Click Add

Friday, April 4, 2014

Server Security - How to create a strong Password

Server Security  - Basics Security

Using Strong Passwords


Strong passwords for all accounts on a server are the first line of defense against intrusion. It is critical that not only your root user password uses a strong password but every user who has access to login to your server in any way needs to maintain a strong password. This includes accounts created in control panels like Webmin, cPanel and Plesk.

A strong password should consists at at least 10 characters but 15-20 would be ideal. The characters should be random and should be mixed. Mixed characters means that the password consists of capital letters A-Z, lower case letters a-z, numbers 0-9, and character like %$*@?<+, etc... Not all applications will accept all characters so the password should be tailored for the application you're logging in to.

Creating a password you can remember is sometimes desired. It is possible to create a strong password with the memory queues you need to remember the password and be able to type the password when needed. One such device is to create a password from a phrase. For example let's start password creation for this example with the phrase "the happy brown dog". After counting the characters we know that we have 16 character, we cannot use spaces so they are not counted.

  • First we rewrite the phrase with no blank spaces. This results in "thehappybrowndog".

  • Secondly we should capitalize letters in places that we would remember the positioning of, for example we could capitalize the first letter of each word "TheHappyBrownDog".

  • Thirdly we should replace some letters with numbers and characters. Some common easy to remember replacements are a -> @, e -> 3, h -> 4, i -> !, i -> 1, p -> 9, etc...  You can make up your own replacements as long as you'll remember them. So implementing a replacement technique we could change the password to "Th3H@ppyBr0wnD0g".

  • Lastly we want to throw some random characters before the password, after the password and if you can remember the combination, you can even put them between words in the password. An example of this would be "Th3H@ppyBr0wnD0g!@#" or "!!!Th3H@ppyBr0wnD0g" or "123Th3H@ppyBr0wnD0g"!@#". As a rule when I add the random characters I like to use 3-5 that are geographically related on the keyboard. When I say "geographically related" I mean that they are adjacent or next to each other in some way.

Using these techniques you can ensure your server will be much more difficult for a brute force hacker to penetrate.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)