How to choose safe passwords—and remember them too
Another day, another major data breach—and another article advising you to strengthen your passwords. These secret bits of information act as the keys to all of our important online accounts, from social networks to email inboxes to bank accounts.
That's why choosing strong passwords, and managing them well, is so important. It could be the difference between keeping your identity safe and landing your information in hackers' hands. Your password not the only security measure you need to think about, but it's one of the most crucial.
Unfortunately, a lot of us are pretty bad at choosing passwords. We tend to pick ones that are easy to remember, and therefore easy to guess, and we tend to reuse them again and again. If you want to toughen up your personal password security, read on.
Best password practices
Choosing a password for your online accounts is no different than choosing a password for a secret society: It needs to be difficult to forget for members, and impossible to guess for anyone planning to gatecrash.
If you're using "123456" or "password" then you're putting yourself at risk, because millions of other people are also using these obvious combinations. These are the first options that most hackers will try, right before "password1" and "passw0rd".
It's also important to choose combinations of letters and numbers that aren't easily guessable from public data about you. For example, a quick scan of your Facebook page can tell a hacker what date you were born or even the road you live on. So working those pieces of information into a password won't make it impossible to guess.
Another best-practice is to choose a password that's at least 10 characters long. The longer the password, the better; the denser the mix of letters, numbers and special characters, the better; and the more nonsensical, the better. Think about a four-digit code, using only numbers and nothing else: there are 10,000 possible combinations, but add just one more digit and that goes up to 100,000. Add in letters and special characters, and extend your password up to 10 characters and beyond, and you can see how each extra letter helps.
So how do you choose this mystical combination? Security expert Bruce Schneier suggests turning a random sentence (not a famous quotation or phrase) into your password. For example, "We love getting e-mail from Grandma, but she rarely writes one." is a unique sentence that can become "Wlge-mfG,bsrw0." by taking the first letter of every word (except for "e-mail," which becomes "e-m", and "o", which becomes "0"). The result is a password with random letters, numbers, symbols, and plenty of digits—and one that you can easily call to mind by remembering the full sentence.
Of course, now that I've written this potential password in a published article, it's no longer secure—but you can easily do this trick yourself with your own sentence. You don't need to take the first letter of every word either. Instead of turning "love" into "l", I could have made it "<3." Some other examples from Schneier include:
- WIw7,mstmsritt... = When I was seven, my sister threw my stuffed rabbit in the toilet.
- Wow...doestcst = Wow, does that couch smell terrible.
- Ltime@go-inag~faaa! = Long time ago in a galaxy not far away at all.
If you're still unsure about security, many web services will now tell you how strong your password is when you create it. They'll also guard against "brute force" attacks where multiple passwords are tried in rapid succession.
Another big password mistake is using the same password for multiple accounts. To use the secret society analogy, it means a hacker can get access to all of your clubs at once, just by breaking into the one where security is the weakest. If you're using a different password for your primary email account, then it doesn't matter so much if that old account you used three years ago gets hacked. But if the passwords are the same, you've got problems.
One option to help you remember all your account passwords is to use one random or difficult-to-guess series of letters and numbers across multiple services, but tweak the combination slightly each time. Again, this needs to be done in a way that you're remember but other people won't be able to guess. If your Twitter password is "Wlge-mfG,bsrw0.Twitter" and your Gmail password is "Wlge-mfG,bsrw0.Gmail", you're not being particularly secure.
So how do you remember which password goes with which account? We'd definitely recommend against writing down your passwords anywhere, because it's like leaving a master key to all your online identities in one place. Luckily, there are more secure ways to keep track of all of these passwords, and make them as strong as possible.
SOURCE: http://www.popsci.com/how-to-choose-safe-passwords
SOURCE: http://www.popsci.com/how-to-choose-safe-passwords
Post a Comment