Password Security Best Practices

Author: LinusTechTips
243806 View
8m 4s Lenght
12712 Rating

How can you keep your online accounts safe? Luke has a few tips to share... Massdrop link: http://dro.ps/linustechtips Logitech link: http://linustechtips.com/main/topic/322269-logitech-g303-daedalus-apex/ Pricing & discussion: http://linustechtips.com/main/topic/463491-password-security-best-practices/ Support us: http://linustechtips.com/main/topic/75969-support-linus-tech-tips-our-affiliates-and-sponsors/ Join our community forum: http://bit.ly/ZkLvE7 https://twitter.com/linustech http://www.facebook.com/LinusTech Intro Screen Music Credit: Title: Laszlo - Supernova Video Link: https://www.youtube.com/watch?v=PKfxmFU3lWY iTunes Download Link: https://itunes.apple.com/us/album/supernova/id936805712 Artist Link: https://soundcloud.com/laszlomusic Outro Screen Music Credit: Approaching Nirvana - Sugar High http://www.youtube.com/approachingnirvana

Comments

1. Stormaggedon, lol Doctor Who reference
2. lol lastpass was hacked
3. The only thing I disagree with is your examples of passwords that are just a bunch of words. With a dictionary attack they are way too easy to crack. The rest of what you said was good though.
4. Yubikeys are super safe
5. ..."you have to be Chareful..." dat feminine voice though
6. to add to this try to get as many possible characters into the password.
   
   Example:P@ssW0rdSample5
   
   By introducing caps, lower case, numbers, and special symbols every character has 72 effective potential values. You can calculate possible combinations by taking the password length to the power of total character potential.
   
   The sample password is 15 characters and it is taken to the power of 72. My calculator gave an error so i can promise that is a very large number and well beyond brute force attacking (unless someone has serious unrealistic computing power or is willing to waste a lifetime attacking you.) The point is if your security hits a certain point hackers who are not seeking revenge will become discouraged and seek a easier target.
   
   Please note NOT to use that example above. I only made it to show a point of letter substitution with numbers and symbols.
   
   All information can be found in the book "Computer security: Principals and Practice" by Stalling and Brown.
7. Its wrong to use long password over short if long is glohloejhelhe,stronger is for example 1g@P,
8. I have some issues with 2-factor. First, if my second factor is my cell phone, then I am counting on having service, having a working and turned-on phone, and having the phone in my possession. Second, if my second factor is e-mail, I am counting on being able to reliably log in and read my e-mail. I have had times where my phone is my only available browser, but the webmail interface is not fully compatible with it, making it impossible for me to read and use any email sent there. Third, it makes logging in a bit more involved and time-consuming. Fourth, the second factor can potentially get hijacked (through social engineering, for example), effectively locking me out of my own accounts, even if I happen to use a very secure password.
   
   There must be a better way...
9. love the usernames in this video xD
10. Password Problems
    
    Windows: please type your password
    
    Me: cabbage
    
    Windows: password must have more than 8 letters
    
    Me: boiled cabbage
    
    Windows: password must have at least one number
    
    Me: 1 boiled cabbage
    
    Windows: Password cannot have spaces
    
    Me: 1bloodyboiledcabbage
    
    Windows: Password must have caps
    
    Me: 1BLOODYboiledcabbage
    
    Windows: Password cannot have more than 3 caps
    
    Me: 1Bloodyboiledcabbage
    
    Windows: Password must have more than one uppercase letter
    
    Me: 1VERytriggeredbloodyboiledcabbage!!!
    
    Windows: Password cannot have punctuation
    
    Me: 50iWillhuntyoudownYouStupidwindowspasswordreqruirements
    
    Windows: That password is already taken😂😂😂
    
    Me: AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
11. i already do most of these thing but the lilr key card thing are they cheep and easy to set up?
12. If i wanted to watch a ad before my video, I wouldnt pay for youtube red... so.. knock it off Linus... ! :P lol
13. 12345? Just like my luggage!
14. why shouldnt i write down my passwords? it's better than storing it digitally...
15. I got Lastpass then it turned out it doesn't work with Chrome sign in... the most important sign in in life... :(
16. my password is sarah brightmans birthday
17. One thing I'd like to point out that I do, is when recording your password, don't enter the correct password, enter it inverted, or with a missing or added letter or something like that. Just so long as its easy enough to remember.
18. lol123 #GG ALRPG
19. More of a generic comment, but im usually seriously irritated when websites dont always include the ability to use special characters ( ! @ # $ % for eg ) in passwords or even limit you to short passwords as well, like 8 characters short or something dumb like that. Even encountered some rather high valuable places like internet banking doing so. :c
20. I use Hunter2