13:[["$","$L135",null,{"props":{"lessonContent":{"components":[{"type":"MarkdownEditor","mode":"edit","content":{"version":"2.0","text":"$136","mdHtml":"

Passwords are meant to be secrets shared between a user and the server they’re authenticating to. If attackers can predict those passwords, they can bypass this defense. Here are a couple of steps we can take to keep it difficult for an attacker to predict a password.

Never use default passwords

We covered this back in Default Passwords, but it’s worth mentioning again. Never use default passwords.

Monitor password dumps for

...","comp_id":"639ec42b-18db-4026-aad2-94e743d3b410","cursorPosition":{"line":0,"ch":0}},"hash":"1","iteration":1,"saveVersion":1}],"summary":{"description":"Creating safe passwords is vital. Let's see some techniques on how that can be done."},"content":[{"type":"MarkdownEditor","mode":"edit","content":{"version":"2.0","text":"$137","mdHtml":"

Never use default passwords

We covered this back in Default Passwords, but it’s worth mentioning again. Never use default passwords.

Monitor password dumps for password reuse

It’s ...

","comp_id":"639ec42b-18db-4026-aad2-94e743d3b410","cursorPosition":{"line":0,"ch":0}},"hash":"1","iteration":1,"saveVersion":1}],"darkModeContent":[{"type":"MarkdownEditor","mode":"edit","content":{"version":"2.0","text":"$138","mdHtml":"

Never use default passwords

We covered this back in Default Passwords, but it’s worth mentioning again. Never use default passwords.

