Many of us consider passwords annoying obstacles to work and fun. They are always in a way, always slowing us down, requesting yet again to type them in.
And that may be true. Passwords are annoying. Security in general is annoying.
But this is the world we live in - the world of passwords. And it is not about to change any time soon.
So how can you minimize the password annoyance and maximize their security?
You have already taken the important first step - asking about the security of your passwords:
Let's answer these questions.
A good, strong password is immune from two main password attacks:
There are two password types that are secure enough. They both meet the password security requirements mentioned above.
The first method is often used when you have a password manager, because you don't have to remember any passwords - the password manager does it for you (it does a lot more, too).
The second method is useful when you have to remember a password.
Your password is secure if it consists of a long string of random characters.
A secure password will include a few different groups of characters:
The password should be at least 20 characters in length. Here is one example:
"S}6Qf7VL'yeYZ3iwRQ!3"
Note: This is an example password used to illustrate what a secure password might look like. Don't use this password or even combinations of it, generate a brand new one instead.
Try to avoid similar characters because they can be confusing depending on which computer, tablet or smartphone you are using, as well as on the specific application and its font.
For example, avoid using:
Using different characters sets greatly increases the security of your password. It makes it more resistant to brute force password attacks, where a criminal checks in a systematic way all possible combinations of characters until they find the correct one.
With multiple character sets the time needed to go through all the combinations of characters is much longer. With the correctly constructed password it will take someone decades or even centuries to crack the password. Hopefully you will have changed your password by then.
A random 20-character character string also passes the second password security requirement: It is impossible to guess.
There is no information on the Internet or even in the real world that would enable someone to guess a random-generated password.
There are three ways to generate a secure random-generated password:
A word of caution: Never use a website to generate a password. No matter how friendly the website may appear, you don't know who is behind it or if the website was hacked behind the scenes. Your new password may become stolen even before you start using it.
A malicious website could also infect your computer with a virus, malware or a password sniffer. It is best to stay away from them.
Your password is secure if it consists of a few random words.
You should use at least four words. Five (or more) is also fine, but less than four is not enough.
Words can be in your language. If you speak multiple languages, you can use words from both for additional security.
You will need to remember the password, so the words should make sense to you in some context. However, they should be out-of-order and not in a form of a sentence.
Here is one example:
"Grass Blanket Duck Bicycle"
Note: This is an example password used to illustrate what a secure password
might look like. Don't use this password or even combinations of it,
generate a brand new one instead.
How do you come up with such a password and remember it? Simple, I thought of a duck going to a picnic on her bicycle.
You could even add a couple of numbers and a special character, if you want:
"Grass Blanket Duck Bicycle 43 *"
Use this method when you need to remember a password.
Here is a little bit of humor about this password generation method. If you don't understand everything, that's okay. The comic is for geeks and the password strength math can be complex.
Asking yourself how secure is my password is a great first step towards better password security.
Your password is secure if it is either a long string of random characters from different character sets (lower case, upper case, numbers and special characters), or four to five words that appear random but make sense to you.
When to use which method?
If you're using a password manager, it is usually easier to use the random characters method, because password managers are used to generating passwords this way and are very good at it.
Since you don't need to know what the passwords are, they don't need to make sense. Just make sure they are at least 20 characters long.
On the other hand, if you have to remember a password, then use the words method. You need at least four or five words, but such a password is still a lot easier to remember than the one with many random characters.
When using a password manager, you could use the words method to come up with your Master Password (the password that unlocks the password manager), and for all other passwords you could use the random characters method.
It is time to put your knowledge into action! Review your passwords, starting with the most important ones, and change them if they are not secure.
You have to have a different password for each website, so using a password manager is the only realistic method to sustain this strategy. The password manager will also tell you which of your passwords are not secure enough and help you change them.