Embedded Files
If you must use a password that you need to remember and type in then use MFA (Multi-Factor-Authentication).
If you must use a password and cannot use MFA, make sure the password is at least 14 characters in length (use longer if you can) and is randomly generated. Use a password manager (with a strong master password and/or MFA). If you can't cut & paste, use a password manager with autotype functionality (e.g. KeePass).
Use ssh key exchange for unattended accounts where possible (but make sure the private keys are secure... i.e. on an unencrypted drive behind a login with a weak password is NOT secure. Use passphrases to compensate but, really, keep them secure.)
Avoid use of password hints. If you have to use them (because an app forces you to), be mindful of how the information could be used to make hacking your password easier.
If you must use a human memorable password and cannot use MFA or a password manager, use Diceware (or similar). i.e. a reliably uniform random process.
The oft-cited XKCD scheme for generating passwords — string together individual words like “correcthorsebatterystaple” — is no longer good advice. - Bruce Schneier
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
there is one thing about how the comic has been interpreted that does worry me. It is clear to me and people who already understood the scheme that the words must be chosen through a reliably uniform random process. Picking words "at random" out of your head is not a reliably uniform process. - Jeffrey Goldberg
https://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice
https://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice/62881#62881
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
there is one thing about how the comic has been interpreted that does worry me. It is clear to me and people who already understood the scheme that the words must be chosen through a reliably uniform random process. Picking words "at random" out of your head is not a reliably uniform process. - Jeffrey Goldberg
https://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice
https://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice/62881#62881
When it comes to composition and length, your password (mostly) doesn’t matter.
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984
SCRAM vs MD5
SCRAM vs MD5
SCRAM = Salted Challenge Response Authentication Mechanism
MD5 is no longer considered secure.
Which one am I using?
Which one am I using?
Bibliography
Bibliography
https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanismhttps://info.knowbe4.com/wp-password-policy-should-behttps://www.cisecurity.org/insights/blog/cis-password-policy-guide-passphrases-monitoring-and-more
usernameshttps://security.stackexchange.com/questions/184344/why-use-usernames-and-not-just-email-addresses-to-identify-users/184347 https://security.stackexchange.com/questions/57762/log-in-with-email-is-more-secure-than-a-username/142717 https://stackoverflow.com/questions/1303575/what-are-the-pros-and-cons-of-using-an-email-as-a-username https://www.rfc-editor.org/info/rfc8265
passwordshttps://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984https://www.microsoft.com/en-us/research/publication/password-guidance/https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdfhttps://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/tr-2007-64.pdf (Do Strong Web Passwords Accomplish Anything?)https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.htmlhttps://www.tomsguide.com/us/hacker-tool-keepass,news-21782.htmlhttps://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advicehttps://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice/62881#62881
usernameshttps://security.stackexchange.com/questions/184344/why-use-usernames-and-not-just-email-addresses-to-identify-users/184347 https://security.stackexchange.com/questions/57762/log-in-with-email-is-more-secure-than-a-username/142717 https://stackoverflow.com/questions/1303575/what-are-the-pros-and-cons-of-using-an-email-as-a-username https://www.rfc-editor.org/info/rfc8265
passwordshttps://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984https://www.microsoft.com/en-us/research/publication/password-guidance/https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdfhttps://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/tr-2007-64.pdf (Do Strong Web Passwords Accomplish Anything?)https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.htmlhttps://www.tomsguide.com/us/hacker-tool-keepass,news-21782.htmlhttps://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advicehttps://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice/62881#62881
Page updated
Google Sites
Report abuse