Review our advice on secure passwords [off-train]
Categories
(support.mozilla.org :: Knowledge Base Content, task)
Tracking
(Not tracked)
People
(Reporter: serg, Assigned: dgalindo)
References
Details
To create a quality password, your primary password should include the following:
At least one capital letter.
One or more digits.
At least one non-alphanumeric character, such as: @ # $ % ^ & * ( ).
Does it make passwords more secure? Password1! and Password@13 fits the description. I doubt these extras make them less guessable.
What are the criteria for a strong password?
Firefox Accounts makes sure that your password meets the following criteria:
It has at least eight characters.
The password does not contain any part of your email address.
Does not match the description of most common passwords.
from https://support.mozilla.org/en-US/kb/password-strength
This is better, but 8 characters long password is not enough. In 2012 it was possible to "brute force every possible eight-character password in just 5.5 hours".
We can use our new password on several different websites by adding a prefix or suffix with a mnemonic link to a particular site.
#Hihas4ei:AmZ for Amazon
fCb#Hihas4ei: for Facebook
#Hihas4ei:YtB for YouTube
dRm#Hihas4ei: for Drumbeat
from https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe
This is suggesting to reuse password. A breach on one site will made user vulnerable on others.
Additional links to revisit:
https://monitor.firefox.com/security-tips#strong-passwords
https://support.mozilla.org/en-US/kb/how-generate-secure-password-firefox
Lets improve our suggestions on generating strong memorable password.
Lets suggest using a password manager, built-in or external.
Lets try to unify all "password strength" articles in one page. We should give consistent direction to users.
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
Reporter | |
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
||
Comment 1•1 year ago
•
|
||
Updates to the articles on securing stored logins with a primary password (https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins) and creating secure passwords to keep your identity safe (https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe) are now available. Updates for additional articles are planned for completion next week.
|
|
||
Comment 2•1 year ago
|
||
A bit of feedback on these:
It is good that there is a single page for password creation advice (https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe). However, the advice on that page is not very good, for the reasons Sergey lists. I also see that the primary password page still includes advice on password construction that could simply be removed.
In terms of what should be said, XKCD advice is pretty solid, but we should really not be telling people to perform this task themselves in most cases. Firefox has a password generator. We should encourage people to use that, or the password generator that is in their password manager of choice.
The primary password is a case where the string might need to be remembered more than other passwords. However, if we are considering loosening advice on automatic generation, that needs to be carefully considered.
|
|
||
Updated•1 year ago
|
|
|
||
Comment 3•9 months ago
|
||
Update: The article is archived and marked as obsolete.
|
||
Comment 4•9 months ago
•
|
||
(In reply to Lucas Siebert from comment #3)
Update: The article is archived and marked as obsolete.
Was the https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe article changed to restricted visibility by mistake?It's now a Page Not Found for me. The wikilinks to Create secure passwords to keep your identity safe in these other articles still link there:
- https://support.mozilla.org/en-US/kb/password-strength
- https://support.mozilla.org/en-US/kb/how-generate-secure-password-firefox
- https://support.mozilla.org/en-US/kb/how-stay-safe-web
- https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins
See also bug 1865871 comment 5.
|
|
||
Comment 5•9 months ago
•
|
||
(In reply to Alice Wyman from comment #4)
(In reply to Lucas Siebert from comment #3)
Update: The article is archived and marked as obsolete.
Was the https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe article changed to restricted visibility by mistake?It's now a Page Not Found for me. The wikilinks to Create secure passwords to keep your identity safe in these other articles still link there:
- https://support.mozilla.org/en-US/kb/password-strength
- https://support.mozilla.org/en-US/kb/how-generate-secure-password-firefox
- https://support.mozilla.org/en-US/kb/how-stay-safe-web
- https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins
See also bug 1865871 comment 5.
I found these other articles that link to the "Page Not Found" Create secure passwords to keep your identity safe article:
- https://support.mozilla.org/en-US/kb/suspicious-activity-my-firefox-account
- https://support.mozilla.org/en-US/kb/how-do-i-share-firefox-between-people-on-computer
- https://support.mozilla.org/en-US/kb/where-are-my-logins-stored
- https://support.mozilla.org/en-US/kb/password-manager-remember-delete-edit-logins
(For the record)
https://web.archive.org/web/20241224163241/https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe
|
|
||
Comment 6•6 months ago
|
||
See comment 5 and https://support.mozilla.org/en-US/forums/knowledge-base-articles/717302 Missing KB article. The https://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe article "Page Not Found" issue has not been resolved.
|
|
||
Comment 7•6 months ago
|
||
After some conversations with Mandy, Konstantina and Jo through Slack it was decided to redirect the Create secure passwords to keep your identity safe KB to the Choose a strong password KB.
|
|
||
Comment 8•6 months ago
|
||
Since the Create secure passwords to keep your identity safe article now redirects to the Mozilla account-related Choose a strong password article:
I submitted a revision that's pending review, to update the Choose a strong password article so that it also applies to creating secure passwords in general, not just for Mozilla accounts. See https://support.mozilla.org/en-US/kb/password-strength/history
Dayana, can this bug be reassigned, since Lucas is not longer on SUMO staff?
|
|
||
Updated•6 months ago
|
(In reply to Alice Wyman from comment #8)
Since the Create secure passwords to keep your identity safe article now redirects to the Mozilla account-related Choose a strong password article:
I submitted a revision that's pending review, to update the Choose a strong password article so that it also applies to creating secure passwords in general, not just for Mozilla accounts. See https://support.mozilla.org/en-US/kb/password-strength/historyDayana, can this bug be reassigned, since Lucas is not longer on SUMO staff?
Hi Alice, thanks for flagging. I've re-assigned to Dayani. She can review your pending revision.
|
|
||
Updated•6 months ago
|
|
|
Assignee | |
Comment 11•5 months ago
|
||
(In reply to Alice Wyman from comment #8)
Since the Create secure passwords to keep your identity safe article now redirects to the Mozilla account-related Choose a strong password article:
I submitted a revision that's pending review, to update the Choose a strong password article so that it also applies to creating secure passwords in general, not just for Mozilla accounts. See https://support.mozilla.org/en-US/kb/password-strength/historyDayana, can this bug be reassigned, since Lucas is not longer on SUMO staff?
Reviewed! Thanks Alice.
|
|
||
Updated•5 months ago
|
|
|
Assignee | |
Updated•5 months ago
|
Description
•