Monday, September 3, 2007

Passwords on internet

Many websites require that you register and provide a password. How safe is that?

I just signed up on a site and after registering I got a message like this: "We have sent a message to this address and providing you with a copy of your password."

And the email said: "You chose to register with the following email address: .... You chose the following as your password: ***********". But with the password in clear text of course.

When you can be emailed the same password as you have selected you know their solution to save passwords is not the safest one. Why is that?

If some hacker breaks in to their database they can also get all passwords without much problem.

Tip is to always use completely different passwords wherever you register. A strong password should appear to be a random string of characters to an attacker. It should be 14 characters or longer, (eight characters or longer at a minimum). It should include a combination of uppercase and lowercase letters, numbers, and symbols.

Here is a good article on Strong passwords: How to create and use them and an online Password checker.

For more technically details see this post.

Update: Javascript Password Strength Meter


Some of the latest blog posts

Subscribe to RSS headline updates from:
Powered by FeedBurner