Support 24×7 | +380 44 583-5-583 | support@tucha.ua

How to create and where to store a strong password

  1. Home
  2. Blog
  3. Instructions
  4. How to create and where to store a strong password
Categories

One of the most critical problems in the modern world is cybersecurity. Since each of us uses social networks, e-mail, messengers, and various online services, it is important to know how to securely protect your data. And for owners of websites, online stores, and blogs, secure access to accounts is an integral part of a successful business.

The main helper in the cybersecurity battle is a solid password. We share how to create a strong password, where and how to store it, what measures should be taken to ensure that your password protects from intruders.

password-100
Why it is important to store passwords correctly

Using passwords is a vital component of working with any software or resources. At the same time, passwords are an integral part of a company's information security. They protect user accounts, user data, and access to them. Using a weak password can make data accessible to third parties. It can also disrupt the performance of information systems of other companies (for example, a provider of hosting services).

Therefore, employees of the company, suppliers, contractors, or visitors — all users who have access to the company's information systems are responsible for the creation of secure passwords and their protection.

What weak and secure passwords are

Each of us uses passwords for various purposes. The most common purposes are logging into a computer, e-mail, authorization on various web resources, etc. In some cases, there are systems with one-time passwords. We use passwords a lot, so every user should know the requirements for creating strong passwords.

Let us take a closer look at what a secure password should be and what combinations you should avoid.

Signs of a weak password:

  • contains less than 12 characters;
  • a word from a dictionary;
  • a word used in everyday life, for example, names or surnames of friends, colleagues, actors or fairy-tale characters, animal nicknames;
  • computer term, command, name of a site, hardware, or software;
  • variations of the company name or trademark;
  • birthday or other personal information, such as an address, phone number, etc.;
  • regular sequences of characters and numbers, for example, 111111, abcde, qwerty, etc.;
  • any of the above in reverse spelling;
  • any of the above with the addition of a digit at the beginning or at the end.

For example, among the most common passwords around the world are the following: 123456, 123456789, 123123, 123321, 111111, password, qwerty, qwerty123, iloveyou, princess, admin. Often names of sweets or car brands, for example, cocacola, snickers, mercedes, ferrari. Heroes from movies and cartoons, in particular superman and spiderman, as well as the names of popular world bands (for example, metallica) are also quite popular. Unfortunately, the trend remains the same in 2019. The list has only been supplemented with other frequently used words, for example, football, monkey, donald, charlie.

Now let us look at what elements of a strong.

Characteristic of a strong password:

  • contains large and small letters;
  • contains large and small letters;
  • contains numbers and symbols;
  • more than 8 characters;
  • is not a word in any of the languages, dialects, jargon, slang;
  • it is not based on personal information.

Also, a secure password should not be stored in paper or electronic form without the appropriate protection.

How to create a password that is easy to remember

The password should not only be strong but also easy to remember. But how to make such a combination? We suggest creating a password based on a song name, phrase, or association with them. For example, your favorite song is The Beatles - Let It Be (1970). Then the password may look like this: TB-19lib70.

pass_02-100
Which passwords cannot be used

For company user accounts, one cannot use:

  • the same password as for other information systems (for example, home Internet provider, free email, forums, etc.);
  • the same password for different corporate systems;
  • the same passwords in Unix and Windows operating systems.
What to avoid when working with passwords
  1. Report the password to other persons, including administrative staff.
  2. Report the principles of password creation (for example, based on a surname).
  3. Report the password in electronic surveys, unfamiliar authorization forms, or anywhere else.
  4. Pass the password to colleagues during your absence, vacation, or business trip.
Additional measures to protect your data

Make sure that a password-protected lock screen is turned on on your computer, which will be activated after 10 minutes of your inactivity. At the same time, logging in should not be performed automatically.

Also, block your computer every time you leave your workplace. There are several ways to block a PC. For the Windows OS family, use the Windows + L or Ctrl-Alt-Delete keys and select the appropriate option in the available list of operations. If you need to lock a PC with Linux OS, use the keyboard shortcut Ctrl + Alt + L.

And a few more rules that we recommend applying when working with the Tucha cloud infrastructure:

  • Make sure that accounting for wrong password entry attempts is activated in your accounts. Remember that the user account is blocked for 1:00 after 5 incorrect attempts to enter the password within 5 minutes. Only system administrators can unblock accounts that belong to the group Administrators. And this is done after confirming that the wrong password was entered by the user. Otherwise, the problem is transferred to the company's information security service.
  • Do not forget to update your password regularly. Change it at least once every 180 days, and for accounts that belong to the group Administrators — once every 90 days.
  • If you think that someone might have found out your password, change it immediately and inform the company's information security service by phone or email. If someone requires you to provide the password, you should also immediately contact our technical support service.
  • Also, contact the company's technical support service immediately if you have lost your password, the media, or the device on which it was saved. If someone found out your password, you can change it yourself.
Where and how to store passwords correctly

Let us look at the simple principles of storing passwords that will protect your data from falling into the hands of intruders.

How not to store passwords:

  • do not keep passwords in paper form;
  • do not leave information about passwords in any files or on media that are available not only to you,
  • do not leave default passwords set by administrators;
  • do not store passwords in software that is not designed for this (in browsers, utilities for connecting to other services, etc.).

For the most secure password storage, we recommend using password managers, for example, KeePass, EnPass, CommonKey, Dashline, etc. And we have also prepared for you visual instruction on how to properly configure and use KeePass.

Summary

So, protecting your data on the Internet is not so difficult. You only need to create a strong password, store it correctly, and follow simple measures to protect your data from access by others. Now you know how to do it. And if you have any questions or you think that someone might have found out your password, please contact us at any time. We are in touch 24×7 and will always provide prompt assistance!

Share:
Related articles
KeePass
How to easily use KeePass

We often hear that we need to create strong passwords. However, there is neither the time nor the desire to create and memorize complex combinations. In addition, it seems that this is not particularly necessary.

Using MySQL-Tuner to perfect MySQL server
Using MySQL-Tuner to perfect MySQL server

Manual configuring of MySQL is a complex and non-trivial task, only experienced specialists can do it. For others, including novice webmasters, there is a simple and highly effective solution – the MySQLTuner utility, which will find problem areas in the MySQL database configuration and provide solutions to the identified problems.

The connection to the server is lost
The connection to the server is lost. Tracing and ping

To take in the situation quickly and understand on which side the error is, route tracing and pinging the intermediate nodes is the minimal thing that you can do. How to do this, we will tell you now.

our website was hacked
Oh, our website was hacked! So what has to be done?

Personally, we do not negotiate with intruders. And we will tell you how to deal with them. :)

Правильне завершення сеансу
Why session termination on a server is important. User's memo

When users work on virtual servers, it is critical to end work sessions correctly. This has a significant impact on data security and integrity, as well as the performance of the server. In this article, we will take a closer look at what you should do before logging out of the server, how to end the session correctly, and what risks this will help you avoid in the future.

Close
Get a callback

Please check if the information in the phone number field is correct
Fields are required.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We use cookies.

We use tools, such as cookies, to enable essential services and functionality on our site and to collect data on how visitors interact with our site, products and services. By clicking Accept or continuing to use this site, you agree to our use of these tools for advertising and analytics.

AcceptDecline