How secure is your password?
You're wondering, how secure is my password? Let's find out. Learn how to evaluate the strength and security of your password.
Many of us consider passwords annoying obstacles to work and fun. They are always in a way, always slowing us down, requesting yet again to type them in.
How secure is your password?And that may be true. Passwords are annoying. Security in general is annoying.
But this is the world we live in - the world of passwords. And it is not about to change any time soon.
So how can you minimize the password annoyance and maximize their security?
You have already taken the important first step - asking about the security of your passwords:
- How do you know if your password is secure?
- How do you know how secure it is?
- Can it be guessed by a stranger?
- Can it be broken by password cracking software?
Let's answer these questions.
Why do you need a secure password?
A good, strong password is immune from two main password attacks:
- Someone guessing your password
If your password is simple, for example a name of your dog followed by a number (Rex23), and there are photos of Rex on your Facebook page, it is relatively easy for someone to guess the password. - Brute force password attack
Checking in a systematic way (one by one) all possible combinations of characters in the password until the correct one is found.
How secure is your password?
There are two password types that are secure enough. They both meet the password security requirements mentioned above.
The first method is often used when you have a password manager, because you don't have to remember any passwords - the password manager does it for you (it does a lot more, too).
The second method is useful when you have to remember a password.
1) Password consisting of a random string of characters
Your password is secure if it consists of a long string of random characters.
A secure password will include a few different groups of characters:
- Upper case alphabetical characters (A,B,C,D,...Z)
- Lower case alphabetical characters (a,b,c,d,...z)
- Numbers (0,1,2,...9)
- Special characters ($%@#!*(^&-_+=\|?,.<>][}{`~)
The password should be at least 20 characters in length. Here is one example:
"S}6Qf7VL'yeYZ3iwRQ!3"
Note: This is an example password used to illustrate what a secure password might look like. Don't use this password or even combinations of it, generate a brand new one instead.
Try to avoid similar characters because they can be confusing depending on which computer, tablet or smartphone you are using, as well as on the specific application and its font.
For example, avoid using:
- 0 (zero) and O (capital o)
- 1 (one) and l (lowercase L)
Using different characters sets greatly increases the security of your password. It makes it more resistant to brute force password attacks, where a criminal checks in a systematic way all possible combinations of characters until they find the correct one.
With multiple character sets the time needed to go through all the combinations of characters is much longer. With the correctly constructed password it will take someone decades or even centuries to crack the password. Hopefully you will have changed your password by then.
A random 20-character character string also passes the second password security requirement: It is impossible to guess.
There is no information on the Internet or even in the real world that would enable someone to guess a random-generated password.
There are three ways to generate a secure random-generated password:
- The best way to generate a random password is to use a password generator inside your password manager. Such a password generator uses more advanced password generation techniques than you can on your own.
Generating something random is not as simple as it sounds. We humans have many biases that will reflect in the password generation, so it is best to leave it to a computer. - Pick the 20 random characters yourself and shuffle them up. Use all the character sets (upper case, lower case, numbers and special characters) and rearrange them so there is no obvious pattern.
- Use a mnemonic password. Take a long sentence you will not forget and then pick specific characters from it.
For example, if the sentence is: "I will always use Strong Passwords because they keep my Computer secure” then the password might be "IwauSPbtkmCs" (take the first letter of each word). To make it stronger add a few numbers and special characters: "%20IwauSPbtkmCs17%".
Mnemonic passwords are easier to remember, however this example doesn't have 20 characters and it is already somewhat complex to remember.
Note: This is an example password used to illustrate what a secure password might look like. Don't use this password or even combinations of it, generate a brand new one instead.
There is a better way to generate a secure password if you need to remember it, we talk about it next.
A word of caution: Never use a website to generate a password. No matter how friendly the website may appear, you don't know who is behind it or if the website was hacked behind the scenes. Your new password may become stolen even before you start using it.
A malicious website could also infect your computer with a virus, malware or a password sniffer. It is best to stay away from them.
2) Password consisting of random words
Your password is secure if it consists of a few random words.
You should use at least four words. Five (or more) is also fine, but less than four is not enough.
Words can be in your language. If you speak multiple languages, you can use words from both for additional security.
You will need to remember the password, so the words should make sense to you in some context. However, they should be out-of-order and not in a form of a sentence.
Here is one example:
"Grass Blanket Duck Bicycle"
Note: This is an example password used to illustrate what a secure password
might look like. Don't use this password or even combinations of it,
generate a brand new one instead.
How do you come up with such a password and remember it? Simple, I thought of a duck going to a picnic on her bicycle.
You could even add a couple of numbers and a special character, if you want:
"Grass Blanket Duck Bicycle 43 *"
Use this method when you need to remember a password.
Here is a little bit of humor about this password generation method. If you don't understand everything, that's okay. The comic is for geeks and the password strength math can be complex.
The takeaway
Asking yourself how secure is my password is a great first step towards better password security.
Your password is secure if it is either a long string of random characters from different character sets (lower case, upper case, numbers and special characters), or four to five words that appear random but make sense to you.
When to use which method?
If you're using a password manager, it is usually easier to use the random characters method, because password managers are used to generating passwords this way and are very good at it.
Since you don't need to know what the passwords are, they don't need to make sense. Just make sure they are at least 20 characters long.
On the other hand, if you have to remember a password, then use the words method. You need at least four or five words, but such a password is still a lot easier to remember than the one with many random characters.
When using a password manager, you could use the words method to come up with your Master Password (the password that unlocks the password manager), and for all other passwords you could use the random characters method.
Time for action
It is time to put your knowledge into action! Review your passwords, starting with the most important ones, and change them if they are not secure.
You have to have a different password for each website, so using a password manager is the only realistic method to sustain this strategy. The password manager will also tell you which of your passwords are not secure enough and help you change them.