Data is becoming the world’s most valuable resource and the methods hackers use to steal it are more diverse and numerous than ever before: they move beyond basic brute force attacks using smarter algorithms and more powerful machines. And yet as the hacks reveal, several users still choose the ‘123456’ combination as the password.
In this tutorial we will describe how to obligate users of your ONLYOFFICE cloud to set stronger passwords, less susceptible to being cracked via brute force attacks.
Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.
Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly.
- Access the admin Settings clicking the icon at the top or using the drop-down list in the top left corner and selecting the corresponding option. Then follow Security >> Portal Access >> Password Strength Settings.
- Use the Minimum password length bar to determine how long the password should be. By default, it is set to 6 characters.
- Determine the character set to use in the password checking the appropriate boxes: capital letters, digits, special characters.
Tip #1. The more characters, the stronger the password. According to the research 9-character passwords take five days to break, 10-character words take four months, 11-character passwords take 10 years. Add one more letter to increase the time up to 200 years.
Tip #2. Passwords are typically case-sensitive, so a strong password must contain letters in both uppercase and lowercase.
Tip #3. Do not add any personal information, no dictionary words.
Tip #4. Use a mix of characters to make your passwords more cryptic.
Tip #5. Do not practice common habits: 3 instead of e, 4 or @ instead of a, etc. Smarter brute force algorithms consider it.
Tip #6. Enable two-factor authentication. It will add an extra security level if you get hacked. Read here for details.