15
Apr
2017
Protect your data

Protect your data: How to create the perfect password

There are 645 trillion possible combinations for the standard 8-character password that is required for most sites. Still, that doesn’t mean that you can choose your favorite color, add a few numbers and call it a day. Creating the perfect password is about the balance of a strong password with that of one that is easy to remember- the emphasis should be on strength. Chances are that if a password is easy to remember, like oRange78, it is equally easy to hack. The objective of a password is to make it hard for someone other than yourself to get in. Ideally, you want a password that is both long and strong. For every extra character, you add to your password the possible combinations rise exponentially. A 9-character password, for example, will have a possible 45 quadrillion combinations.

Think about it, out of all those possible combinations there’s got to be at least a few that are both strong and easy to remember, right? Here are some tips and guidelines in order to create a strong password as well as one that’s easy to remember

Avoid the obvious

The first step is admitting you have a problem. It’s time to drop your generic password of ‘123456’ or ‘password.’ While you’re at it, you should avoid these 25 most popular passwords of 2016 as compiled by Keeper Security one of the leading online password managers:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e

Just. Don’t. Do. It.

Ditch passwords in favor of passphrases

Many experts agree that using a short phrase has become a preferable way to create a strong password as opposed to attempting to remember an alien jumble of letters. Instead of oRange78 use NoRhymesWithOrange78. You can also take the first letter of each word from a line in your favorite movie or song and string them together. The result will be random letters, yet still be easy to remember- because you already have.

Mix it up

In addition to the upper case, lower case, and numbers, it’s also important to use special characters- as long as you do so in a clever fashion. Substituting “1” for “i”, “$” for “s” and so on is not a good idea. Hackers are people too and they tailor their attacks to include these common tricks. A Dutch certificate authority, DigiNotar, was hacked and had to subsequently file for bankruptcy after an employee was hacked with the password Pr0d@dm1n in 2011.

You should also mix up your passwords by changing them periodically. Every 4-6 months is recommended.

Avoid reusing and recycling

Experts agree that it is inevitable that over time at least some of your passwords will be compromised. If you reuse your passwords, then a single breach could threaten all of your accounts. Additionally, avoid switching your passwords between a handful of options.

Add a website identifier to increase the uniqueness

One way to avoid re-using the same password across multiple logins is to add a website identifier onto the different passwords. Your Pinterest password could be pTNoRhymesWithOrange78, while your twitter password could be TwNoRhymesWithOrange78. The added identifiers not only add complexity to your password, but they also make them easier to remember.

Don’t remember me

Yes, I know that ‘remember me’ option is very tempting, but avoid using it. Keeping your passwords on your computer’s or phone’s browser is a surefire way for someone to gain access to your accounts and personal information if your device is stolen, lost, or compromised through malware.

Use two-step/factor verification

There’s a growing list of websites that author two-step or two-factor authentication (there are two schools of thought as to whether these are distinct) and you should certainly take advantage of either one. They usually work by forcing you to enter a code that is sent to your cell phone when you log on. It is an extra step before accessing your account but it is one of the easiest ways to substantially increase your security. Enabling this feature will require a hacker to not only obtain your password but also get control of your mobile device as well. Besides, chances are that your phone is always within reach anyway.

Keep a physical backup

If you just can’t get over the fear of forgetting your carefully sculpted password, then write it down! When was the last time a post-it note was hacked? Of course, if you decide to go this route putting it somewhere safe- like a safe- is essential. If you’re more of a digital than an analog person, you can make a spreadsheet and stow it behind two-factor verification. Cloud accessible storage providers like Dropbox usually offer two-step verification and will make your master list accessible wherever you are.

Use a password manager

Another way to keep a password master list is an online password manager. LastPass.com is by far the most popular. It’s free for computers but does have a fee for mobile syncing. It’s essentially the same as storing your passwords on a spreadsheet in the cloud, except that security is bolstered by strong encryption as well. LastPass did discover a breach in 2015, after which it prompted all of its users to change their master passwords. However, there is no evidence that the myriad of encrypted passwords was compromised.