Forget-Me-Not Day: How to Create a Secure Password That You’ll Actually RememberNovember 1st, 2016 |
“Use a strong password.” You’ve probably read this phrase over and over again. It’s the kind of advice that is everywhere and nowadays you may just gloss over. How important is having a strong password really? And if you do create strong passwords, how are you supposed to manage them all?
Your password is your first line of defense against someone who wants to steal your information. Hackers, and we’re not talking about the ethical kind, have a whole range of tools in their arsenal that can help them crack into your accounts. But a lot of the time, they don’t even need to bust them out.
Top 10 passwords: are you guilty?
With only a small amount of information on you, which many hackers can now find on your own social media profiles, a person can get into your most personal accounts. Statistically speaking, 20% of users on the internet use one of the following as their password:
- Your partner, child, or pet’s name. This may be followed by a 0 or a 1 because many websites now require a number
- The last 4 digits of your social security number.
- 123, 1234, 12345, 123456, 12345678, 1234567890, you get the idea. “qwerty” is also popular.
- “password” or “passw0rd”
- Your city, or college, football team name. In some cases, the passwords may be as simple as the sport name, like “football” or “baseball.”
- Date of birth, whether it be yours, your partner’s or your child’s.
- “letmein” or “login”
“Why would someone try to hack me?”
One of the common reasons why someone would try to break into your information, is if they have a personal vendetta against you or if they’re trying to find something out about you. It may be very easy for someone that knows you well to break into your online accounts.
Another common reason why a person would get hacked is because of a data breach. It seems like every couple of months you’ll hear that a large company has reported a data breach that has resulted in millions of people’s information being compromised. In this case, no one is out to get you specifically. However, you may fall victim to malicious acts.
The final type of attack is one called “brute-force”. During brute-force attacks, a hacker uses specialty software called a “password cracker” to attempt to log into a site using your credentials. This attack works by systematically checking all possible passwords until the correct one is found.
Often, people use the same password, or a variation of the same password, for everything. While some sites have a little more security, like an online banking site or VPN, other smaller sites like your email or an e-commerce site may not be as well guarded. The hacker chooses one of these “low-hanging fruits” to unleash their password cracker on. They just have to ask it to try thousands of different username and password combinations as fast as possible until they are able to breach one of your accounts.
How fast can a hacker break into your accounts using the brute-force method? Well, it can depend on a few factors. First, the connection strength, reliability, and speed of the hacker’s computer and internet is important. Secondly, just how long, safe, and secure your password is.
What Makes A Good Password
Creating a good password is simple. It should contain upper and lower case letters, special characters, and numbers. It should also be long. Below, you’ll see a chart that show just how long it may take an average hacker to break into an account with passwords of different lengths. Pay close attention to what a difference using all possible characters, including special characters and both upper and lowercase letters, makes when compared to passwords that just use lowercase letters.
|3 characters||0.86 seconds||0.02 seconds|
|4 characters||1.36 minutes||.046 seconds|
|5 characters||2.15 hours||11.9 seconds|
|6 characters||8.51 days||5.15 minutes|
|7 characters||2.21 years||2.23 hours|
|8 characters||2.10 centuries||2.42 days|
|9 characters||20 millennia||2.07 months|
|10 characters||1,899 millennia||4.48 years|
|11 characters||180,365 millennia||1.16 centuries|
|12 characters||17,184,705 millennia||3.03 millennia|
|13 characters||1,627,797,068 millennia||78.7 millennia|
|14 characters||154,640,721,434 millennia||2,046 millennia|
If you want a safe and secure password, you should aim for one that is at least 16 characters long and contains a combination of numbers, symbols, spaces, and both upper and lower cases letters. The password should not have any pronouns, IDs, dictionary words, repeated symbols, or predefined sequences like “qwerty”, “1qaz2wsx” or “123456” in it.
If you’re having a hard time creating a unique and complicated password, you may want to consider using a password generator. Many password managers come with built in tools or you can search the web for a secure generator tool.
Keeping track of your passwords
Ideally, you would have unique passwords for each of your accounts. This way, if a hacker breaks into one account, they will not be able to break into others because your passwords will be vastly different.
You’re probably asking yourself, “How can I be expected to remember a unique, 16-character password for each online account I own?” The good news is that you don’t have to. All you need is a safe and secure password management method.
You can’t be expected to memorize dozens and dozens of complicated passwords. The first and probably easiest way to manage all of your newly secured passwords is to use a Password Manager like LastPass, Dashlane, or 1Password. Password managers store all of your passwords for you and fill out your login forms each and every time.
Password managers are essentially desktop programs or mobile apps that come with browser extensions to help you automatically log into your accounts. All you will need to remember from now on is one single master password that will unlock all of your other passwords. You should follow the same rules for creating an extra-secure master password with multiple character types and with the necessary length to ensure that it will withstand brute force attacks.
Some Final Tips:
- All passwords matter: Some people take their email’s password for granted, but some of the passwords you think matter the least could actually be the most valuable for a hacker. For example, your email is probably linked to your online banking or credit cards, or even to other types of accounts. If someone compromises your email, they may be able to break into your other accounts by hitting the “forgot password” button.
- Helpful password trick: Use phrases that you’ll remember and that contain numbers and symbols to create a unique and long password. For example, take the phrase “Media Genesis celebrated their 20 year anniversary in 2016!” This would result in: MGct20yai2016!
- Numbers are the new letters: Another tip is to randomly substitute numbers for letters that look similar. This means that an ‘o’ could be a ‘0’, an ‘e’ could be a ‘3’, and an ‘I’ could be a ‘1’. This means that if your password was MediaGenesis, it could now be M3d1aG3n3s1s.
- Use a two-step verification (aka two-factor authentication or 2FA) if possible: Many sites, like banks and even social media networks, offer the option of a two-step verification. This means that after you enter in the correct password, they will verify your identity with a special code often delivered through text message. This means that a hacker who doesn’t have your phone in hand won’t be able to sign in even if they have your password, and you’ll be notified when someone is trying to get into your account.