When registering a new online account the website usually requires users to create passwords of a certain length or complexity. Facebook, for example, requires a combination of “at least six numbers, letters and punctuation marks”. Security requirements differ by website, but it is worth mentioning that any password of less than 12 characters is considered vulnerable.
When a particular internet account becomes the target of a hacker, their automated software will submit millions of password guesses per minute to open that account. Using various techniques such as brute-force, dictionary attacks, a combination of both of these and other methods will allow hackers to sequentially guess the password. Depending on the recipe used, it can take just a few milliseconds or years to crack it.
Characteristics of a Strong Password
Every password has three elements that it comprises: length, character set and randomness. Strengthening one dimension can be used to counterbalance a weakness in another.
Length is the easiest dimension, and typically there is a specific minimum length of password when signing up to a new account.
The more character sets used in generating a password, the greater the number of possible combinations. That equates to more work for the attacker to crack your password, so widening the character set used is important when creating a password.
While it won’t make sense in real-life conversation, randomness is useful in password usage. The attacker can leverage the regularities of a certain language (English, for example), hence reducing the work needed. Simply put, the attacker won’t try passwords containing sequences that might contain words or phrases from other, more obscure languages..
Use Password Generators
The attackers’ toolset includes a dictionary hacking utility that uses an English dictionary list to easily find words contained in that dictionary, and if the simple word search doesn’t bring results, the tool will likely try other iterations of the same word, including numbers.
Password managers include a feature called a password generator to streamline the process of creating strong passwords for new or existing online accounts. Of course, that doesn’t rule out your creativity if you don’t have problems coming up with passwords, such as “vR|mBCsrd$oYzzx5NngK” or “opulent4.reply2.anoint7.hype193”. Oh, and you’ll also need to remember them, which won’t be an easy task, especially if you have tens of online accounts like the majority of people.
Without a password manager, people tend to reuse the same secure password over and over again, easing the pressure on their memory. However, that isn’t quite the best approach, because it’s enough for the hacker to crack the password one time to lock you out of your digital life.
Thanks to the internet, there are services out there to test the security level of your passwords. We don’t recommend their use, though, because these services can easily spoof your password and use it to either build their database or – what a sophisticated hacker would do – to track you down and get into the account you have just created and secured with that password. If you definitely need to use such a service, the safest we can recommend is LastPass’ service.
The new password security requirements from websites raise a new problem: how do you securely store the passwords that have just been invented? That’s equally as important as highly secure password generation. At this point you might choose to use a piece of paper (be it physical or digital), a notebook that is always with you, or a password manager.
Password managers don’t just generate new passwords, but also store and recall them whenever needed.
But the best thing to remember about password managers is that they enable the ability to use unique passwords for every account you have, but if you don’t keep your computer safe from password-capturing malware or don’t avoid phishing sites, you leave yourself vulnerable to attacks. A strong password is just one level of the multi-level security measures to keep your digital life safe.
Best Password Managers of 2019