Different operations require different security layers. Accessing your email account, your social media, your bank account, and a remote server that you administer through SSH all need different security layers, and contain data which hold different “weight”. But, in order to accessing all these operations, you will always require the same thing: a password.
We all know that a strong password is what you really need in order to be protected from attacks, and, of course, we all know that it’s better to use different passwords for different services.
A very unwise decision (and common mistake) would be using your server password to access Facebook. This decision could cause you lots of trouble.
So how can we easily manage the task of creating strong passwords?
In this tutorial, we will talk about how to generate and check your passwords.
Generate a strong password
A strong password should be composed of a mix of alphabet characters, numbers, and symbols.
A second requirement is to not use known words, birth dates or names, because you would be vulnerable to dictionary attacks.
Another important question to ask: how many characters should a password contain? There is actually no concrete answer, but having more than 16 characters is a great choice.
So, if your system has OpenSSL or GPG, you can use those tools to accomplish the generation task.
For example, with the following command we can generate with GPG:
$ gpg --gen-random --armor 1 32
In my case, just now, the result was: 6lS7cgCyT9vkCZIDQIXcgbXk7bkoVZqdZ0U4HZ4RJw8=
Similarly, with OpenSSL:
$ openssl rand -base64 32
and the output is: CrUk9dNutlsCErYv5U19ZWP0Pe9GwQgwdDgUNEapXjk=
As you can see, it’s incredibly efficient and also very easy!
Note: Do NOT use the previous passwords! These are just examples.
Checking if your password is strong
Now that we have a password, it’s time to find out if it passes the test: is your password strong enough? Even if someone uses a brute-force attack?
In order to determine of the password is strong enough, we’re going to use cracklib.
Install cracklib on a Linux
To install cracklib on RHEL/Fedora/CentOS, just use yum:
# yum install cracklib
Type the following command to install on Debian/Ubuntu-based systems:
# apt-get install libcrack2
So, now we will use cracklib-check command.
First, we test a simple password:
$ echo "123abcd" | cracklib-check
If you do this, you’ll get: abcd1234: it is too simplistic/systematic
And if you use a normal word?:
$ echo "admin" | cracklib-check
Of course, these results are not surprising. Use an everyday English word, and a dictionary based attack would be successful in no time at all.
So, it’s time to check if it was a good idea to generate two passwords! In this case, we will use a different way of writing the command, so the passwords will not be stored in shell history:
Then, paste: CrUk9dNutlsCErYv5U19ZWP0Pe9GwQgwdDgUNEapXjk=
You will read: CrUk9dNutlsCErYv5U19ZWP0Pe9GwQgwdDgUNEapXjk=: OK
So, that’s all! In this tutorial we have seen how easy it can be to generate and verify a password, but don’t forget to generate a different password for each service! Unfortunately, this leaves you with an assortment of random passwords… how do you remember them all?
Of course, there is software written for this task. A good password manager is what you will need! Happy hunting!