Updates password intro

This commit is contained in:
Alicia Sykes 2019-12-24 23:08:04 +00:00 committed by GitHub
parent 0b8a9a90ec
commit 220cd5a5a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2,15 +2,13 @@
## Passwords
Ideally you should use a different and secure password to access each service you use. To securely manage all of these, a password manager is usually the best option.
Most reported data breaches are caused by the use of weak, default or stolen passwords (according to [this Verizon report](http://www.verizonenterprise.com/resources/reports/rp_dbir-2016-executive-summary_xg_en.pdf)). Massive amounts of private data have been, and will continue to be stolen because of this.
According to [this Verizon report](http://www.verizonenterprise.com/resources/reports/rp_dbir-2016-executive-summary_xg_en.pdf) most reported data breaches are caused by the use of weak, default or stolen passwords. Massive amounts of private data were stolen because of this.
For everything you could ever want to know about passwords, check out [this guide](https://heimdalsecurity.com/blog/password-security-guide/).
Use strong passwords, which can't be easily guessed or cracked. Length is more important than complexity (at least 12+ characters), although it's a good idea to get a variety of symbols. Ideally you should use a different and secure password to access each service you use. To securely manage all of these, a password manager is usually the best option. [This guide](https://heimdalsecurity.com/blog/password-security-guide/) gives a lot more detail about choosing and managing passwords.
**Security** | **Priority** | **Details and Hints**
--- | --- | ---
**Use a strong password** | Recommended | Try to get a good mixture of upper and lower-case letters, numbers and symbols. Avoid names, places and dictionary words where possible, and aim to get a decent length (12+ characters is ideal). Have a look at [HowSecureIsMyPassword.net](https://howsecureismypassword.net) and [How Long will it take to Crack my Password](https://www.betterbuys.com/estimating-password-cracking-times/) to get an idea of what a strong password is. See [this guide](https://securityinabox.org/en/guide/passwords/) for more information.
**Use a strong password** | Recommended | Try to get a good mixture of upper and lower-case letters, numbers and symbols. Avoid names, places and dictionary words where possible, and aim to get a decent length (a minimum of 12+ characters is ideal). Have a look at [HowSecureIsMyPassword.net](https://howsecureismypassword.net) and [How Long will it take to Crack my Password](https://www.betterbuys.com/estimating-password-cracking-times/) to get an idea of what a strong password is. See [this guide](https://securityinabox.org/en/guide/passwords/) for more information.
**Dont save your password in browsers** | Recommended | Most modern browsers offer to save your credentials when you log into a site. Dont allow this! As they are not always encrypted, hence can allow someone to gain easy access into your accounts. Also do not store passwords in a .txt file or any other unencrypted means. Ideally reputable use a password manager.
**Use different passwords for each account you have** | Recommended | If your credentials for one site gets compromised, it can give hackers access to your other online accounts. So it is highly recommended not to reuse the same passwords. Again, the simplest way to manage having many different passwords, is to use a [password manager](https://en.wikipedia.org/wiki/Password_manager). Have a look at [LastPass](https://www.lastpass.com), [DashLane](https://www.dashlane.com), [KeePass](https://keepass.info) or [Robo Forms 8](https://www.roboform.com).
**Be cautious when logging in on someone elses device** | Recommended | When using someone else's machine, ensure that you're in a private session (like Incognito mode, Crt+Shift+N) so that nothing gets saved. Ideally you should avoid logging into your accounts on other peoples computer, since you can't be sure their system is clean. Be especially cautious of public machines, or when accessing any of your secure accounts (email, banking etc).