The Quick and Easy Guide to Secure Passwords


Every year in early May it is World Password
Day. It’s supposed to encourage people to recognize
their bad passwords and create secure ones. But creating a secure password can seem very
complicated and often makes it hard to remember. To give you a sense of how important secure
passwords are, let’s look at a few examples. A short simple password like “654” is definitely
a bad password. It takes less than a second with specialized
software to crack it. There is only 1000 possible combinations,
so most people know this password isn’t secure. Even a short complex password with 62 to the
power of 3 possible combinations is cracked instantly. The obvious answer should be: Make a longer
password. Well, let’s see. A long but simple password containing only
numbers is still no challenge to password cracking software. It takes less than 30 seconds even though
there are 1 trillion possible combinations. So let’s go a step further and combine upper
and lowercase letters with numbers. Now the time to crack the password increases
dramatically. With more than 3 sextillion possible combinations
it would take more than 3000 years to crack this password and that doesn’t even include
special characters. Every character you add increases the password’s
strength significantly. While ideally a password should be as long
as possible (like 20 characters and longer) and include all types of characters, these
are hard to remember without a password manager. By the way, I highly recommend using one. I made a video comparing the most popular
password managers a few weeks ago, it’s linked in the description. Anyway, a tip for creating good passwords
you can use right now is called Diceware. We are trying to create long passwords that
are easy to remember. The technique is called Diceware because you
roll a dice to choose 4 or more random words. There are lists of words in a lot of languages
to choose from, you roll a dice and write down the corresponding word. Once you generated four words, you make up
a short story or scene to remember them. A famous example is this XKCD comic illustrating
the password “correct horse battery staple”. Because Diceware passwords are usually at
least 20 or 30 characters long, it would take billions and billions of years to crack them
with current technology. A few additional tips for passwords:
You don’t need to change passwords often unless you think someone else knows them. This is a common misconception in companies
and can actually lead to less password security since people often will tend to write down
the passwords or slightly change them. Use two-factor-authentication. This way a criminal couldn’t login with your
stolen password but would also need the second factor, which is usually a generated code
on your phone. Most major websites like Google, Twitter and
Facebook offer two-factor-authentication in the account settings. If you don’t use a Diceware or randomly generated
password, at least don’t use one on the most common password list. These lists are created using leaked passwords
in data breaches and are always among the first anyone tries when guessing a password. Don’t save passwords in plain text on your
PC. While you should ideally be using password
manager that encrypts your password list, even writing them down on paper is better
than storing them on your PC in a text file or Word document. It’s probably less likely that someone in
your life will abuse them than a hacker gaining access to your unencrypted passwords. You can test the strength of a password on
websites like “howsecureismypassword.net”. Even though the site promises to not send
any passwords over the Internet, I still don’t recommend entering your actual passwords. But it’s fun to try out how different passwords
would hold up in a cracking attempt. Thanks for watching, have nice World Password
Day.

One thought on “The Quick and Easy Guide to Secure Passwords

  1. I recommend passwordmeter.com. It helps you create a password telling you what's wrong in it (for example there are no numbers, repeat characters, consecutive letters etc.).

Leave a Reply

Your email address will not be published. Required fields are marked *