How to protect your password from brute force attacks

Hello everyone!

Data is becoming the world’s most valuable resource and the methods hackers use to steal it are more diverse and numerous than ever before: they move beyond basic brute force attacks using smarter algorithms and more powerful machines. And yet as the hacks reveal, several users still choose the ‘123456’ combination as the password.

In this tutorial we will describe how to obligate users of your ONLYOFFICE cloud to set stronger passwords, less susceptible to being cracked via brute force attacks.


Before we go ahead

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly.

Configuring the password strength settings
  1. Access the admin Settings clicking the icon at the top or using the drop-down list in the top left corner and selecting the corresponding option. Then follow Security >> Portal Access >> Password Strength Settings.
  2. Use the Minimum password length bar to determine how long the password should be. By default, it is set to 6 characters.
  3. Determine the character set to use in the password checking the appropriate boxes: capital letters, digits, special characters.


 
Click the Save button at the bottom to make the parameters take effect.

Useful Tips

Tip #1. The more characters, the stronger the password. According to the research 9-character passwords take five days to break, 10-character words take four months, 11-character passwords take 10 years. Add one more letter to increase the time up to 200 years.

Tip #2. Passwords are typically case-sensitive, so a strong password must contain letters in both uppercase and lowercase.

Tip #3. Do not add any personal information, no dictionary words.

Tip #4. Use a mix of characters to make your passwords more cryptic.

Tip #5. Do not practice common habits: 3 instead of e, 4 or @ instead of a, etc. Smarter brute force algorithms consider it.

Tip #6. Enable two-factor authentication. It will add an extra security level if you get hacked. Read here for details.

For more password security tips and tricks, read this article. To learn more about ONLYOFFICE security settings, please visit our Help Center.

Tati

Recent Posts

  • Success story

How ONLYOFFICE helps organize research workflow in the Institute of Biology of Lille

The Institute of Biology of Lille has implemented ONLYOFFICE within its research units to facilitate workflow. This use case was…

1 day ago
  • Open source
  • Partnership

FOSDEM 2020: ONLYOFFICE highlights

Shortly after CS3, we visited another event meaningful for European open-source community: FOSDEM 2020 in Brussels. Read more in this…

1 week ago
  • Events
  • Events

ONLYOFFICE at CS3 Workshop 2020: our summary

Last week, the ONLYOFFICE team went to a notable event for the global scientific community: Workshop on Cloud Services for…

2 weeks ago

Meet ONLYOFFICE at MWC Barcelona 2020

Hi everybody! We are going to wrap up our series of winter business trips with attending MWC Barcelona this February.…

2 weeks ago
  • What's new
  • What's new

ONLYOFFICE partners with CEO-Vision: the symbiosis of online editors and the digital workplace GoFast

ONLYOFFICE is proud to announce its official partnership with CEO-Vision. The agreement was signed on the margins of the Paris…

3 weeks ago
  • Integration

How to configure reverse proxy for Nextcloud and ONLYOFFICE editors

Hi everyone! Most of the ways to integrate ONLYOFFICE with Nextcloud are described in our API documentation, but some cases…

3 weeks ago

This website uses cookies. By continuing to browse the website you agree to our privacy policy.

our privacy policy