Monitor

...","comp_id":"639ec42b-18db-4026-aad2-94e743d3b410","cursorPosition":{"line":0,"ch":0}},"hash":"1","iteration":1,"saveVersion":1}]},"isPreviewLesson":false,"pageType":"collection_lesson","aiCoachVideoUrl":"https://youtu.be/kgl8y9J3O6c","collectionDetailsSSR":{"title":"Practical Security: Simple Practices for Defending Your Systems","summary":"It seems like hardly a week goes by without a high-profile computer breach. Why do these happen? How can you prevent them? This course doesn’t have all the answers, but it does outline practices that make life harder for attackers and that will help tide you over until you get a full-time security team in place.\n\nIn this course, you will learn 5 simple, yet effective, techniques for preventing attackers from getting into your system. These techniques are related to: patching, software vulnerabilities, cryptography, windows security, and phishing. Within each chapter you will learn the best practices for preventing vulnerabilities and how to make them more detectable. \n\nThis course is based on the Pragmatic Programmers’ book, Practical Security, and is aimed at developers, admins, team leads, architects, technology generalists, and all others who stand guard against the things that disrupt the network.","details":"","clos":[],"arabic_available":false,"page_tags":{"4621780376354816":"","6116734609129472":"","5678360450564096":"","6613410197274624":"","5753199987261440":"","4797090539503616":"","4989857999880192":"","6492289636499456":"","4659508577042432":"","5229524422754304":"","6083952398827520":"","6275129194577920":"","6467868452454400":"","6442000736845824":"","5500484178673664":"","6186521586565120":"","6419780119560192":"","6622128729227264":"","5248131261267968":"","4729665928298496":"","5274130610913280":"","4666981149048832":"","6050532050337792":"","5855353435586560":"","5650352364847104":"","6280758017654784":"","4539627718311936":"","6029155259908096":"","6003537524817920":"","5235973853020160":"","4844747429511168":"","6092704468434944":"","6400358076121088":"","5534070755819520":"","5516949623668736":"","5817676522848256":"","5412125427105792":"","5604204300206080":"","5477685032648704":"","6493595658878976":"","6275812144709632":"","5006560725041152":"","4598068868546560":"","5970779943469056":"","6380626476269568":"","4700031660589056":"","4788279078551552":"","6165522015059968":"","5435304224751616":"","6365725540220928":"","5596177190879232":"","5238637890371584":"","5211296581550080":"","6639479860232192":"","5080094054809600":"","6744032299450368":"","6170492365963264":"","5985456584916992":"","5822584512839680":"","5579751356891136":"","5671822033944576":"","6025460329742336":"","4736900129619968":"","5013091759685632":"","5318997785444352":""},"collection_toc_is_enabled":true,"page_count":null,"docker":{"container":{"buildLogUrl":"https://www.educative.io/api/author/10370001/collection/5903468494585856/containers/6670810656800768/build/log","buildStatusUrl":"https://www.educative.io/api/author/10370001/collection/5903468494585856/containers/6670810656800768/build/status","tarballDownloadUrl":"https://www.educative.io/api/author/10370001/collection/5903468494585856/containers/6670810656800768/download","id":-1,"imageName":"author-10370001-collection-5903468494585856-rev-11-container-6670810656800768-docker","file":{"name":"docker.tar.gz","size":5938},"rebuildImageUrl":"https://www.educative.io/api/author/10370001/collection/5903468494585856/containers/6670810656800768/rebuild","buildStatus":"SUCCESS","metadata":{"sizeInBytes":5938},"track":false},"envs":[],"jobs":[{"runInLiveContainer":false,"name":"network-commands","startScript":"","inputFileName":"main.sh","key":"b3ec9adc-43c4-40ab-8c1f-f4cb26b525bc","runScript":"sh main.sh","buildScript":"","ports":""},{"runInLiveContainer":false,"name":"pip","startScript":"","inputFileName":"main.py","key":"5ebbba31-ac53-4fd9-9c0e-0647278a2580","runScript":"python3 main.py","buildScript":"","ports":""},{"runInLiveContainer":true,"name":"node","startScript":"npm start --prefix /usr/src/app","inputFileName":"foo","key":"78643afe-b0ce-43ed-83b9-c774b81800c5","runScript":"cp /usercode/* /usr/src/app","buildScript":"","ports":"7888"}],"testRunners":[],"version":3,"loaded":true},"discounted_price":39,"cover_image_id":4771204683530240,"cover_image_metadata":"\"{\\\"width\\\":1024,\\\"height\\\":512,\\\"sizeInBytes\\\":21273,\\\"name\\\":\\\"Cover.png\\\"}\"","cover_image_serving_url":"/v2api/collection/10370001/5903468494585856/image/4771204683530240","tags":["Security","Phishing","XSS","SQL Injection","XSRF"],"intro_video_url":"","intro_video_thumbnail_url":"","aggregated_widget_stats":{"MxGraphWidget":7,"Code":12,"RunJS":0,"codeSnippetCount":54,"illustrations":13,"MarkdownEditor":147,"TabbedCode":13,"codeRunnableCount":20,"Quiz":40,"WebpackBin":1,"codeExerciseCount":0,"projects":0,"assessments":0,"cloudlabs":0},"default_themes":{"code_themes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}}},"api_keys":{"api_keys":[]},"skills":[],"testimonials":[],"licensing":null,"target_audience":"intermediate","author_id":"10370001","collection_id":"5903468494585856","approval_status":3005,"price":59,"is_private":false,"path_type":"regular","organization_id":null,"is_mini":false,"is_priced":true,"brief_summary":"Learn about security techniques, e.g., patching, cryptography, and phishing prevention. Explore practices to make systems resistant to defend against attacks.","approval_update_time":"2020-05-25T21:54:49.872Z","rating_visibility":true,"update_last_published_on_homepage":true,"show_developed_by":true,"udata_files":[],"CodeThemes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"collection_type":"collection","adaptive_learning_mode":false,"HLOs_to_toc":{},"is_guide":false,"read_time":32400,"allow_logged_out_executions":false,"unique_live_widget_urls":false,"metadata_status":101,"palified_version":null},"pageSummarySSR":{"title":"Keeping Passwords Hard to Predict","description":"Creating safe passwords is vital. Let's see some