Passwords And You
In this article, I will discuss some basic tips and techniques for creating strong and easy-to-remember passwords. There are techniques such as using a password manager, but we won’t cover that today. While not everyone wants to use a password manager, choosing a password is mandatory.
Passwords are the first line of defense against cyberattacks, and choosing a good password is an essential step in protecting your personal information and online identity.
Notice how most websites nowadays ask the user to require more complex passwords whereas only a decade ago it was pretty straightforward? One of the most important concepts to understand when it comes to passwords is “password entropy.” This term refers to how un-guessable a password is. The more entropy a password has, the harder it is to crack or guess. Less entropy, on the other hand, makes it easier for malicious actors to break into your account.
To check the entropy and guessability of a password, you can use a tool such as “How Secure Is My Password?” This website allows you to input a password and calculates its entropy or strength based on various factors, such as length, complexity, and the use of special characters. However, be careful not to input your actual password as this is a public website, but if you think your password might be guessable, it probably is:
https://www.security.org/how-secure-is-my-password/
How Secure Is My Password? | Password Strength Checker
Another important consideration when choosing a password is the minimum requirements set by websites. These requirements usually include a combination of upper and lower case letters, special characters, numbers, and a minimum length of 8-12 characters. As technology advances, it is likely that we will see even more stringent requirements in the future.
However, right now it’s just a bit of a nuisance for the user, isn’t it?
One strategy for creating a strong and easy-to-remember password is to use random words that are easy to remember. This is taken from a great webcomic from XKCD, highlighting password strength, which I wholeheartedly recommend following:
XKCD: Password Strength |
The strategy that I personally use and will advocate for today is a “password sentence” or a “passphrase.” Instead of trying to remember a random string of characters, I try to incorporate a password into a sentence that can be flexible for any website I use.
That’s right! Instead of remembering a password like “gLp97@mk” or “jt108FF*)3T90!” or even “p@ssw0rd!23”, I try to incorporate a password into a sentence that can be flexible for any website I use.
Here’s a few examples:
- “I love w@lking to the beach by faceb00k!”
- “I love w@lking to the beach by twitt3r!”
- “I took an @rrow to the knee on linked1n!”
- “I took an @rrow to the knee on pinter3st!”
- “Do or do not, there is no try on y0utube!”
Stick with one sentence, it can be a quote about anything or a catchphrase you use. Slap on the name of the website at the end, replace a letter with a number, and now you have a password that you can easily remember and create, un-guessable by any computer in existence today, and flexible to use anywhere. Try and see the difference in entropy now! Why not keep the quotations too?
If your password ever gets leaked, an attacker may notice a pattern and thus be able to take advantage of this, but that’s a solution we’ll leave aside for password managers. In my opinion, this method is still simple enough for most people to learn in a short period of time.
I hope that this article has been informative and encourages readers to adopt new and improved methods for password creation. Understanding the basics is a great way to turn inconveniences into a convenience.