A guide to creating effective passwords.
A great password is one that won't be hacked and yet is easy to remember. Here is a technique that with some of your own creativity makes great passwords you can use and trust.
First, what we've been taught about good passwords is wrong. A good password doesn't need to be complex requiring upper-case, lower-case, numbers, or any mix of characters.
A great password just needs to be long and unpredictable.
It doesn't matter what the mix of characters is because with a long password the power is in the math. In software and computing, it's all about digital processing. So, emphasizing the length of strings of characters versus the complexity of a string of characters is key to good cybersecurity.
To recap:
You were taught good passwords require three attributes:
But the better way includes just two:
Cracking passwords is especially easy for the hacker when we use passwords commonly used by others.
There are about 1 million commonly used passwords that every hacker knows and keeps handy for the password hacking software to test in its first rounds of cracking attempts.
Here are some examples:
You get the idea - there are about one million variations of predictable passwords and most people are using at least one of them as their own.
Using one of these million predictable passwords makes the hacker's job of cracking very easy and routine. So, it is imperative you use passwords that are unpredictable and clearly not on the list of commonly used versions that the hacker will try first.
How do you create something unpredictable but easy to remember?
Hang on, we'll get there in a bit below. But first:
Here's the 'science' part of a great password, and it leverages "The Law of Combinations."
The Law of Combinations says:
The number of combinations of interacting elements increases exponentially with the number of elements.
So, what this means to passwords is that with each element (character) you add to the password, the potential combinations (unpredictability) increase exponentially. With software hacking software so easily available to anyone that wants to hack another's credentials, that's the kind of powerful math you need on your side in cybersecurity today.
The power of exponential math really takes off at about 10 elements, or characters. Most free hacking software can easily crack 12 character-long strings of characters. At 14 characters, it becomes highly unlikely. At 16 characters and above, an unpredictable (see above) password is impossible to crack without very powerful computers, software, and a whole lot of time.
So, we recommend a minimum of 14-characters to your unpredictable password.
And if you are using a password manager, which we highly recommend, make your master password at least 14 characters, and set the auto-generate feature for your vaulted passwords at 16 characters or longer as the default.
Click here for a great chart that illustrates how long it would take to hack a password with brute force software.
But humans aren't wired to remember long, random strings of characters. Much less a whole bunch of them. So here's where the 'art' of great passwords comes in.
We recommend using a technique that uses a memorable phrase as the foundation for your password habits. But remember, while the phrases should be memorable, they also need to be unpredictable.
How do you do that?
Method #1 - Start with a poem, song, quote, Bible verse, nursery rhyme ... anything that serves the memory immediately when you need it. Then:
Method #2 - This approach starts with an image in your mind's-eye that you can conjure up to remind yourself of your great password when you need it.
Have fun using your imagination to create an easy visual reference that is uniquely your own and unpredictable to anyone else.
Passwords are the keys to your kingdom, and we should care for them as such. If you use the methods above for creating great passwords, we still recommend that you store them safely and securely.
If it's a master password, write it down somewhere and put it in a place unrelated to passwords or logins. For example, embed it in a contact file in your address book somewhere. Using the examples above you could create a contact called "Mary Lamb" or "Lunar Cowboy" and hide the password in the contact file with no reference to passwords at all.
We highly recommend password managers for everyday use and considering our personal and professional experience with LastPass, and the company's record of innovation and product development, we're proud to include it to our stable of "best-in-class" recommendations.
With a password manager you just remember one password - your master password for accessing your password vault.
**This post contains affiliate links and Total Digital Security will be compensated if you make a purchase after clicking on our links.
September 8th, 2021 - The Problem with "Complex Passwords": https://www.wsj.com/articles/complex-password-cyber-security-risk-11631051077
August 7th, 2021 - Three Randowm Words are Better for Passwords :
https://www.theguardian.com/technology/2021/aug/07/password-of-three-random-words-better-than-complex-variation-experts-say
Our top recommendation for password management software is LastPass.
Click to learn more and purchase for individuals, families, teams, and enterprise.
**This page contains affiliate links and Total Digital Security will be compensated if you make a purchase after clicking on our links.
LastPass paid versions sync across devices for security with convenience.
Total Digital Security Corporation
(877) 643-6391
hello@totaldigitalsecurity.com
7777 Glades Rd, Suite 100
Boca Raton, FL 33434