techniques on how that can be done.","discourse_page_url":"https://discuss.educative.io/tag/keeping-passwords-hard-to-predict__cryptography__practical-security-simple-practices-for-defending-your-systems?open=true&ctag=practical-security-simple-practices-for-defending-your-systems__the-pragmatic-programmers&cslug=practical-security-defending-your-systems&pslug=keeping-passwords-hard-to-predict"},"adaptiveLearningConfigConstantSSR":0,"enableLessonPageLockedBannerV2":true,"allowAllLessonPreview":false,"lockedBannerStatsSSR":{"b2cTrialStats":{"is_b2c_trial_active":true,"b2c_trial_active_duration":21,"b2c_trial_categories":"$139"},"b2cStatus":100,"learnerTags":"$13a","workStats":1600,"interviewWorksStats":93,"inL2cStarterPack":false,"l2cWorkStats":46,"enableL2cStarterPackPaymentWidget":"false"},"pageTocSSR":"*\n * [Never use default passwords](#never-use-default-passwords)\n * [Monitor password dumps for password reuse](#monitor-password-dumps-for-password-reuse)\n * [Prevent password reuse via password strength requirements](#prevent-password-reuse-via-password-strength-requirements)\n","authorId":"10370001","collectionId":"5903468494585856","pageId":"6380626476269568","isCollectionPageLockedCachingEnabled":true,"aceFeatureFlags":{"enableAceEditor":true,"enableAceEditorForAnswers":true},"codeFeatureFlags":{"enableCodeCodeTabRedesign":"3"},"meta":{"type":["Article","TechArticle"],"title":"Keeping Passwords Hard to Predict","name":"Practical Security: Simple Practices for Defending Your Systems","description":"Creating safe passwords is vital. Let's see some techniques on how that can be done.","image":"https://educative.io/api/collection/10370001/5903468494585856/image/4771204683530240.png","isAccessibleForFree":false,"keywords":"$13a","provider":"Educative","publisher":"Educative","id":"courses/practical-security-defending-your-systems/keeping-passwords-hard-to-predict","author":"Educative","educationalLevel":"intermediate","noIndex":true,"isForcedNoIndex":true,"noFollow":false,"redirectInfo":{"isDeletedCollectionPageRedirectable":false},"page_titles":{"6613410197274624":"Upgrading Third-Party Libraries and Software","6116734609129472":"Some Key Principles","5678360450564096":"TLS Configuration","4621780376354816":"Library Inventory","5753199987261440":"Introduction","4797090539503616":"Social Defense","4989857999880192":"Introduction to Cross-Site Scripting (XSS)","6492289636499456":"Extending the Defense Beyond Prepared Statements","4659508577042432":"HTML Encoding","5229524422754304":"Active Directory: What Else Is It Good For?","6083952398827520":"Additional Defenses as a Mitigation Against Future Mistakes","6275129194577920":"OpenVAS","6467868452454400":"Introduction","6442000736845824":"Dependency Management: Python","5500484178673664":"Network Inventory","6186521586565120":"Solution Review: Write a Generalized Query","6419780119560192":"Storing Passwords When You’re the Client","6622128729227264":"Nmap","5248131261267968":"Challenge: Select The Journal","4729665928298496":"Finding Published Vulnerabilities","5274130610913280":"Introduction","4666981149048832":"What’s Next?","6493595658878976":"Password Storage","5671822033944576":"How SQL Injection Works","5855353435586560":"A Closer Look at Patching","5650352364847104":"Testing Your Patches","6280758017654784":"ECB Malleability","4539627718311936":"CBC Is Still Malleable","6029155259908096":"Patching Windows","6003537524817920":"Who Is This Course For?","5235973853020160":"Automating Vulnerability Detection","4844747429511168":"Wrapping up!","6092704468434944":"Types of Phishing Attacks","6400358076121088":"Solution Review: Select The Journal","5534070755819520":"Introduction","5516949623668736":"Authentication-Based Defense","5817676522848256":"Don’t Use Low-Level Crypto Libraries","5412125427105792":"Challenge: Write a Generalized Query","5604204300206080":"More SQL Commands","5477685032648704":"DNS-Based Defense: DMARC","6050532050337792":"Jenkins & Public-Facing Servers","6275812144709632":"More Techniques for Password Storage","5006560725041152":"DNS-Based Defense SPF","4598068868546560":"Don’t Roll Your Own Crypto","5318997785444352":"Login and Mimikatz","5970779943469056":"XSRF Prevention with SameSite","6380626476269568":"Keeping Passwords Hard to Predict","4700031660589056":"DNS-Based Defense: DKIM","4788279078551552":"Default Passwords & Credentials","6165522015059968":"What’s Next?","5435304224751616":"Security When the Enemy Knows the System","6365725540220928":"Misconfiguration","5596177190879232":"Password Policy","5238637890371584":"Introduction to SQL","5211296581550080":"BitLocker","6639479860232192":"Putting It All Together for a Robust Defense","5080094054809600":"If Patching Hurts, Do It More Often","6744032299450368":"Evaluating Crypto Libraries Without Being a Crypto Expert","6170492365963264":"What’s Next?","5985456584916992":"Introduction to Cross-Site Request Forgery (XSRF)","5579751356891136":"Defenses against XSS","5822584512839680":"Dependency Management: JavaScript","6025460329742336":"Introduction","5013091759685632":"Minimizing the Cost of Credential Loss","4736900129619968":"What’s in This Course?"},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"deleted_course_lesson_redirect":{"author_id":null,"collection_id":null,"page_id":null,"redirect_url_slug":null},"metadata_status":101,"additional_course_alternatives":[]},"requestUrl":"/courses/practical-security-defending-your-systems/keeping-passwords-hard-to-predict","requestUrlInfo":{"authorId":10370001,"collectionId":5903468494585856,"pageId":6380626476269568,"courseUrlSlug":"practical-security-defending-your-systems","pageUrlSlug":"keeping-passwords-hard-to-predict"},"isExternalContent":false}}],[["$","script",null,{"id":"generate-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$13b"}}],false,"$undefined"]]

1.Introduction

2.Patching

3.Vulnerabilities

4.Cryptography

5.Windows

6.Phishing

Keeping Passwords Hard to Predict

Never use default passwords

Monitor password dumps for password reuse