Trivial passwords are easy to violate

You know, times are hard, today, with regard to the privacy and security online. We're getting spied on, more and more attacked by hackers, so the Internet appears as a veritable battlefield and without the right weapons you are likely to lose the war.
But, for our part, are we really sure to do everything we can to make less gory the enemies attacks?
Now, out of the warmongering metaphor, let's see first of all what are the types of attacks that hackers may implement against our data and accounts and then we will be able build a powerful and effective weapon to defend ourself against potential attacks: the password (seems like a trivial thing, but...).

1. Which type of attack can compromise the security of an account

1.1. Brute-force cracking
The term "brute-force cracking" is used to refer to the cracking of a password by testing all possible passwords.
More about Brute-force attack:
en.wikipedia.org/wiki/Brute-fo…
www.computerhope.com/jargon/b/…

1.2. Dictionary attack
Brute force cracking tools may require hours, or even days, of calculation even with machines equipped with powerful processors. An alternative to this solution is to carry out a "dictionary attack". In reality, users usually choose passwords that mean something. With this type of attack, such a password can be cracked in just a few minutes.
More about Dictionary attack:
en.wikipedia.org/wiki/Dictiona…
www.techopedia.com/definition/…

1.3. Hybrid attack
The attack called "hybrid attack", specifically targets passwords made of a traditional word followed or preceded by a letter or a number (such as "marshal6"). It combines brute force cracking with the dictionary attack.
Basically, the hybrid attack is just a Combinator attack. One side is simply a dictionary, the other is the result of a Brute-Force attack. In other words, the full Brute-Force keyspace is either appended or prepended to each of the words from the dictionary. That's why it's called “hybrid”.

There are also methods that make it possible for a hacker to obtain user passwords.
They are:

1.4. Phishing
en.wikipedia.org/wiki/Phishing
www.antiphishing.org/
Phishing sites may look authentic because they tend to use images that include the copyright of legitimate sites.
So, before you click on the link of one of these sites, it can be useful to check if the site contains malware. To do this you can use a service for detecting and analyzing web-based malware, as urlquery.net/
_{There are many others services like this, just type "service for detecting and analyzing web-based malware" in Google search.}

1.5. Keyloggers
www.oxforddictionaries.com/def…
www.deviantart.com/users/oSutg…
en.wikipedia.org/wiki/Keystrok…
www.symantec.com/connect/artic…

1.6. Social engineering
en.wikipedia.org/wiki/Social_e…
searchsecurity.techtarget.com/…

1.7. Spying
It is the oldest method used. In this case a pirate simply has to observe the papers around the user's screen or under his keyboard to obtain the password. Also, if the pirate is someone in the victim's circle, he can just glance over that person's shoulder when the password is being entered to see it or guess it.

2. How should be a secure password

It is clear that the longer a password is, the harder it is to crack. Moreover, a password made solely of numbers will be much easier to crack than a password that contains letters:
A password with 4 numbers corresponds to 10,000 possibilities (10⁴).
A computer equipped with a modest configuration is capable of cracking it in just a few minutes.
A password with 4 letters corresponds to 456,972 possibilities (26⁴).
A password that combines numbers and letters, or one that also uses uppercase letters and special characters, will be even harder to crack.
_{Passwords to avoid!:
    your login
    your last name
    your first name or that of a loved one (spouse, child, etc.);
    a word from the dictionary;
    a word written backwards (password cracking tools account for this possibility);
    a word followed by a number, the current year or a year of birth (for example "password1999").}

2.1. Password policies
A minimum password Slength: at least 8 characters, preferably 12 or 16.
The presence of special characters,as, for example: @=^#[£$
A change of case: lowercase and uppercase letters.

2.2. Secure Passwords Generator
There are many applications that can be used to create secure passwords. Below I list a few passwords generators, but there are so many more.
identitysafe.norton.com/passwo…
www.random.org/passwords/
passwordsgenerator.net/
www.techzoom.net/tools/passwor…
www.safepasswd.com/
Who, as I do, uses a Linux operating system like Debian or Ubuntu (and derivatives) can easily create strong passwords with the command pwgen (make sure that the command pwgen is installed).
_{For example, the command
pwgen 12 3 -s -y
generates 3 ​​random passwords, 12 characters long, like the ones below:
cx34pC9'{1+i
jkh6mR&-v~^C
Q/"N6SUk?D%+}

