They assume that passwords provide ”enough” protection, despite the fact that anybody can search the Internet and buy products that will remove them in seconds. The simple answer is laziness or lack of research. However, the password manager holds the keys to your entire kingdom, so you better make sure it uses a strong password, 2FA, and even biometrics/a security key where possible. This is unavoidable, but you can mitigate it somewhat by randomly generating your passwords and securing them in a password manager. DO use password generators and password managers: The requirements above will make it harder for you to manage, create, and remember passwords.Reusing passwords or using variants of the same password means that if one PDF is compromized, all of them are. DON’T re-use passwords: Isolate the impact of a password compromize as much as possible.The best balance between memorability and security is to create an acronym from a phrase (12+ characters, NOT a common idiom), and add capital letters, numbers, and special characters. Passwords that are difficult to remember are more likely to be stored insecurely (on a post-it note or plaintext file). DO use acronyms: Completely random passwords are difficult to remember.All of these are easy targets for cracking tools. Dictionary words, dates, names, common keyboard patterns (asdf, 123), capitals only at the start of words, repeating characters. DON’T use a PDF password that’s human-readable: Any password that a human can “read” will be easier for a machine to crack.Creating passwords that follow these rules will increase the time it takes a password cracking program to compromise them (though it won’t stop users from sharing the passwords with others): If you do decide to go the password security route, there are several aspects you need to keep in mind. They are difficult to manage and easy to defeat. We therefore have to conclude that PDF passwords are not an effective way to implement PDF security. If you’re using a password to enforce PDF security or DRM, any rights you gave the recipient can be passed on by simply sharing the password. This is the catch-22 of passwords: you must share the password for the security to be usable, but in doing so, severely compromizes it. Sadly, PDF passwords are still popular (as are zip passwords), despite the fact that they are easily passed on to unauthorized users and are often cracked. Even an exhaustive search for all numbers and letters for 8-character positions is stunningly quick – see Removing PDF Passwords. They can break it in minutes, if not seconds. Short passwords that are easy to remember and type are just as easy for an attacker to crack with a dictionary system. You cannot stop users from sharing the password(s) with other people, and you have no way of being able to detect thatĪnd therein lies the problem. If they ‘lose’ it how do you replace it?.How do you get the password to the recipient securely?.Managing PDF passwords is, in itself, a nightmare: It is difficult to choose a password that you can easily pass on to the recipient and be sure they get it right unless you choose a short and simple one. The same applies when people pick passwords for protecting encrypted PDF documents (or password protect a Word document, zip files, or anything similar). This approach makes people pick easy passwords so that they have a snowball in hell’s chance of remembering. The usual approach to password management is to insist on one that has 6-8 characters and numbers and changes regularly. This is largely because systems have been implemented poorly, with little understanding of security or human psychology. Over time, however, they have received increasingly bad press as a security mechanism. Originally, it was the only mechanism that could be implemented – smart cards and biometrics were just a gleam in manufacturers’ eyes (and some say still are). Passwords have a strong historic precedent in protecting access to computers and files. Password protecting PDF files: why use passwords?
0 Comments
Leave a Reply. |