Monday, September 3, 2007

Passwords on internet

Many websites require that you register and provide a password. How safe is that?

I just signed up on a site and after registering I got a message like this: "We have sent a message to this address and providing you with a copy of your password."

And the email said: "You chose to register with the following email address: .... You chose the following as your password: ***********". But with the password in clear text of course.

When you can be emailed the same password as you have selected you know their solution to save passwords is not the safest one. Why is that?

If some hacker breaks in to their database they can also get all passwords without much problem.

Tip is to always use completely different passwords wherever you register. A strong password should appear to be a random string of characters to an attacker. It should be 14 characters or longer, (eight characters or longer at a minimum). It should include a combination of uppercase and lowercase letters, numbers, and symbols.

Here is a good article on Strong passwords: How to create and use them and an online Password checker.

For more technically details see this post.

Update: Javascript Password Strength Meter

No comments:

Post a Comment

Subscribe to the comments feed

Some of the latest blog posts

Subscribe to RSS headline updates from:
Powered by FeedBurner

Contact Us | About JTB World | Subscribe to this blog
JTB World's website | Website General Terms of Use | Privacy Policy
^ Top of page

© 2004- JTB World. All rights reserved.