What makes a good password? Back in Digital Hygiene [Part 1] – “Can I borrow your toothbrush?” the first thing I talked about was treating your password like your toothbrush; a) Pick a good one, b) Change it regularly and c) Never share it. Today we are going to be looking at passwords in more depth, including a link for you to use to test out your passwords and see how strong your best ones are.
There are three main elements to making a strong and secure password;
Length – make it longer than is required by default, e.g. if the site requires a minimum of 6 characters, make your password 8 or 12 long
Complexity – avoid simple words, names, dates but DO use upper and lower case letters as well as symbols and spaces
Uniqueness – having a different password (and username) for every site you visit. This one sounds like it would be impossible to do, but this can be achieved with something called a Password Manager, which we will be discussing down below.
Before we continue any further, let’s have a look at some existing passwords, your passwords. There is a great website called “How Secure is my Password,” here you can enter your password and find out approximately how long it would take for a computer to crack your password using a method called ‘brute force attack’ (tries every possible combination of letter, number and words in a dictionary). It’s important to note that this website in itself is very secure and is trusted by IT professionals, to the extent that it has been created in a way that means your passwords aren’t actually sent to the website in a way that it can be read or stored. All of this means that it’s proven to be safe when entering real passwords, however if you’re unsure or not comfortable then change one or two characters in your password so that it’s not identical to your real one.
Let’s have a look at some examples I ran through that same site:
46e^5UG$WSe8 – would take a computer an approximate 34 thousand years to crack
9c5U7vgNjbfZq*6 – would take a computer and approximate 16 BILLION YEARS to crack
Two very good choices for passwords, they both have upper and lower case letters, numbers and symbols. The only problem is that it would be difficult to remember a password that is as complex as these. So what could be an alternative way to make a complex password easier to remember? Well, we could use a word but change the way that we type it, replacing letters like ‘a’ with the ‘@’ symbol, ‘p’s with ‘9’ and so on. Here are a few examples below;
h@99Y – would take a computer approximately 68 MILLISECONDS to crack, not very good, but if you add a few more characters….
h@99Y:|:Gmal – would take approximately 485 THOUSAND YEARS to crack. Note that I’ve intentionally misspelt ‘Gmail’ to decrease the chance of it being found in a dictionary. As a basic method that is also easy to remember for multiple accounts, where you could use the same prefix ‘h@99Y:|:’ and add a suffix for something like Facebook like ‘fB0k’. Unfortunately this can still prove to be challenging to remember and potentially still carries the risk that it could be guessed if someone identified one of your other passwords.
While these methods aren’t bad, there’s more than one way to make a secure password that’s also easy to remember. This last method is called a ‘passphrase’ and is a series of words with spaces in between. While this seems to go against one of the first rules I mentioned, which was to not use common words, using a few of them with spaces in between actually creates a very secure password. Let’s have a look at a few examples below;
Happy Ice-cream Skeleton – would take a computer roughly 21 OCTILLION YEARS to crack. P.S I asked my kids to give me three random words to make that password. Note that I also capitalized each word and put a space in between as well. Also, what on Earth is an ‘Octillion’? The answer will be at the end of this post (but I’ll have to search the Interment to find it out)
I think that the last password we used serves as an interesting example of an easily remembered password that is also secure. It’s not hard to remember a skeleton eating an ice-cream and being happy about it, then you just need to remember the order of the words. Finally, let’s look at one even more secure option, one that combines a few of these techniques;
h@99Y Ice=Cre@m Sk3l3ton – would take a computer approximately 297 OCTILLION YEARS to crack, Yikes! Give some password a try at the site I linked to, see if you can come up with a few good ones. Try asking some different family members for a random word and put them together.
Right! So now you know how to make a really good password, all you need to do now is make one for each site. Oh! Not so easy all of a sudden, yeah? Well, the good news is that you don’t have to remember dozens of complex passwords, you can get away with remembering just one really good one and never have to worry about memorising new passwords again. How you might ask? Well you may have already known, I did mention them before; Password Managers!
A password manager is a service (and/ or application) that can generate and store passwords of high complexity and length so that you don’t have to remember a different password for each site that you visit. The advantage of having a service like LastPass is that it can generate random, long passwords so that you can easily have an excellent password for each site you visit and never have to remember each one.
You’ll only need to remember one, strong password, to get into your password manager and, preferably, set up two-factor authentication, but that is going to be the topic of another blog. With these two things, your passwords will forever be strong and secure.
NOTE: I’m going to suggest something that might seem VERY counter-intuitive when it comes to making your new, super strong, password; write it down on a slip of paper and store it in your wallet/ purse. That does not seem like a good idea, right? But until you have your new password committed to eternal memory, it’s not a bad idea to practice and rehearse it. This is the last password you will ever need, the one that you will need to access all other passwords (but you should also change THIS one once in a while as well. Take it out, read it, close your eyes and whisper it to yourself, then open your eyes and check. When you know it backwards and front ways, dispose of the paper and hope you really do have it remembered.
We will be using LastPass as our password manager as it is one of the most secure and widely used password managers in the world. We will be using the free version of LastPass, however, the premium version is only $3AUD per month and that adds a lot of functionality. There are also packages for families, small and large businesses.
All we need to do is to open your favourite internet browser (Brave, Chrome, Firefox, etc.) and go to http://www.lastpass.com, create an account and set a nice strong password. I’ve included a downloadable guide with detailed step by step instructions that goes through setting up a LastPass account and adding an extension to your internet browser (an extension is a small add-on to your internet browser that adds functionality).
This has been another blog post with a LOT of information. Please do take the time to read over it a few times and either post a reply if you need help or email me at firstname.lastname@example.org and I’ll help out. I hope to have a video soon on the process of setting up a LastPass account for those who find the written instructions difficult to follow. I know that everyone has different ways of learning and I hope in the future to always be able to accommodate all types of learners.
Before we finish, I got a suggestion from a dear friend to add in a ‘Fact of the Week’ related to each post, so here it is;
“The number one used password in 2018 was ‘123456’, which is followed by another maddeningly obvious choice, ‘password’. ” ~WeLivesScurity
Until next time, never stop learning.
P.S Please find down below the download I mentioned about the instructions on setting up LastPass.
P.P.S The definition of octillion as per the Merriam-Webster dictionary
US : a number equal to 1 followed by 27 zeros
also, British : a number equal to 1 followed by 48 zeros. Either way, it’s a big number.