2.3. Password Manager
Now that you have created all your beautiful and funny passwords, very strong, you must be able to manage them and keep them safely, since you can't remember all them, perhaps not even a single password!
On the other hand it is highly recommended that you use a different password for each website that requires a login. If you need help remembering your passwords nothing remains but consider using a password manager.
What is a password manager?
en.wikipedia.org/wiki/Password…
Why You Should Use a Password Manager and How to Get Started
www.howtogeek.com/141500S/why-…
www.pcpro.co.uk/features/38037…
Here are below a short (only an indicative) list of free password managers:
MS Windows:
keepass.info/
www.thewindowsclub.com/best-pa…
www.top5freeware.com/password-…
PC, Online, or Smartphone App:
pcsupport.about.com/od/toolsof…
Android:
play.google.com/store/apps/det…
play.google.com/store/apps/det…
play.google.com/store/apps/det…
Linux:
www.keepassx.org/
sourceforge.net/projects/upm/
www.techradar.com/news/softwar…
MacOS X:
www.keepassx.org/
mehlau.net/pastor/
lastpass.com/

2.4. Logging into an account by a not mine computer
Be concerned when logging into an account from a friends computer, or from a computer with access to the public (Internet café or Cybercafé). A computer or network you are not familiar with could intentionally or unintentionally log usernames and passwords. Finally, when logging into any site on a friends computer never save the password information on their browser.

2.5.Testing your password
To test the strength of your passwords, you can use this application on-line:

How secure is my password?

_{If you read big words as: undecillion, quinquavigintillion, septuagintillion... well, do not be afraid and take a look here -> en.wikipedia.org/wiki/Names_of…
QUESTION
Is the website howsecureismypassword.net really safe?
Is it safe to enter my real passwords to test them?
Are the entered passwords being recorded/transmitted to someone else?
ANSWER
The website seems to have a good online reputation:
answers.microsoft.com/en-us/ie…
www.webutations.info/go/review…
www.mywot.com/en/scorecard/how…
security.stackexchange.com/que…
It should be noted the site promises that "no data is stored or transferred anywhere".
This site is all done with client side javascript (in fact, you can save the entire site and run it locally on your computer). This means that the assessment of the password is done inside the browser and no data is transmitted on the Internet.
In any case, if you don't trust, know that:
The website howsecureismypassword.net analyzes passwords based on the combination of letters, numbers and symbols. So you do not need to enter your specific password.
If your password is 1=kYs56* well enter 6%uAd24# and check, it will tell you how safe that combination is.}

This is a Password Meter

Most WiFi networks does not provide any form of protection from unauthorized use (authentication) and from the sniffing of the data communication (confidentiality). It also does not guarantee data integrity.
A method devised to prevent unauthorized use of a Wi-Fi network is the WEP (Wired Equivalent Protocol), which, however, due to the inherent problems, is totally useless. To overcome the problems of WEP were invented WPA (Wi-Fi Protected Access) and WPA2 that offer higher levels of security.
So many people think that replacing WEP with WPA or  WPA2 will keep us away from danger:
Wrong, very wrong indeed! Oh my... Why?
Because, from the point of view of the hacker, WPA and WPA2 are equal: the method of attack is the same, equal and identical! WPA2 uses protocols judged to be more robust, but hackers do not attack the complexity of cryptographic algorithms, but the weakness of the passwords.
In addition, for cracking WPA / WPA2 is sufficient to capture the few packages containing the 4-way-handshake, that is the few packages exchanged during the connection between access point (AP) and the client (You). The main difference between WEP and WPA is that WEP is structurally weak and almost certainly the hacker will able to get anything around it, and the security of WPA is given by the strength of the password:
A weak password will also make weak the WPA / WPA2.
More about cracking WPA -> www.devttys0.com/2011/12/crack…


That journal warns you «about the hijacked old deviant art accounts aggressively spreading status links followed by sexual innuendos to bait you to click it out of curiosity.
These have nasty consequences when clicked on. These accounts draw your attention to their profile with a very effective tactic, by adding you to their watch. They know it's more than enough to get the typical dA user to quickly visit their profile to thank them, and the rest is up to you. The bot is hoping you click the status link out of curiosity alone wen you see it. Some members may even visit the link with the intention of wanting to find 'hot free oceans of sex with young ladies" ..... as the links phrase it sometimes».

That's all for the moment. There may be updates.
If you want to be informed about security in a serious way,
then you can take a look at The Hacker News site thehackernews.com/

Please read also:
FAQ #660: My DeviantArt account has been hacked. What can I do?
---
_{I would be also grateful if you kindly want to report me any inaccuracies, errors, grammar mistakes (English is not my native language), etc., or give me tips to enhance this journal. Many thanks.}
My regards,
The BBW