Better way to make secure passwords
Often, you will see discussions about the methods how to protect your passwords from stealing/hacking/breaking. Yes, you will see some useful advises, but some novices reckon that to secure yourself, you have to set LONG PASSWORD, thus hackers would have difficulties into guessing or Brute-forcing it. However, that is not quite truth. Let me say several words about it.
Does Password strength matter at all?
If you live in modern world, then you have to live with technologies. And not to be a vulnerable object in Internet-world, then you should read recommendations and news from security experts from time to time.
The first thing (if you havent heard about it till now) you should know, is that the BRUTE-FORCING or “PASSWORD-GUESS”-ing of passwords, is the lowest threat as I think. MOST OF the password hacks happens not with BRUTE-FORCE (they dont like trying out millions of users passwords by brute-forcing), but with:
- Unreliable browser addons/extensions
- PC viruses
- Network sniffing
- hacked websites (after entering the password in a untrusty website, where an injected script steals your password)
- already hacked websites/database (where you are one of the existing member)
- and some more ways
So, it doesnt matter at all how much strong password you have, 1 letter or hundreds of characters in it. Simply doesnt matter.
However, I dont mean, that you should have an easy password – no, make it “strong” as you think. It helps more:
1) Use 2-Factor authorization
Nowadays, most of the solid websites added a functionality to use 2-factor authorisation (you might find it somewhere in your profile settings, under “password” or “security” tab). That means, entering only a correct password is not enough. You should add a your mobile number too, so, it will send you the confirmation CODE (with SMS), so, without your phone, no-one will enter your account (unless someone steals your phone physically). Instead of SMS, some websites use flexible Google Authenticator android app.
2) Recommendations with difference cases
3) Safety with Patterns (and not length!)
The only thing that I reckon as “secure” is not the length of the password, but the pattern. I have my own pattern (and you should make yours too), so on every domain I have different password (but easily remembering for me). You can use the following patters, that might help you:
Main Password – should be unique
At first, I use my GMAIL as the main mail for all essential websites (paypal, ibank, and etc..). So, GMAIL password should be something that you wont ever forget , and should be UNIQUE – nowhere use that. ( To avoid a spam, register another i.e. firstname.lastname@example.org too, which you will use when you have to register on some NOT-IMPORTANT sites).
All other Passwords – make it with Pattern
Now, for example, we are setting up an account for other websites, lets say Yahoo.com website ( lets say, username james) :
- choose the base of several letters which will be your main “base” part of the password, for example:
- add a variable according to the domain, where you setup the account:
ao (2nd and 4th letter)
- add another variable in the start of password (the length of domain + i.e. 15 = 5 + 15 =20)
- the length of domain extension .COM (3) into 3rd power: 3*3*3 = 27
- add second letter of username (james) in the last place.
- add some special characters , like #$*
So, your password will be: xyz345ao2027a (btw, you should change the order of pattern yourself)
Is it hard to remember? Any Alternatives?
Yes, I agree, it is a bit hard to remember the pattern, however, dont be lazy and do some 5-minute brainstorming, write the formula(pattern) down into paper or phone, try to secure your virtual-life once, and you will be safer. However, if you want password managers, you can use services like LastPass.com or any windows-password managers (which has mobile version too). However, they will generate random password, that you cant remember.