The Russians called the main mistake when creating passwords

One of the main mistakes in the field of data protection that Russians make is creating the same passwords for the Gosuslugi service, an account in an online bank and e-mail, said Vladimir Ulyanov, an information security expert, head of the Zecurion analytical center. The specialist told Lente.ru about how to create, store and check passwords correctly.

Create a password

“The longer the password, the harder it is to crack. Therefore, it is classically believed that it should be from 12 characters with upper and lower case, it should contain not only letters of the Latin alphabet, but also special characters, numbers. Then it will already be a good password that will be difficult to crack,” the expert said.

“When it comes to complex passwords, to make your life easier, there is such a thing as passphrases. This is not just a random combination, but some phrase that a person has in his memory, ”he explained.

It should be some kind of association, for example, with a line from a song, a literary work. On the other hand, you should not use lines that are too popular, since most likely they are in password dictionaries.

Password storage

The expert advised not to record passwords on digital media because of the risk of data leakage, while he called it acceptable to write down passwords on paper. The use of a password manager, according to him, will be justified only in cases when it comes to accounts that are not critical for the user to be hacked.

“There is a password manager, a good, convenient thing, but it carries additional risks: an attacker can get a master password, that is, access to all passwords. (…) There may also be a vulnerability in the password manager itself. It is reasonable to store keys from not too critical accounts in the password manager, ”explained the interlocutor of Lenta.ru.

One of the main mistakes, according to him, is the use of the same password in the aforementioned services.

“The same password can be used for secondary accounts: for example, in a newsreader service or a loyalty program of some store. Even if someone hacks such accounts, it will not cause much damage to the user. The risk of using one password for several accounts is that if an attacker knows it, then he can gain access to several accounts at once,” Ulyanov added.

Password validation in databases

The expert said that there are special databases with passwords leaked to the network, but he recommended avoiding such services.

“I do not recommend using databases to check leaked passwords. There is a risk of running into a fraudulent service. It is difficult for the average user to find such a service. It is quite possible that an attacker will slip him a service that will not check, but update this data. (…) This may carry additional risks,” the expert specified.

The most correct alternative to checking passwords in databases, Ulyanov noted, would be to change passwords regularly at a frequency that is comfortable for the user.

“Moreover, I recommend changing them periodically. As for the frequency, it depends on the person. I do not recommend changing very often, because it will be inconvenient, and passwords will be forgotten. It is permissible to change it once a year, but for someone it will be normal more often, especially when it comes to specialized services, ”concluded the expert.

Earlier, the official representative of the Ministry of Internal Affairs of Russia, Irina Volk, told Lente.ru that in Ufa, St. Petersburg police detained a hacker from St. Petersburg, who stole data from accounts on the Gosuslug portal from 130 Russians.