How to Choose a Strong Password
A password is one of the mundane pieces of information you hold in memory, yet it’s the kind of information you cannot afford to lose. It’s because a password is a key that grants access to personal accounts. A password verifies that you are the rightful owner and not an intruder.
A bank account that holds your financial information is just one of the many instances where a password can be everything between you and unauthorized access to your account. The password strength determines how difficult it is to break into an account. So, if you have a habit of reusing the same password across multiple accounts or rely on short and easy-to-remember passwords, then it’s an absolute must that you read through the end of this blog.
Why Do You Need a Strong Password?
As explained, a password is a key that grants you access to your digital assets, such as an account. Other forms of verification have been developed that provide a higher level of difficulty. Because a password can leak, authentication forms such as biometric verification are seen as safer and faster alternatives.
However, a password remains the most prevalent way of authentication. Almost all platforms expect users to enter a (strong) password while signing up for an account.
Believe us when we say that passwords such as “password” and “password123” are common among users. Any brute force attack will get through it within a second.
A brute force attack uses all possible combinations to try and guess the password. If hackers know email addresses and passwords through a data breach, they will use brute force and credential stuffing techniques to break into the account. Passwords are stored in an encrypted form using hashing algorithm like MD5.
Even though hashed passwords are tougher to crack, modern computers can easily guess short passwords by matching against the hashed database. The length of the password and variations in the character set determines how long it will take for the brute force program to crack the password. It can take anywhere between a second to an estimated million years.
What are Passphrases?
Passphrases have caught on as alternatives to passwords. Passwords vs. passphrases was a topic of much interest after the comic from XKCD discussed how passphrases had a higher entropy than passwords.
A passphrase includes three to four random words that are stitched together. The words hold meaning, but when put together, they appear random and nonsensical.
In the comic above, correct horse battery staple are four normal words that make no sense together. It provides a higher entropy than the word Troubador, which has been modified to Tr0b4dor&3. Despite a diverse set to characters, it is not challenging for a brute force attack because such substitutions are exactly the kind of changes that the attack programs keep in consideration.
Passphrases are easier to remember. Using the example above, “correct horse battery staple” with spaces in between is significantly easier to remember than a random string of characters such as “P54V45x6t%$^!”.
How to Choose a Strong Password
The strength of your password is based on how easily it can be guessed. Two factors come into play: the length of the password and character set.
A password that contains only lowercase letters and is shorter than 7 characters is much easier to guess for modern computers. Hackers typically use systems with multiple graphics cards to crack passwords as they are excellent at such tasks.
One type of brute force is known as a Dictionary Attack. This type of attack uses commonly used words and phrases as references to try combinations. The hacker will use every word in the dictionary as well as words, phrases, names that are popular in pop culture. Including birth dates, celebrity names, your first or last name, etc., are things that are predictable using a dictionary. If you pick something like “earlybirddave” as your password and substitute the “e” with a “3” to include a number for security’s sake, it will be considered just as weak. Dictionary attacks take into account such alterations that users often apply. So, replacing “a” with a “@” sign is not going to help.
It brings us back to the point that a password should be hard to guess. The random nature of a password is known as its entropy. The higher the entropy of a password, the longer it will take for computers to reach that combination.
The best approach to choosing a password is to pick at least 13 characters long and contain a mix of lowercase, uppercase, and symbols.
A passphrase’s entropy can be improved by adding substitutions. For example, writing “correkt hor-se battery staple” adds more difficulty yet retains the convenience of remembering the passphrase. You can add more words to it to increase the complexity.
Get a Password Manager
Password managers are excellent tools for storing passwords. A password manager takes the burden of memorizing complex passwords, thus allowing you to pick passwords as long as 20 characters. The best password managers can store passwords, generate passwords/passphrases, store notes, and even keep a close eye on the Dark Web for stolen passwords to see if any of your passwords have been compromised.
Your passwords are stored in an encrypted vault that is locked with a master key. This master key is everything, so ensure that it’s strong and you don’t lose it.
LastPass, BitWarden, Passpack are some of the best password managers.
The Dos and Don’ts for Choosing a Password
Here’s a simple breakdown of all the things you need to consider when picking a password.
- Never use your name, date of birth, or any other type of personal information in the password as it can be guessed.
- Always pick a password that is 13 to 16 characters long.
- Include a mix of uppercase, lowercase, and symbols in your password.
- Never use a single password on multiple accounts.
- Make small substitutions in your passphrase to make it more complex.
- Don’t use words that make sense, such as adverbs. (very fast, dark castle, milk biscuits)
- Enable two-factor authentication.
In addition to a strong password, enabling two-factor authentication is a must. It adds a second layer of security that ensures that a hacker cannot use a compromised password to gain access. If the idea of memorizing a long and random password is challenging, get a password manager. If cost is a concern, BitWarden is a free and open-source password manager that you can use.
Start Browsing Privately!
iProVPN encrypts your data for protection against hackers and surveillance. Unblock your favorite streaming platforms instantly with the best VPN for streaming.