Skip main navigation

Other Considerations

In this video, you will learn about password security best practices. Watch Zanidd explain the four rules crucial for keeping your password safe.
6.3
Hello world, I’m Zanidd, and welcome to the Hands On Password Cracking and Security course on code red. In this section, we are covering the remedies for the attacks demonstrated in the course, and we will later take a look at password managers. In this lesson, I’m showing you general best practise do’s and don’ts to prevent your password from getting stolen. First off, some basic rules - these should be pretty straightforward and easy to follow, and I think most of you are already doing them. So first off, never store your passwords in plaintext. If you’re a user, do not store passwords in an Excel or a text file in plain text and then even name it passwords.
52.3
And if you’re a developer, make sure to only save the hash of the passwords, never the actual password. Of course, this ties nicely with the next one, which is to not store or write the passwords on visible areas. Never write your passwords down in the first place, and especially not on Post-Its, which you will hide under your keyboard or even attach to the bottom of the computer monitor. Now to some additional rules - if you watched my last couple of lessons, it should be clear by now that you should use a strong and unique password for everything that you use. You should never have the same password on multiple services, computers, or the other devices.
98.9
I know that can be overwhelming. But luckily, there is a great tool that can help you manage your passwords for each service. A password manager. We’ll take a closer look at password managers in the next lesson. Basically, all you need to remember for a password manager is one master password, which should, of course, be random and secure and strong. So, how do we create a random and secure password that we actually can remember? Let me show. To create a random and strong password, all you need to do is come up with a sentence that has special characters and numbers in it. Let me show you an example for it. I’m a software engineer, so I must make six figures.
149.5
Now let’s take a look at this. These contain special characters like the comma, the single quote, the period. It contains a number. And you can even sprinkle it with more numbers if you turn some words to leetspeak. Let’s see what that would look like. “I’m a software 3ngineer, so I must make 6 figures.” And this time, I wrote engineer with the 3 instead of an E. Okay, now we have an additional number, but this password is too long to type. And this is where the next step comes in, since this is not our actual password. Take the first letter of each word. Every number and punctuation, and highlight it. Then remove the rest.
196
And you already have a pretty random and safe password: I’as3slmm6f.
208.1
I think I forgot a comma there, but this is safe enough as it is now. And so you can see it contains numbers, special characters, is long and random, but most importantly, you can remember it easily with the sentence from before. “I’m a software engineer, so I must make six figures.” Just make sure to make a memorable sentence. Now we can use a secure password created in that manner for our master password in a password manager. But how do they work, and what even are they? Let me show you in the next lesson.

In this video, you will learn about password security best practices.

The following four rules are crucial for keeping your password safe.

  1. Don’t store your password in plaintext
  2. Don’t store your password on a post-it or piece of paper
  3. Use a strong and unique password every time
  4. Use a password manager

Steps on how to create a strong password are also demonstrated in the video.

Have your say: Given what you have learned about password security best practices, what practices will you start or continue implementing to defend against password attacks? Share your thoughts with fellow learners in the Comments below.

This article is from the free online

Advanced Cyber Security Training: Hands-On Password Attacks

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education