Passwords
From CVL Wiki
(Created page with "VT Password Info: How to change all your VT passwords: http://computing.vt.edu/kb/entry/3924 Creating strong passwords: http://www.awareness.security.vt.edu/passwords/strong_...") |
(→Use a passphrase instead of a password) |
||
(12 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | VT Password Info | + | =VT Password Info= |
+ | '''VT will expire your PID and Hokies passwords once a year.''' | ||
− | How to change all your VT passwords: http://computing.vt.edu/kb/entry/3924 | + | *How to change all your VT passwords: http://computing.vt.edu/kb/entry/3924 |
− | Creating strong passwords: http://www.awareness.security.vt.edu/passwords/strong_passwords.html | + | *Creating strong passwords: http://www.awareness.security.vt.edu/passwords/strong_passwords.html |
− | Use a passphrase instead of a password: | + | |
+ | |||
+ | =Use a passphrase instead of a password= | ||
+ | At the most basic level, a password's strength is derived from it's length. The longer the password, the better. Passphrases tend to be easier to remember and type, while still remaining very strong and hard to crack. | ||
+ | |||
+ | For example, a passphrase of 4 words and 28 characters, "correct horse battery staple", is stronger than a password of 11 characters and high complexity, "Tr0ub4dor&3" | ||
+ | |||
+ | This XKCD comic illustrates the issue: https://xkcd.com/936/ | ||
+ | |||
+ | ===Suggestions for creating a passphrase=== | ||
+ | *Choose some words from your favorite poem, book or movie, preferably at random. | ||
+ | *Use a nonsensical phrase of words, something that has meaning to you. | ||
+ | *Choose words at random, or using a system like [http://world.std.com/~reinhold/diceware.html Diceware] | ||
+ | *'''DO NOT''' use common phrases, such as "An apple a day..." | ||
+ | *Try to limit any personal information (names, dates, addresses) in the passphrase | ||
+ | |||
+ | Type it out. Make sure it is at least 4 words long. Now, because almost all sites require AlphaNumeric + Special characters, you should capitalize one or more words and add punctuation. Be sure to include spaces. | ||
+ | *Example: Correct horse 4 Battery staple! | ||
+ | |||
+ | '''NOTE''': There will be websites or applications that limit the size of the password to 16 or less characters, reducing the effectiveness of a passphrase. For these situations we recommend using a password manager to generate a unique and strong password. | ||
+ | |||
+ | =Use a password manager= | ||
+ | Password managers are programs that will protect and save your account info and passwords to your computer. These programs use a master passphrase to encrypt all of your passwords, making it easy to update and find all of your passwords. | ||
+ | |||
+ | We strongly encourage you to use a password manager to create a unique password for each web account you have. | ||
+ | |||
+ | *We recommend using [http://keepass.info/ Keepass] as your password manager. | ||
+ | |||
+ | ==Using KeePass== | ||
+ | http://keepass.info/help/base/firststeps.html | ||
+ | |||
+ | ===Windows=== | ||
+ | ====Installation and new Database==== | ||
+ | #Download [http://keepass.info/download.html Keepass Professional Edition] (Version 2.X) | ||
+ | #Install KeePass with the default options | ||
+ | #Open KeePass | ||
+ | #Create a new KeePass database, open the '''File''' menu and select '''New''' | ||
+ | #Name the database and save it to your computer | ||
+ | #Enter a Master Password, twice. | ||
+ | #*Again, we recommend using a "Master Passphrase" of 4 or more words with capitols, spaces and punctuation. | ||
+ | #Accept the default Database Settings and select '''OK''' | ||
+ | ====Adding password entries==== | ||
+ | # Now you can start creating new entries. On the left are the entry groups or folders, and on the right are the password entries. | ||
+ | #* There are a few example groups and entries, you can safely modify or delete them as you like. | ||
+ | # To add a new password to the KeePass database, open the '''Edit''' menu and select '''Add Entry...''' | ||
+ | # Fill in the necessary fields (Title, Username), and add any notes or URL's if you desire | ||
+ | # We recommend using the KeePass password generator to create new passwords, or you can type in your own password | ||
+ | #*The '''Generate a password''' icon is to the right of the second password field | ||
+ | ====Using Password Entries==== | ||
+ | #Now that you have a new password entry, you can simply right click on the entry title | ||
+ | #Select '''Copy User Name''' or '''Copy Password''' | ||
+ | #Paste the username or password into the desired password box. | ||
+ | |||
+ | ===OS X or Linux=== | ||
+ | #For OS X and Linux, we recommend using [https://www.keepassx.org/ KeePassX] | ||
+ | #Instructions for using KeePass are very similar to the Windows version | ||
+ | |||
+ | ===KeePass Tips=== | ||
+ | * Save your KeePass database file (.kdb or .kdbx) to your VT Google Drive. This will allow you to sync your KeePass database between home and work computers. This of course means that you will need to memorize your VT Google password. Make sure you use a strong passphrase! | ||
+ | * There is a portable version of KeePass that can be stored and run from a USB drive: http://keepass.info/download.html | ||
+ | * Using a password manager can be a paradigm shift in thinking about passwords. Take it slowly, and any time you need to change a password, use KeePass! |
Latest revision as of 15:43, 28 April 2014
Contents |
[edit] VT Password Info
VT will expire your PID and Hokies passwords once a year.
