diff options
| author | Ben Burwell <ben@benburwell.com> | 2019-06-01 21:01:42 -0400 |
|---|---|---|
| committer | Ben Burwell <ben@benburwell.com> | 2019-06-01 21:01:42 -0400 |
| commit | 9238db636f807a6576eb0ef91cfdce52b105aeaa (patch) | |
| tree | a203c588832500dcb601475009d513dbb76c9c9e /index.html | |
| parent | 73c909092c7a5f569544b19bca8d200b55892d85 (diff) | |
Don't publish extraneous files
Diffstat (limited to 'index.html')
| -rw-r--r-- | index.html | 222 |
1 files changed, 0 insertions, 222 deletions
diff --git a/index.html b/index.html deleted file mode 100644 index d1b2b8b..0000000 --- a/index.html +++ /dev/null @@ -1,222 +0,0 @@ -<!doctype html> -<html lang="en"> - <head> - <title>How to Choose a Password</title> - <meta charset="UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - <link rel="stylesheet" type="text/css" href="/site.css"> - </head> - <body> - <main> - <h1>How to Choose a Password</h1> - - <aside> - <p> - <strong> - the short version: - </strong> - Use <a href="#generate">randomly generated</a> passwords and use a - <a href="#store">password manager</a> to store them. - </p> - </aside> - - <h2> - <a name="why"> - Why strong passwords are important - </a> - </h2> - - <p> - When choosing a password, it’s important to make sure that no one can - guess it — that’s the whole point, right? - </p> - - <p> - If we want to make sure no one can guess our passwords, we need to - think about what <strong>adversaries</strong> might be trying to guess - them and how they might do it. This is part of a process called - <strong>threat modeling</strong>. Some adversaries we can think about - are: - </p> - - <ul> - <li> - <strong>People who know us.</strong> Our friends know a lot about us, - like our birthday, our pets’ names, our favorite songs, and other - personal information. Even if we’re not worried about friends - guessing our passwords, an adversary might easily find these details - on the Internet, so we shouldn’t use any of these things in our - passwords. - </li> - <li> - <strong>People who know a password we’ve used in the past.</strong> - Unfortunately, it’s not unusual for passwords to be discovered by - adversaries. This might happen if a website or app we use is - compromised, or if a computer we type our password on has been - infected with malware. This means it’s a bad idea to create a new - password by making a variation of another one. - </li> - <li> - <strong>People who know a lot of common passwords.</strong> Some - adversaries have compiled “password dictionaries” containing - thousands of commonly used passwords. Even if an adversary is not - specifically trying to find <em>our</em> password, they might use - lists like this to discover our password if it is one of the common - ones. - </li> - </ul> - - <p> - <strong> - The way to make sure that no one can guess our passwords is to make - them completely random. - </strong> - When our passwords are randomly generated, they don’t have any - information related to us that friends might be able to guess. If an - adversary learns one of our passwords, they will be no closer to - guessing any of our other passwords. And of course, randomly generated - passwords are very unlikely to be listed in password dictionaries. - </p> - - <h2> - <a name="generate"> - How to generate a random password - </a> - </h2> - - <p> - Being truly random is something that people are very bad at. Even when - we <em>think</em> we are being random, there are often patterns - associated with the “random” things we come up with. - </p> - - <p> - When we want to create good, random passwords, one thing we can use is - software (such as our password manager, more on this below) to help us. - </p> - - <p> - Another method is to use a word list and dice to create a random - passphrase. The - <a href="https://www.eff.org">Electronic Frontier Foundation</a>, - a digital privacy advocacy group, has created - <a href="https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt"> - a wordlist you can download - </a> - for this purpose. To use this method, you’ll need five dice (or you can - roll a single die five times). Here’s how: - </p> - - <ol> - <li> - Roll five dice (or one die five times) and read the number from each - so that you have five digits, for example: 1, 6, 3, 5, 2. - </li> - <li> - Look at - <a href="https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt"> - the wordlist - </a> - to find the word next to the number you rolled. - In this case, we find the line <code>16352 comfort</code>, so our - word word is <strong>comfort</strong>. - </li> - <li> - Repeat the first two steps until you have at least six words. You - will end up with a random phrase like - <strong>comfort tableful booth tulip dandelion stable</strong> - which is your new random passphrase. - </li> - <li> - Make up a little story to help remember the passphrase. For example: - “The diner had a <strong>comfort</strong>able - <strong>tableful</strong> in the <strong>booth</strong> with - <strong>tulip</strong>s and <strong>dandelion</strong>s in a - <strong>stable</strong> vase.” - </li> - </ol> - - <p> - If an adversary wanted to guess our passphrase, even if they had our - wordlist and knew exactly how we created it, they would need to - correctly guess 30 random die rolls in the right order. The probability - of this is 1 in 221,073,919,720,733,357,899,776. It is - <em>extremely</em> unlikely they would be successful, as it would take - three billion years of making a million guesses every second before - they would be likely to succeed. - </p> - - <h2> - <a name="store"> - How to remember your passwords - </a> - </h2> - - <p> - It’s also important not to use the same password twice. Imagine if we - generate a completely random password and use it for our email account, - and we also use it for a social media site. If an adversary learns our - email address and password for the social media site, they could easily - try that same password on our email account, and since we used the same - random password, they would succeed easily. This is why you should only - use each password for a single site. - </p> - - <p> - When there are a lot of different things we need passwords for, it - quickly becomes hard to remember all of them. Luckily, we can use a - <strong>password manager</strong> to help us out. Password managers are - software programs that help us securely store our passwords. - </p> - - <p> - Imagine writing down all of our passwords on a sheet of paper, and then - scrambling them all up according to a secret pattern. Even though - someone might look at the paper, they won’t be able to figure out any - of our passwords without knowing the secret pattern we used to scramble - them. Password managers use a similar idea; they use a - <strong>master passphrase</strong> to encrypt the list of all of our - passwords. The master passphrase is like the scrambling pattern: an - adversary can access the list of all our passwords if and only if they - discover the master passphrase. - </p> - - <p> - It’s very important to use a long, randomly generated master passphrase - because all of our passwords are only as good as our master passphrase. - When we use a password manager, we only need to remember our passphrase - to unlock our list of passwords. The password manager stores all of our - other passwords for us. - </p> - - <p> - Another benefit to using a password manager is that they help us - generate new passwords when we need them. Rather than rolling dice - every time we sign up for a new account, we can let your password - manager come up with completely random password for us. Since our - password manager also stores the new password for us, we never even - need to know what it is! We can just copy and paste it when we need to - log in. - </p> - - <p> - There are several password managers available. You should do some - research to find one that will work for you. Here are a few suggestions - to start with: - </p> - - <ul> - <li><a href="https://keepass.info/">KeePass</a></li> - <li><a href="https://1password.com/">1Password</a></li> - <li><a href="https://www.passwordstore.org/">pass</a></li> - </ul> - - <footer> - The content of this site is <a href="http://unlicense.org">in the public domain</a>. - <a href="https://github.com/benburwell/howtochooseapassword.com"> - Contributions are welcomed - </a>. - </footer> - </main> - </body> -</html> |