The Strength of Password Meters

At the introductory workshop, a very interesting evaluation was made on the strength of the cryptogram. Most of our daily lives touch the cryptogrammeter. The general expression of cryptography is a color bar. Short red bars indicate weak passwords and long green bars indicate strong passwords. The true purpose of cryptography is to show a better security path for users. However, since the advantages and disadvantages of these widely used devices have rarely been studied, this article really opens the real world.

Password strength measures the validity of passwords against speculative or violent attacks. In its normal form, estimate the number of times an attacker who has difficult access to a password directly needs to correctly guess the password. Password strength is a function of length, complexity, and unpredictability. The use of strong passwords can reduce the overall risk of security breach, but can not replace strong passwords with the needs of other effective security controls. The effectiveness of a certain strength password is highly dependent on the design and implementation of elements (knowledge, ownership, essential elements). The first element is the main focus of this article.

Please look at the password carefully. Most organizations have password policies to deal with user password reuse and strength. One area that tends to be overlooked is that the local administrator's PC password is the same as that used on the server. Hackers will not penetrate the entire system for a long time and use this information to cause internal and external damage. Please do not ignore the physical security. Do not leave ID cards, credit cards, personnel and financial files, and mobile / tablets like thieves who do not leave car keys on car ignition. When not in use, the staff need to train these people to deposit or lock these items

Your password should be long, random and unique. It is strongly recommended that you use a password manager such as Lastpass or 1 Password to achieve these objectives. There may be a password that you do not want to enter into the password manager (for example, the password manager's master password). To do so, we recommend using XKCD style passwords. As a bonus, if you use the password manager, you are unlikely to be a victim of credential phishing. Password administrators usually examine the URL of the page you are visiting and decide which credentials to use. The URL of the phishing site is not the same as the actual site, so the password manager does not enter the password in the login form. Coinbase provides encryption strength meters supported by password evaluation service.