- How to change all your VT passwords: http://computing.vt.edu/kb/entry/3924
- Creating strong passwords: http://www.awareness.security.vt.edu/passwords/strong_passwords.html
[edit] Use a passphrase instead of a password
At the most basic level, a password's strength is derived from it's length. The longer the password, the better. Passphrases tend to be easier to remember and type, while still remaining very strong and hard to crack.
For example, a passphrase of 4 words and 28 characters, "correct horse battery staple", is stronger than a password of 11 characters and high complexity, "Tr0ub4dor&3"
This XKCD comic illustrates the issue: https://xkcd.com/936/
[edit] Suggestions for creating a passphrase
- Choose some words from your favorite poem, book or movie, preferably at random.
- Use a nonsensical phrase of words, something that has meaning to you.
- Choose words at random, or using a system like Diceware
- DO NOT use common phrases, such as "An apple a day..."
- Try to limit any personal information (names, dates, addresses) in the passphrase
Type it out. Make sure it is at least 4 words long. Now, because almost all sites require AlphaNumeric + Special characters, you should capitalize one or more words and add punctuation. Be sure to include spaces.
- Example: Correct horse 4 Battery staple!
NOTE: There will be websites or applications that limit the size of the password to 16 or less characters, reducing the effectiveness of a passphrase. For these situations we recommend using a password manager to generate a unique and strong password.
[edit] Use a password manager
Password managers are programs that will protect and save your account info and passwords to your computer. These programs use a master passphrase to encrypt all of your passwords, making it easy to update and find all of your passwords.
We strongly encourage you to use a password manager to create a unique password for each web account you have.
- We recommend using Keepass as your password manager.
[edit] Using KeePass
http://keepass.info/help/base/firststeps.html
[edit] Windows
[edit] Installation and new Database
- Download Keepass Professional Edition (Version 2.X)
- Install KeePass with the default options
- Open KeePass
- Create a new KeePass database, open the File menu and select New
- Name the database and save it to your computer
- Enter a Master Password, twice.
- Again, we recommend using a "Master Passphrase" of 4 or more words with capitols, spaces and punctuation.
- Accept the default Database Settings and select OK
[edit] Adding password entries
- Now you can start creating new entries. On the left are the entry groups or folders, and on the right are the password entries.
- There are a few example groups and entries, you can safely modify or delete them as you like.
- To add a new password to the KeePass database, open the Edit menu and select Add Entry...
- Fill in the necessary fields (Title, Username), and add any notes or URL's if you desire
- We recommend using the KeePass password generator to create new passwords, or you can type in your own password
- The Generate a password icon is to the right of the second password field
[edit] Using Password Entries
- Now that you have a new password entry, you can simply right click on the entry title
- Select Copy User Name or Copy Password
- Paste the username or password into the desired password box.
[edit] OS X or Linux
- For OS X and Linux, we recommend using KeePassX
- Instructions for using KeePass are very similar to the Windows version
[edit] KeePass Tips
- Save your KeePass database file (.kdb or .kdbx) to your VT Google Drive. This will allow you to sync your KeePass database between home and work computers. This of course means that you will need to memorize your VT Google password. Make sure you use a strong passphrase!
- There is a portable version of KeePass that can be stored and run from a USB drive: http://keepass.info/download.html
- Using a password manager can be a paradigm shift in thinking about passwords. Take it slowly, and any time you need to change a password, use KeePass!