When it comes to creating a new password, there are two conflicting desires: to create a complex password and to create a password that is easy to remember. And sometimes, both of these desires can be satisfied.
However, creating a complex password is an important part of maintaining the right level of security when online. However, many people still make primitive mistakes when registering for their next online account: they use an old password, an easily guessed combination of letters, numbers, their own name, and date of birth.
Want to know how to create and store strong passwords and reduce data leakage to intruders? Read on and you'll get all the information you need.
There are simple passwords made up of a series of letters, there are pin codes, graphical keys, and more. The most important thing about passwords today is their complexity.
A simple password like "password" or "12345" is easy to remember and easy to guess using various hacking techniques.
A complex password contains letters, numbers, and special characters. For example, @weq*314. This password is more complicated but still needs to be stronger.
An example of a mixed password is a combination of upper and lower case letters, numbers, special, and additional symbols: uNg#Pigo_Ts*ko. And such a password is safer than the previous ones.
To create a strong password and store it correctly, it is not enough to just think of it and write it down. It is also necessary to check the complexity and reliability of the password before using it.
How vulnerable is my password?
Many passwords fail the vulnerability test, and many people don't test their passwords at all because they think they've chosen them well. In fact, a password's vulnerability is affected by its length, uniqueness, and complexity.
There are several ways for attackers to determine a password, as discussed below. Whatever the method, a simple password will always be vulnerable. Another common mistake that gives hackers carte blanche is to use the same password for multiple accounts.
You can find services that help you evaluate passwords on the Internet:
Have I Been Pwned. This service allows you to check whether your email address or password has been compromised in known data breaches. It provides information on when your data may have been exposed and can help you identify weak passwords.
Kaspersky Password Checker provides recommendations on how to improve your passwords by assessing their complexity and vulnerability.
How can a hacker get my password?
Hackers use a variety of methods to obtain passwords, and these methods change over time. This reinforces the need to change passwords regularly.
Phishing is one of the most common techniques in which hackers create fake websites or send special emails. By pretending to be a trusted source, they trick users into entering their passwords and other sensitive information.
In a brute force attack, hackers use automated software or scripts to systematically go through every possible combination of characters until they find the correct password. This method can be time-consuming and resource-intensive, but if the password is weak or relatively short, it can be cracked in minutes.
Hackers can use automated tools that go through an extensive list of words and phrases from dictionaries, including popular passwords, names, words from literature, and more, and then match them to find the correct password. This is called a dictionary attack.
Keyloggers are malicious software or hardware devices that intercept and record a user's keystrokes. When a user types a password, the keylogger records it without the user's knowledge. The collected keystrokes are then sent to a hacker who can extract passwords from the recorded data.
Shoulder surfing. Although it may seem an outdated method, some attackers can actually physically monitor a user's keyboard and screen at a close distance and mine the information they want, including passwords.
Data leakage occurs when hackers gain unauthorized access to databases containing user credentials. This can happen through security vulnerabilities or as a result of targeted attacks. Everyone is aware of the repeated incidents of Facebook users' data being leaked and sold on hacker forums.
How to create a strong password
What is needed for a secure password?
- Combination of upper and lower case letters, numbers, and special symbols.
- Random order of symbols (use randomization services).
- Length of a password at least 12 characters.
- No common words, dictionary words, or personal information (names, birthdays, addresses, phone numbers, etc.).
- Use unique passwords for each account (password reuse increases account vulnerability).
- Use passphrases.
- No easily guessed patterns or sequences.
Adding punctuation marks to old passwords, combining birth dates and pet names, and arranging words randomly won't make your passwords more complicated or fool algorithms. Credibility is a random set of characters and symbols.
Bad passwords are qwerty, password, 12345, tom230599, Belind@, i_love_you, etc.
Good passwords are ei0E4Twcdg5yt6QXQMK6, My*W8uVgTGi3koS, fa7vn_Kir9_AVq1, etc
If you want to use a catchy phrase, at least convert it. For example, change "I want to go to Berlin" to @W2go2B_n! Such a password will be more secure than a normal set of words.
If possible, you should enable two-factor authentication. This will protect you from unauthorized access to your account, even if your password is compromised.
You can always use random password generation services. All you have to do is specify the characters you can use and the length of the password. For example, passwordsgenerator.net not only generates a password but also offers a phrase to help you remember it.
How to store your passwords
There are several ways to store passwords, and on our list, there is no way to write them down on paper.
Passwords can be stored digitally on a computer or other device. In this case, we recommend considering encrypting the file in which you store passwords. Use robust encryption algorithms and protect the file itself with a strong, unique password. Due to the frequency with which the file is accessed, remember to change the password for the file and regularly check the device for vulnerabilities.
The most convenient and secure solution is to use a password manager. This software securely creates, stores, and organizes passwords, making them easier to manage. With a centralized and encrypted database storing password combinations, you don't have to worry about remembering complex passphrases and keeping them safe.
This way, you can generate passwords with the required parameters for each account, and a password manager will take care of storing them. A good password manager will meet all security standards, including encryption, two-factor authentication, synchronization, etc.
Popular password managers include LastPass, Dashlane, 1Password, KeePass, Bitwarden, and others. Each service has its own set of features that may influence your choice. For example, Dashlane has dark web monitoring features and a built-in VPN; 1Password offers individual and family pricing plans, among other functions; and the other tools have the ability to extend features with plug-ins. In general, you can choose a free password manager and then try out the paid options. We think it is the best way to store passwords.
How to remember passwords the easy way
Using a password manager makes remembering passwords much easier. These tools have built-in password generators, store passwords securely, and use autocomplete when needed. All you have to remember is the password to the password manager.
If you want to store passwords in your head, for example, use transformed passphrases. This way you can create associations of a specific account and its password.
Another option is to have a unique pattern that you can remember. You can use a converted template password for different accounts. For example, you could use the first two letters of the site or service name in combination with your main password. However, such a password might be less secure than one made up of random characters.
With the number of accounts on the internet, it is still a better option to have your passwords in a safe place where you have access to them at any time.
Best password practices
- Use unique passwords for every account.
- Change passwords regularly, especially for important accounts.
- Enable two-factor authentication where possible.
- Beware of phishing scams and do not enter passwords on suspicious websites.
- Update your devices and software to reduce security vulnerabilities.
- Check your accounts regularly for signs of unauthorized activity.
- If you discover that your login details are in the public domain, change the password on your accounts immediately.
- Do not share your passwords with anyone.
These are basic guidelines for keeping your data safe. It's impossible to be 100% secure all the time, so it's up to users to keep passwords and other important information secure.
Even large companies cannot be sure that databases containing sensitive information are impenetrable. Be proactive about your security.