{"id":7036,"date":"2014-12-16T10:06:22","date_gmt":"2014-12-16T15:06:22","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=7036"},"modified":"2020-02-26T10:58:30","modified_gmt":"2020-02-26T15:58:30","slug":"false-perception-of-it-security-passwords","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/7036\/","title":{"rendered":"False Perceptions of IT Security: Passwords"},"content":{"rendered":"<p>Welcome to the second post in a series about the <a href=\"https:\/\/www.kaspersky.com\/blog\/false-perceptions-of-it-security-predicting-the-future\/\" target=\"_blank\" rel=\"noopener nofollow\">false perceptions of IT security<\/a>. In this post we will describe some of the issues associated with password management. As you know, it is quite important to have a strong password. So, what exactly is a strong password?<\/p>\n<p>When asking random people about passwords, they tend to agree that having a strong one is very important, but it is also very difficult to remember all of these passwords. I believe that instead of trying to come up with a good solution, we simply give up and use this as an excuse for having a poor password policy.<\/p>\n<p>One problem is that we are not even sure what a strong password is. Many people think that a strong password is a complex string of random letters, numbers and special characters. However, when looking at it from a security perspective, rather than a cryptographic perspective, a strong password does not have to be completely random and, therefore, incredibly difficult to remember.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Remembering long lists of <a href=\"https:\/\/twitter.com\/hashtag\/passwords?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#passwords<\/a> require us to do something we may not enjoy: study. <a href=\"https:\/\/t.co\/Dnbt1Dju5E\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Dnbt1Dju5E<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/524351956819927040?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 21, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>I am expecting a lot of password maniacs to yell at me now, but please keep in mind that the purpose of this blog post is not to describe the most complex and secure password algorithm out there. Rather, it is intended to simply share some good tips and tricks for how individuals can stop using crappy passwords or using the same password on every single site where authentication is necessary.<\/p>\n<p>You can, of course, use a password management tool such as <a href=\"https:\/\/www.kaspersky.com\/password-manager\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Password Manager<\/a>, but this post will hopefully teach you simple password management without the need for any tools.<\/p>\n<p>So, let\u2019s take a look at how we can generate a strong password. First of all, I think that the most important detail to consider when creating a strong password is to make it personal. I agree that trying to remember a computer-generated password with random letters, numbers and special characters is difficult. But, if it\u2019s a phrase that is personal to you, it will probably be much easier to recall.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Tips on how to remember strong #passwords<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F29oi&amp;text=Tips+on+how+to+remember+strong+%23passwords\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>There are tons of different methods for generating passwords, but I would like to share one way with you. Though it has probably been described by others before, I will call it the \u201cStory Algorithm\u201d. There are many variants in this process, so feel free to come up with your own version that you believe will most help you.<\/p>\n<ol>\n<li>Think of a phrase, song lyrics, quotes from a movie or simply a lullaby from when you were a child.<\/li>\n<li>Take the first letter from the first five.<\/li>\n<li>Between every letter add a special character.<\/li>\n<\/ol>\n<p>At this stage you will have created a static string, and from now on you will base all of your unique passwords off of this string. Since it\u2019s a static sting, it won\u2019t be unique for every site that you need a password for. What you need to do now is use the power of association.<\/p>\n<p>When you think of Facebook, Twitter, eBay, dating sites, online gaming sites or any other site, write down the first word that you associate with that site that you need a password for. For example, if you are creating a password for Facebook, you might associate Facebook with the blue color in the logo: so, then you can simply append the word \u201cblue,\u201d maybe in all caps, at the end of your static string.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/12\/06042009\/ComStar-scaled.jpeg\"><img decoding=\"async\" class=\"aligncenter wp-image-7038\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/12\/06042009\/ComStar-1024x342.jpeg\" alt=\"ComStar\" width=\"900\" height=\"301\"><\/a><\/p>\n<p>For example, let\u2019s play with the idea that the phrase I think of is \u201cTwinkle Twinkle Little Star How I Wonder What You Are,\u201d and the special character that I want to use is the pound character, \u2018#\u2019. Then my password for Facebook would be something like: <strong>T#T#L#S#Hblue<\/strong>. It makes no real sense when you look at it, or if someone gave it to you. But, since it\u2019s personal, you understand the system used to generate your passwords and you associate the word with the site, it\u2019s easy for you to remember. Not to mention, it is quite strong \u2014 you can <a href=\"https:\/\/www.kaspersky.com\/blog\/password-check\/\" target=\"_blank\" rel=\"noopener nofollow\">test it with our Password Check<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Don't forget to check your password! <a href=\"https:\/\/twitter.com\/hashtag\/PassChecker?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#PassChecker<\/a>  <a href=\"http:\/\/t.co\/vXnwmfqSWh\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/vXnwmfqSWh<\/a> <a href=\"https:\/\/t.co\/P9Pm0SGc4n\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/P9Pm0SGc4n<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/524916379968077825?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 22, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There is one password that you should be extra careful about; it may even be good to use a completely different phrase when generating this password. This is the password to your email account. If someone can access your email, they can use the \u201cforgot login\u201d function to not only get access to your email, but also change the passwords for every site you have access to that\u2019s connected to that email address.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Prioritizing the Protection of Primary Webmail Accounts \u2013  <a href=\"https:\/\/t.co\/l0ip3Wk1uc\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/l0ip3Wk1uc<\/a> via <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/519147922542587904?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 6, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Please remember to use strong passwords. It\u2019s a false perception that password management is difficult and it is a bad excuse not to do it. Just remember these golden rules:<\/p>\n<ul>\n<li>The length is very important when creating secure passwords!<\/li>\n<li>Uniqueness is very important! One password per site!<\/li>\n<li>Complexity is not about how random the password is, but how <a href=\"https:\/\/www.kaspersky.com\/blog\/password-check\/\" target=\"_blank\" rel=\"noopener nofollow\">difficult it is to crack<\/a>!<\/li>\n<li>Make the password personal, it\u2019s MUCH easier to remember it that way!<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>As you know, it is quite important to have a strong password. But what is a strong password?<\/p>\n","protected":false},"author":336,"featured_media":7037,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1243,886,605,187,97,131],"class_list":{"0":"post-7036","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-cybersavvy","9":"tag-false-perception-of-it-security","10":"tag-great","11":"tag-passwords","12":"tag-security-2","13":"tag-tips"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/7036\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/false-perception-of-it-security-passwords\/4463\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/4400\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/4933\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/false-perception-of-it-security-passwords\/5231\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/false-perception-of-it-security-passwords\/6460\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/false-perception-of-it-security-passwords\/5851\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/false-perception-of-it-security-passwords\/6460\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/false-perception-of-it-security-passwords\/7036\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/false-perception-of-it-security-passwords\/7036\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/tips\/","name":"tips"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/7036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=7036"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/7036\/revisions"}],"predecessor-version":[{"id":33416,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/7036\/revisions\/33416"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/7037"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=7036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=7036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=7036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}