server in front of your user name and then enter your old password for authentication and enter the new password twice twice to avoid typing errors. It will take a few seconds before the new password can be used on all computers.
If the user logs in on a Windows server (generally Windows computers in the computer rooms), press the the computer rooms), press once simultaneously the keys “” at the same time. The window “Windows Security” window opens. Select “Change password…” and then enter your old password your old password for authentication and enter the new password twice twice to avoid typing errors. It will take a few seconds, before the new password can be used on all computers.