Everybody knows that you need to secure your computer, user account at work, PayPal and EBay accounts and banking information with a secure password yet people are always getting their accounts hacked. Why is this the case? Well remember this whole time we have been telling you to come up with more complex passwords with numbers, uppercase letters and special characters? Yeah, we were wrong. Very wrong.
It is important that all of the user accounts that you have created be protecting with strong passwords. Everybody knows that but very few people know what a strong password is. Ditch the dictionary words. Forget the 4-5 digits + non dictionary word, it could still get hacked. The best way to create a strong password is by thinking one up that has a high level of entropy. Information entropy is the measure of uncertainty in bits using a base-2 logarithm. They higher the bits of entropy, the more difficult the password will be to crack. Each addition of one bit of entropy doubles the number of guesses required.
Lets just sum it up like this: For years you have been told the WRONG way to create a strong password. Your work, parents, school and bank have been telling you to do this the wrong way for years. For those who like the webcomic here is the relevant XKCD
You can use one of the many entropy calculators on the internet to test your passwords but what you will find is that something like: ‘#4529J4bberw0cky’ is worse than ‘on monday a monkey ate my shoe’ for two reasons: 1 – the second password has much higher entropy and would take much more time for a brute forcing tool to guess and 2 – the second password is MUCH easier to remember.
Unfortunately your work won’t let you use a password like mine above because it doesn’t have a special character, number or upper-case letter in it, but you still could add those without making it too much strain on your brain: ’1 Monday a monkey at my shoe!’ There. Done and Done.
What about those sites that enforce your password to be ‘between 6 and 12 characters’ or something like that? Screw them. Anybody this stupid isn’t smart enough to secure your personal information that they also want like your email address and name, etc.
So now you have a good password. What’s next? Create more. Lots more.
Use a different password for every service
This is really important. In light of recent hacks of online forums and websites like the Gawker network the necessity of creating different passwords for different services that you use is all the more apparent. You see, if you use the same password to log into your Email, banking information and also a forum related to your latest hobby you could be in a lot of trouble if one of those places were to be compromised. It is possible that your email provider or bank could be hacked but it is much more likely that the admin running the forum that you like to participate in has some out of date or otherwise exploitable version of forum software or blog software or perhaps he is on a shared webhost and somebody else there is running something exploitable but this is where your account information and every one elses is going to get stolen from.
It is not uncommon for these lists of email addresses and passwords to be bought, traded and sold to people who will use them to try and log in to any online service from Email accounts to online banking to video game accounts. Just think of what a bad person could do with access to your email account. If you reset any password for any service what happens? They send a link to your email, then the scammer goes and uses this email to reset your password and then deletes the email from your inbox. Scary stuff.
So, know you have a pile of easier to remember and harder to crack passwords but you have so damn many of them what are you going to do to remember them all?
Get a password manager.
A password manager allows you to keep a list of all the usernames and passwords that you use wrapped up into an encrypted database protected by one Master Password.
I wouldn’t advise just downloading any password manager willy nilly off of the internet, just in case. Just look up some reviews of other tools that people have used or ask your family geek for a recommendation. Personally I use KeepPass. I store the encrypted database file on my DropBox account so I can access it from anywhere if I forget my password, even my smartphone.
Another service that I have heard good things about is LastPass but I have yet to try it out myself. I think that it would be a bit less hassle being that it allows for single click logins to sites that you visit using a browser plugin.
Sorry for leading you astray all these years. But now you know how to create a strong password and keep all your accounts secure.