|We stumbled across the following article recently regarding Choosing Good Passwords, and thought it was definitely worth sharing. It’s from 2009, but all the guidance is still valid today. We strongly recommend you create one or more Password Generator Policies within Passwordstate, which encourage your users to use complex passwords.
Article Source – http://www.auscert.org.au/render.html?it=2260
|How hard is it to choose a good password? Most people believe that choosing a good password is easy. After all, how is somebody going to guess my wife’s maiden name?
In reality, people usually choose poor passwords. In 1990 [Klein 1990] an attempt to crack a large password database revealed over three hundred passwords in the first fifteen minutes! One fifth of all password were obtained in the first week and approximately one quarter were cracked by the end of the search. More than half of the cracked passwords were six characters or less and some accounts didn’t even have a password.
Some simple guidelines that will help you choose better passwords are:
|Article Source – http://www.auscert.org.au/render.html?it=2260|
Passwordstate has a quite capable Password Generator, and can be used in a couple of ways – each user can have their own personal Password Generator options, or specific options can be assigned to individual Password Lists. We’ll run through some of the options now:
Alphanumerics & Special Characters
You can specify what letters, numerics and special characters will use when generating passwords, but selecting the appropriate options on the ‘Alphanumerics & Special Characters’ Tab. Options are:
- Include Alphanumerics & Special Characters – if omitted, then only ‘Word Phrases’ will be used to generate the passwords
- Length – specify the minimum and maximum length of characters/numbers generated
- Lower-case – choose if you want to include lower-case characters
- Upper-case – choose if you want to include upper-chase characters
- Numbers – choose if you would like to include numbers
- Include higher ratio of alphanumerics vs special characters – if you also choose to include special characters, then you can choose to generate a percentage of alphanumeric characters than special characters
- Include ambiguous alphanumerics – characters like I , l, and 1 maybe be confusing as it’s difficult to read what they are, and you can choose to ignore these characters
- Include the following special characters – you can use the predefined ones, or modify to suite your own requirements
- Include the following brackets – again, you can choose the predefined brackets, or just specify the ones you want to use
To make the passwords a little easier to read and remember, you can also choose to insert random words within the password itself. There are 10,000 random words which can be used. Options are:
- Include Word Phrases – to include them or not
- Number of Words – how many words you would like inserted in the password
- Maximum Word Length – specify the maximum length of the word which will be generated
And now that you have specified all the settings for generating your password(s), on this tab you can specify how many passwords you would like to generate.
We hope you find this blog post useful, and please let us know if you have any other suggestions for posts you would like to see about our Password Manager software.
Passwordstate 4.5 is now available with the following changes:
- New – Added Random Password Generator allowing bulk creation of passwords (Ref 45.01)
- New – Added optional feature for automatically generating a random password when creating a new password record (Ref 45.02)
- Fix- Fixed a bug where IPv6 IP Addresses could not be added to the Audit table (Ref 45.03)
For customers wishing to upgrade, please follow these instructions: