When a signup form asks to create a password, the first thing that comes to many users’ minds is, “Okay I need to create a password that is really easy for me to remember and is connected directly to me so I never forget.” With such mindset, the password created is something like “ILoveSally143.” A hacker will take less than a minute to hack such password and take complete control of your account.
Lately companies and websites are working hard to educate users to use a strong password, and they are also using restrictions to force users to make stronger passwords. Thankfully, with so much news about accounts being hacked and an emphasis on using a strong password, almost everyone knows that they should use a strong password. However, the questions still remains, what is a “Strong” password? In this article we’ll tell you what is a strong password and how to create one.
How a Password Is Cracked
Before we tell you how to create a strong password, it is important to know how to crack a password. There are multiple ways to crack a password, and the most common ones are Brute-Force-Attack and Dictionary Attack. Both of them are explained below.
In a Brute-Force-Attack the hacker (hacker’s software, to be precise) uses all types of letters, numbers and characters in combination to try to crack a password. The process starts from basic total characters like four or five characters, and when all the combinations are used, the software adds another character and uses all the combinations made with it and repeats the process. This theoretically allows Brute-Force-Attack to crack almost any type of password (including encrypted ones). However, as Brute-Force checks each possible combination there is, it takes a lot of time to check all the combinations, and adding another character will drastically increase the cracking time.
Giving an estimate from Kaspersky Password Checker, the password “pzQm45” should take 3 hours to crack, but “pzQm45@” will take two days to crack. If we add another character like “pzQm45@!,” it will take twelve days to crack. This means it is very hard to crack a longer password for a Brute-Force-Attack, and it’s not worth the hacker’s time.
Brute-Force-Attack has a hard time cracking long passwords; this is where Dictionary Attack comes in. In a Dictionary Attack the hacking software uses a long list (in millions) of word combinations taken from dictionaries along with all common character combinations, phrases, sequences and anything that is “common.” If a password has a meaning, Dictionary Attack can crack it. Adding punctuation or numbers along with a common word will not help. For example, Dictionary Attack should be able to easily crack the password “I$3haTe5%MaTh” as somehow it makes sense. As this methods uses combinations of common words and characters, it takes far less time to crack a password compared to Brute-Force, even if the password is long.
Solution: The answer to both of the above attacks is simple: create a long password that doesn’t makes sense. A password of sixteen characters or above with completely random characters should work fine. But creating and managing such a password is hard, which we explain below.
Note: hackers also use Phishing Attacks to steal your password. A strong password will not help against a phishing attack as the hacker will steal the actual password using a fake website page.
Manually Create a Strong Password That Is Easy to Remember
For those people who don’t like providing their credentials to third-party applications, we know a manual way to create and memorize a strong password. You can create a password from a long phrase that has direct connection with you but others don’t know about it. For example, you can create multiple passwords from a phrase such as “I eat vanilla ice cream at 3am, but I don’t get any sleep afterwards!” Below are some examples:
It will be really easy to remember the phrase as it is connected to something you do or have done before; all you have to do is remember how you created the password.
Use a Password Generator and a Manager
If you don’t want to go through the above process and don’t mind depending on a third-party service for creating and storing the passwords, then things can get a lot easier (and productive) for you. There are many tools that will let you generate a strong password, and you can also use a password manager to save those passwords. Below are some you can use:
Secure Password Generator: A very simple online password generator that allows you to specify password length and character type to easily create a strong password. It also provides hints that will let you easily remember the password.
LastPass Password Generator: The famous password manager LastPass also has an online password generator that is simple to use and offers handy tools to generate a strong password.
LastPass: I recommend LastPass for its simple interface and security options. It will securely store all your passwords and let you sync them over all devices.
Dashlane: This is another good option that is easy to use and offers great security such as two-factor authentication. It also has a digital wallet to save receipts and credit card information.
Important: Never ever use the same password for multiple accounts; even if one of your accounts is hacked it could lead to losing all your accounts.
There should be no compromise on password strength as tens of thousands of hackers are after your information and trying to get into your account. You may say that you are just a regular person and no hacker will have time to hack your account, but hackers don’t care who you are. They just try to hack anything they can get their hands on, one way or another. Identity theft and the wrong use of your account and information is something average users should worry about. I also recommend you enable two-factor authentication if it is available for a website, as it is the best protection against hackers.
How do you create and manage a strong password? Share with us in the comments.