In the movies, the bad guys pound furiously on a keyboard while techno music blasts and Matrix-style code flashes across their screens.
In reality, the bad guys just launch dictionary tools on high-powered computers that make automatic attempts to guess your password. These tools take common words (“happy”, for example) and add simple variations (“1happy” or “happy1” or “1happy1”) to exploit the odds that your password is easily guessed.
This technique can be very successful. That’s because many people create passwords using common words. Even if you think you’re being clever—perhaps your password is “1yppah”—it’s still based on a dictionary word, and it only has a single number. It’s a weak password.
You need a strong password in order to ensure that your data is secured. Data security is a hot topic right now since the release of such viruses like Heartbleed or VENOM.
You need a strong password
You may have heard the phrase “strong password”. Here’s what that means in practice:
- No dictionary words, combinations of dictionary words, or proper names—even in reverse order
- Contains at least 1 number, 1 upper case character, and 1 special character
- Contains no “QWERTY key strokes” (that is, characters in the order they appear on the keyboard)
This sounds complicated. Here are three methods that make strong passwords easy.
Method 1: Phrase transformation
Think of a phrase that means something to you. Something easy to remember but impossible to guess. For example, I’m thinking of this phrase:
60,000 businesses have chosen Terra Nova! For our worry-free experience
To turn this into a password, just use the first letters from every word. Like so:
As easy as this is to remember, hackers will never find it in their dictionary tool.
Method 2: Add some math
For further security, we can to turn our easy-to-remember phrase into a mathematical expression. This adds complex characters to the password. For example, I’ll reword the phrase above to read like a math problem:
(Terra Nova + worry-free experience) = 60,000 customers!
And now, here’s the password:
Again, it’s an extremely complex password that’s still easy to remember.
Method 3: Mash the keyboard
The best password is long and random. We can generate one by hitting random keys while pressing and releasing the shift key.
The bottom line on passwords
Longer passwords are always better. People have traditionally used 8 character passwords, but many services now support 14 characters or more.
A hacker could theoretically guess any password with a random password generator, but it would take thousands of years of computing power. Chances are, they’ll pick an easier target—which is exactly what you want them to do.
One more thing: Don’t get complacent. At least a portion of your password should be changed every few months to protect you from the more advanced attacks.
Some further reading: Security consultant Mark Burnett has studied, researched and written a lot about BAD passwords. He’s compiled a list of the 10,000 most common passwords — which, supposedly, represent 99.8% of all user passwords. If any of these look familiar, you should make some changes immediately.