【 Weak current college 】 teaches you how to write a proper security of password policies

Let people choose to use a strong password is a very difficult thing. In particular, people began to doubt the validity of using strong passwords, we really have trouble; however, you still have a way to expose.

On how to provide a valid password in the simplest and most common suggestion was to use strong passwords. Theoretically, a truly powerful password should as much as possible in the characters on the keyboard, you should at least include the following three different aspects:

1, password, string length, requiring as much of the press

2. password should contain many different types of characters (lowercase, uppercase, numeric keys, special characters, space characters, etc), needs throughout all regions of the keyboard.

3, the password should be free to select as many different characters, and not in accordance with predictable repeat mode selection.

If the password is large enough, depending on the current level of malicious hackers should never break. Of course, technology is in a State of constant development, so you should be good in the future on the password policy to upgrade the necessary preparations.

Unfortunately, when we choose to use a strong password security on the road, people would be hampered, like password safe worst enemy. Some institutions in password security policy, has been incredible, this results in improved security, lost in idle state. In fact, this behavior is a recent example is the United States express customer service email. Similar examples shortage to simply unbelievable, we can do everything is amazed this is onion site just made up, not a fact. But this really is a frightening reality.

Based on kewang columnist Stirling · Camden in the articles of a kind of theory, this issue occurs because people are afraid of SQL injection attacks. Lack of understanding of the actual principle of attack, they take to avoid causing any problems for the password to avoid this problem, butdid not know that doing so may cause more serious vulnerabilities and problems. Of course, if the password just after a hash encryption processing back to plain text format to save in the database, special characters or even does not provide for the helped SQL injection attacks, because after a hash encryption processing in General is a hexadecimal string, which means no other characters, only letters and numbers only.

In General, a good password authentication system in any case should be dealt with through the hash encryption for contrast. One might ask, why the password as plain text stored in the database, this is from a security perspective, contains special character password is strictly prohibited.

Therefore we only publicity should use a strong password can be said to be far enough, because no matter how many times that, always it was not heard. Clearly, understanding the importance of strong password always tolerant does not know this other person, but we use some people writing software, but there was and there was a clash of strong passwords.

Weakpasswords.org is a use of public power to oppose the weak password policy to improve password security Web site. Weakpasswords.org lists using weak password policy of the site, and encourages visitors to add more similar sites that concern them until a correction. In a sense, it is a site administrator to change the password policy in qingyuan. Site maintainer, Jerry · Jay is so described:

My monthly to the site to send e-mail, make them aware of how many people want to change the password policy. In the message, I will also be accompanied by a description of current practice is to secure the connection to the article.

Special characters cannot be used in password restrictions shows managers of ignorance or have other hidden agenda, there is no reason to explain it would give site maintenance in a safe or other benefits. Here, Jerry · Jay is so described:

Google, Microsoft, Facebook, Twitter — they all already allows you to use any of the desired password. There is no reason to restrict a password which characters to use. If a site says it can't let a character appears in the password, this description of their software may not be secure.

His behavior is noble and worthy of support. Please help spread weakpasswords.org website. Like the United States express and Ingo Internet banking, the company should be aware that some people learn with their policy of weaknesses and also not in favour of this.

If this also does not allow the company to change it, you probably should consider business is transferred to the understanding of the safety of the competitors.