Choosing a strong password

Dunmail -

This article will help you understand how to choose strong passwords to use with Black Pear apps.

Background

eSP requires you to authenticate using your identity (email address) and a strong password. This article provides background

We don't enforce a requirement for a specific number of characters of a specific case, numbers, other characters etc. Unfortunately, users tend to choose passwords that are easy to remember but still satisfy the rules (e.g. P@55word).

xkcd sums it up perfectly:

Choosing a password

You must choose a password with sufficient length and uniqueness to make it pass our strength test. Password strength is checked using Dropbox's zxcvbn library and only passwords that are estimated to take more than 10^10 attempts to guess are allowed.

If you want to test your passwords you can use the online tool.

There are some further strategies to help choose and remember your password.

Memorable phrase
One option is to use a memorable phrase, with each word having a capital letter (e.g. ColonelMustardDidIt ). Don't use any phrase that would be easily discoverable (such as our example !).

Password manager

You may have tens or even hundreds of systems for which you need to remember the credentials. It is difficult to memorise unique passwords for each system and therefore it is tempting to reuse passwords. Unfortunately, reusing passwords means that if one is compromised, all the other accounts where it is use can now be accessed!

To help manage this, you can use password manager software  (e.g. 1Password, mSecure) to generate strong passwords and securely store them, making them available to you when you need them.

 

References

  • https://xkcd.com/936/
  • https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk