Generally when talking about strong passwords it is recommended that they have at least eight characters and be strongthat is, include uppercase, lowercase, numbers, and symbols. Besides that are not based on personal information to make it difficult for them to be guessed by people who know us and to be unique for each service.
This last point is usually the most difficult to adopt since remembering many different and complex passwords is somewhat complicated, in fact there are people who cannot remember more than 2 or 3, so asking them to remember 5 or 10 is crazy.
However, the idea of using different passwords has good justification and it is to avoid that when losing one -for example in a phishing attack or hacking of a site- all are lost, that is to say all accounts are committed at once.
It is recommended to use unique passwords, at least for the services that we consider most important such as our personal email, a social network or access to online banking.
There are techniques that allow you to generate different passwords for each service and remember them without saving or writing them down, one of these techniques is known as the DeThi4-go method. Another way to remember passwords or rather manage them so that you don't have to remember them all :), is to use a password manager.
KeePassX, free password manager for Windows, Linux and Mac:
KeePassX is an open source program that allows you to manage passwords and store them securely in an encrypted database. To access them it is necessary to use a master password (this we must remember it!) or akey file that we can keep in any safe place.
With either of these two ways we can access our databasewhich is nothing more than a heavily encrypted file where the information is saved. It is worth mentioning that the format used for this database is compatible with other password managers such as KeePass Password Safe, in fact KeePassX is its clone originally created for Linux and Mac.
In the following screenshot you can see the program interface:
From this panel you can see or copy the passwords to access the different services you use, as you can see they can be organized into groups, and it is also possible to store their corresponding user and the URL of the service with them.
KeePassX also offers a strong password generator and options for them to expire after a while:
It is important to understand that all this information is stored in the database and without it the program cannot do anything. Therefore it is advisable to have a Base and key file backup (if we use it) somewhere safe, this way if we lose our equipment or it breaks, we can recover all the keys quickly and easily.
Integration with browsers?
Unfortunately the program does not offer options to integrate with the browser and avoid copying the passwords every time. For those who want to use such a function, there are other password managers like LastPass that are spatially designed for it, but this will be the subject of another post.
KeePassX: www.keepassx.org | download
In Ubuntu you can install it from the software center and in Windows it can be used in a portable way.
If you have any questions about the use of the program, do not hesitate to leave your comment to help you 🙂
A Plan B for passwords:
At the beginning of the post I commented that it is recommended to use unique passwords for the services that we consider important such as personal mail. Especially if we use it as a recovery method when we forget the password for some service.
I have seen several cases of users who compromise their Facebook accounts and for using the same password in the mail, then they cannot recover either one or at least they find it quite difficult.
Know them password recovery methods Of the different services we use is important, many in addition to the classic security question, which certainly must be something that no one can guess, offer other recovery options such as alternative mail or text messages (SMS).
A good practice is to simulate losing or forgetting a password to see what options we have, in this way we can be prepared or have a plan B ready in case of emergencies.
Single use and double authentication passwords:
Finally, it is worth mentioning that Hotmail It has an option that automatically generates a one-time password, that is, it can be used only 1 time to access email. This is extremely useful when using shared or unsecured computers like in an internet café:
You must access hotmail.com and select the option Sign in with a one-time code. Then you must enter your cell number associated with the account to receive the access password.
Facebook It also has a similar system, although you must send an SMS from the mobile associated with the account with the word otp(abbreviation of one time password) to a number that varies according to the country and the operator, you can see the list of numbers here.
On the other hand, the accounts of Google They have a double verification system that requires, in addition to the common and current password, a second verification that can be carried out by SMS, voice call or mobile application on Android, iPhone and BlackBerry.
These options are found in the Security section:
I hope the information is useful, in future posts I will continue to address the issue with reviews from other managers such as LastPass and versions of KeePass for mobile devices.
See also: Google and Microsoft tips for using strong passwords.