SplashData has published a list of the most popular passwords on the Internet, based on password leaks from users of various services. Of course, there are few randomly generated passwords in the results – most of them choose passwords in accordance with some of their associations, and they are usually the same.
Yes, in 2016 the most popular passwords are the same as always – “123456” and “password”. Also eternal hits – date of birth and phone number. Sometimes passwords are tied to some significant events, for example, this year “starwars” got into the rating of the most common ones.
But do not expose yourself to such a risk and use such simple passwords – attackers will break through the first when trying to brute force. You can learn more about how this works in the article on Pentesting Tools.
So how do you keep your account secure and not go crazy thinking up new passwords and trying to remember them? Let’s try to figure out what services and programs exist that can help with this. Of course, we will only look at a few of the most popular products, and this selection is not meant to be exhaustive.
Password managers
It’s hard to force yourself to give up using one password for all services and stop using simple combinations that are easy to remember and quickly enter. But password managers can solve this problem – they can come up with a long password that does not contain dictionary words, save it, and then, for example, copy it to the clipboard, rather than try to enter it by hand. Let’s consider the most popular and free ones.
KeePass
Open-source password manager, free for Windows (old version 1.x only), and in version 2.x – also for Mono in OS X and Linux. The password database is encrypted with AES-256 and is stored in a separate file – a database that you can easily take with you on a flash drive or save in the cloud. Some other clients, for example, KeePassX, are able to work with the KeePass password storage format.
The program itself runs locally, which means it is less susceptible to vulnerabilities than cloud storage. In addition, she knows how to generate passwords, so she can be used simply as a generator (but why?).
Program website: http://keepass.info/
LastPass
A fairly well-known password manager, this time in the cloud. You can use the free version or buy the premium package. The service can be used under Windows, OS X, and Linux, it works in all the most common browsers – Firefox, Chrome, IE, and some others. You can manage the password database through the web interface or a portable client by downloading the database from the cloud to your computer.
The main disadvantage is the storage of the database on the cloud, which increases the risk of hacking or theft of all databases from the service. In addition, you do not always have the Internet, and it is not a fact that you will have time to save the database locally, providing for the option of its loss.
Service website: https://lastpass.com/
Password generators
If you are confident in your memory or do not want to collect all passwords in a database, then your choice is simple password generators, for example, specialized sites or even a self-written version.
PWGen
PWGen is an open-source cryptographic password generator that runs on-premises. Under Linux, it works as a console application, there is also an analogue on Windows, with a graphical interface. The main task of the program is to generate a password that will be difficult to guess and not too difficult for a person to remember. In addition, it generates many passwords at once – convenient when you need passwords for a large number of people.
Installation on distributions using rpm (RHEL, CentOS, Fedora, SuSE):
yum install pwgenOn distributions using deb (Debian, Ubuntu, Kubuntu):
sudo apt-get install pwgenWindows version: http://pwgen-win.sourceforge.net/
Online generator with entropy
This generator emphasizes that the results of its work directly depend on how you move the mouse and which buttons you press during generation. Entropy is simple to implement: during mouse move, click, keydown events, the coordinates of the cursor, the code of the pressed key, and some other parameters are saved. This data is then used to initialize the generator. The password is also generated on the client side, so it will not be possible to intercept it during transmission.
Generator link: http://genpas.peter23.com/
PasswordCard
This service generates not just a password string, but a PasswordCard – a credit card-sized card that you can save on your computer or print, laminate and carry with you. If you use it correctly, even having received the card in your hands, an attacker will hardly be able to guess your passwords from it – it is difficult to guess which of the thousands of combinations on the card are passwords.
To use, you just need to remember in which line or column your password is written, and then simply enter it from the card. Reading the map from left to right is optional and not even recommended – you can also from right to left, top to bottom, or even diagonally. It is the multitude of reading options that allows you to store a very large number of passwords on one card. You can also save the card number separately and then restore the card from it if it is suddenly lost.
Service link: http://www.passwordcard.org/ru
Those who do not trust all these services or want to use their own, dear ones, can be advised to write their own password generator – the simplest implementation will take no more than 15 minutes.
