The U.S. government recently revamped its password recommendations, abandoning its endorsement of picking a favorite phrase and replacing a couple characters with symbols, like c4tlo^eR. These short, hard-to-read passwords look complicated to figure out for identity thieves of hackers.
Instead, you want long, weird strings that neither computers nor people can guess. We as humans are bad at coming up with these—we all pick the same “random” words, and we’re bad at remembering all the different ways we type passwords. Follow this guide to make good passwords, or better yet, let an app make and remember them for you.
Make your passwords very long.
Your hacker isn’t some guy in a ski mask trying to guess your password one try at a time. He'll use a program that automatically runs through massive databases of common passwords or random combinations of characters to figure out the password.
The best answer to that is a very long string of words. As the webcomic xkcd famously pointed out, a bunch of plain words is pretty good. But as many hackers use “dictionary attacks” to guess regular words, it’s best to add some capital letters, special characters, or numbers to make it so much more difficult for them to get your password.
Don’t use a common phrase
But don’t use the same bunch of plain words as everyone else. If your password consisted of the entire script of Game of Thrones, it would still be unsafe if everyone else had the same password. “When in the course of human events” is a shitty password. So is a famous movie line, or a Bible verse, or even an acronym of a Bible verse. So don't think it will be hard for the hackers. Remember they do this for a living. Also do not use birthdays of your love ones or meaningful words.
Test your password
If you use a password manager, it’ll test your password in real time, on the safety of your computer. The sites How Secure Is My Password?,How Big Is Your Password?, and How Strong Is Your Password? test if your password. And remember they won’t warn you about common guessable phrases, like those Bible verses.
Of course, typing your passwords into unfamiliar sites is a bad habit. These sites are safe, as they’re all publicly run by trusted developers who promise that your entered text never leaves your computer. Still, to be on the safe side, just use these sites to get the gist before you make your real password.
Don’t reuse your passwords, make several passwords.
When your password on some web service gets hacked (and it will), you’d better hope you didn’t use the same password on three other websites. Don’t use a weak password for services that “don’t matter,” because some day you might give one of those services your credit card info, or use it to authorize more important services, and you won’t think to make a very strong password.
Use a password manager
Until you do this, no matter how hard you try all the rules above, you will keep picking passwords that suck. Here’s how:
Your “random” string of words will be something like “donkey dragon football princess,” four extremely common password words, and a computer will guess it.
You’ll pick something memorable, and a computer will guess it. You’ll manage to make a password a computer can’t guess, and you’ll forget it, and you’ll have to replace it with a weaker password, and a computer will guess it. You’ll pick something easy to anyone who follows you on Twitter or Facebook—like your dog’s name—and a human will guess it.
Instead, get your computer to make and remember your passwords for you. This will be the only reliable but convenient way to manage of the passwords that you created.
Don’t store passwords in your browser
Those can get hacked, too. Some of Opera’s saved passwords were partially hacked last year. Even Google accounts are vulnerable. A hacker doesn’t have to defeat Google’s security—they just have to trick you, and it’s a lot easier for hackers to pose as Google and request your login than it is for them to pretend to be your chosen password management app. If your Google account gets hacked, you’ll be in enough trouble without also worrying about all your saved passwords.
Follow the rules every time
Of course, your bank, your doctor’s portal, and your library are still following the outdated security recommendations, so this is why they still force you to follow weirdly specific rules for password creation, like making you start with a letter or include one symbol. (Ironically, by lowering the number of possible passwords, these rules make them easier to crack.)
Use two-factor authentication
While it isn’t foolproof, two-factor provides a layer of protection for only a minimal loss of convenience. But not all two-factor is equally secure. Dedicated authentication apps are a lot safer than just getting a code over SMS. But both are safer than a password by itself.
Treat security questions basically the same way you treat your passwords: Make up fake answers, and save them in your password manager.
So don't make it easy for the hackers....
So once you’ve set up your password manager, replaced all your passwords, and enabled two-factor authentication, don’t think your work is done. Some day everything will change to a new security system, and you’ll have to adapt. That’s the price we pay for putting our lives online.
Thank you for reading my blog!
Please UPVOTE AND FOLLOW ME @koolpick
👉👉👉RESTEEM 👈👈👈👌👍😎
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://lifehacker.com/how-to-create-a-strong-password-1797681069