Good password security is the online equivalent of personal hygiene, if bad personal hygiene could compromise your digital safety that is. There are several good habits to be in when it comes to passwords, but first let’s look at how passwords are “cracked” (or broken in the more common parlance).
Breaking a password
A password can be broken if it’s not strong enough through several methods. First among them is what’s called a “brute-force attack.” Brute-force attacks simply use a program to go through thousands of possible combinations of letters, numbers, and symbols until it finds the correct mixture that is your password. Any password less than eight letters can be cracked by this method in eventually. The time varies from a few hours to a couple of days. The next method is a “dictionary attack.” Dictionary attacks are similar to brute-force attacks, but use words instead of letters, numbers, and symbols. Next up is “social engineering.” This method is used to garner personal information about you via social media, phone calls, email, and similar electronic correspondence. The hacker then takes that information and uses it to crack your password. Several other methods are possible, but these are the most widely used.
Creating a strong password
So how do you protect yourself and your digital profile? This is difficult because the more esoteric and strange a password is the harder it is to crack. It’s also harder for the user to remember. The inverse of this is true as well – the easier to remember a password is, the easier it is to crack. Therefore, a balance must be maintained.
Try a few of these tips to help create a strong password:
- Never use common substitutions for letters in a password (e.g., 3 for E or Z or 4 for H).
- Avoid the use of “password” and any substitution of letters or numbers thereof.
- Avoid the use of numbers in numerical sequence.
- Use completely random words strung together in a password (e.g., MonopolyBearAmbergris Weregild). Note, when using this method it’s often a good idea to use uncommon words (see here for a list of the most commonly used English words, stay out of the top 10,000 to be extra safe!) alternatively, mix multiple languages with each other (such as Spanish and English). Pronouns or brand names are also great choices, but make sure they aren’t ones that could be guessed from social engineering attempts! Even better is the use of made-up words.
- Add an underscore to a random part of your password for extra security.
- A strong password is nine or more characters and contains at least one letter, one number, and one symbol. The more variation the better.
- Never use the same password across multiple sites. If someone breaks your password in one place, they’ll likely try to use it everywhere they can find your email or similar logins.
- Never reuse passwords that you know to have been compromised, or that you changed because you thought they might be compromised.
- It’s a bit controversial at the moment, but constantly changing your password may in fact be a bad idea. Create a single, strong password and stick with it.
But how do you keep up with all the various websites that require passwords to use? A good password manager (e.g., Last Pass or KeePass) takes the headache out of remembering multiple passwords and makes your more secure. Such software uses an encrypted database to protect your passwords and relies on a single “master password” to access all the others. When looking at such extensions or software, remember that you want local only encryption (i.e., it’s stored on your computer, not some server).