Bottom Line Up Front: Making a strong password to use online isn’t as difficult as you have been led to believe. It’s actually easy if you understand some background into online security. Here’s how to make strong passwords easily.
Old School Passwords
In the early days of the internet, passwords were simple. Things like “dog” or “michael” or “superman” were common. Due to the rapid growth though, it became a problem when people were getting their accounts compromised due to simple passwords. Further, the kinds of things we needed passwords for became more important too and, thus, the downside of an account hacked was greater (banking, credit cards, etc.).
To rectify the problem, in came the requirement for upper case letters, numbers, and special characters as well as the need for the password to be more total characters. It makes sense if you think about it. If someone were to try to hack into my account, they make try to use what they know about me to get access in 1997. If they know I have a cat named “Willie” they could try that. No way they’d guess “WiLl33!!”. Problem solved, right? Wrong.
How They Do It Has Changed
But the hackers of today don’t just guess random words off the top of their heads. There are two basic ways to try to get your password:
- Brute force attack. This is a piece of software that runs through millions of possible passwords until it finds the right one. With modern software and computing power, it can run for days and try a mind-boggling number of passwords to gain access.
- Steal it in transit. There are ways to catch the data you transmit over the internet from your device to the server. This is where having encrypted connections (for example: using https vs http web sites) and only using secure internet connections (not hotels, Starbucks, the mall, etc.) protects you. No matter how strong your password is, if it’s stolen, there is no guesswork. We won’t focus on that in this article, but realize that doing all the hard work to make strong passwords is useless if you just give it to them.
Focusing in on protecting against brute force attacks, I read a great article recently entitled “You’ve Been Misled About What Makes a Good Password” from the MIT Technology Review. They looked at precisely what can be done to make passwords stronger and found:
A study that tested state-of-the-art password-guessing techniques found that requiring numbers and uppercase characters in passwords doesn’t do much to make them stronger. Making a password longer or including symbols was much more effective.
Further, they looked at the way the hackers are trying to access our passwords and noted:
But the latest password guessing software is smarter than just guessing at random. Instead it is trained using leaked lists of millions of passwords to make guesses that try the passwords—or patterns found in passwords—most commonly used first. Password-guessing software can be used to try to reveal improperly encrypted passwords leaked online, like the 130 million taken from Adobe in 2013, or to directly access password-secured software or devices that don’t limit guessing attempts.
What You Can Do
Never use the same password. This fixes the problem of the software using previously stolen passwords.
Use password saving software. I have written about LastPass before in “3 Simple Steps to Stronger Online Security“. This can make your passwords complicated, longer, impossible to remember, and completely unique. I do not have one password that is the same anymore.
For passwords you must memorize, go for length and repetition. There are a few passwords you must remember off the top of your head, so LastPass can’t help here. You don’t have to create one like “Ikjsds((887y^*8ggg%%$%” to secure yourself. Can you remember this “Ihatemakingpasswordssomuchbutilovecake”? Or “Boom#Boom#Boom#Boom#”?
Even if you have LastPass, you still need to memorize at least two passwords. One is the LastPass password itself to log in to manage your account. The other is your primary email address because where password resets or major admin actions will come. In order to set up a good strong password for these, pick a long phrase or a repeated short phrase. Examples above would both work.
Enable two-factor authentication immediately. Enabling two-factor authentication (see Tip#4) on sites that support it makes a strong password much less important because a hacker would need another item to get into your account.
QUESTION: Do you have any password saving/memorizing tips? Post to comments.