We briefly touched on what is required to create a secure password in our article on the Brute Force hacking tool, but the basics on creating a solid password are fundamental and can never be stressed enough. No password is truly secure, but by following best practices, you can reduce the damage caused by a breach and frustrate any would-be infiltrator.
WHERE’S THE BEEF?
These days, it’s not uncommon to be stopped while setting up an account online with a prompt that tells you that your chosen cipher isn’t secure enough. Requirements vary, but for many sites, you’re required to throw in some uppercase letters, numbers, and sometimes even punctuation. It can be frustrating if you’ve been using ‘password’ as your go-to for years, but there’s a reason for it: your password is weak.
That doesn’t mean you should switch to ‘Password123$’, but there are plenty of ways to beef up your password. For starters, try not to pick a word from the dictionary, since, as we’ve previously discussed, is where brute force programs usual start. While difficult to remember, a string of random characters works best (‘H9b:cHtt’). Everyday words are easier to memorize, just make sure it isn’t a common one, and it’s even better if it’s not even a real word. If you can, use a phrase instead, the longer the better. For maximum protection, swap out letters for numbers and symbols (‘Br3@thl3ss@P3’). Finally, don’t use a word that people would typically associate specifically with you.
When you absolutely can’t think of anything, it never hurts to use one of the many password generators from the web. And if you’d like to test the strength of a password, there are a variety of sites that will pass judgement for you.
LOCK THE BACK DOOR
In an age of 2-step verification, security questions are becoming more and more rare, but you may still run into them from time to time. Ensure that the questions you pick and the answers you give cannot be found with a little digging. We live in a time where almost everyone puts all their personal information out into the world via social media sites like Facebook and Twitter. It doesn’t take much for someone to come across your mother’s maiden name, or the street you grew up on; this information is often available with some digging.
Whenever possible, choose something that only you would know. What was your first pet’s name, who was your favourite teacher in high school, and what was the colour of your first car are all decent options. Just make sure that you don’t choose a question with a tentative answer, such as “Who is your favourite historical person.” A single documentary may swing your answer.
THE SPICE OF LIFE
This may make some people feel uncomfortable, but there are a lot of reasons to use a different password for each account creation you’re faced with. The biggest one is simple: if all your passwords are the same, one breach could give someone access to every one of your accounts. The security of your password is then only as safe as the weakest link. Say, for example, Yahoo gets hacked and someone gets a hold of your password, that would severely compromise everything from your email to your bank account.
Remembering more than one password is quite the feat, especially if they’re for accounts that you rarely use. To help with this, you can use password managers like Dashlane, 1Password, or LastPass to store your passwords. Some of them will even automatically input passwords to frequently used sites for you. All you need to remember is a nice, secure master password. Just remember that most of these programs don’t backup to a server on the internet, so if your hard drive stops functioning, you’ll lose all your stored passwords. In those cases, you can always use the omnipresent ‘forgot your password’ link.
DO THE TWO-STEP
Websites all over, especially those where security is crucial, like email hosts, are starting to use what is called 2-step or 2-factor authentication. Whenever a site uses this method of login, you’ll be required to authorize your login by entering a separate code that gets sent to you via email or phone number. This means that you’re alerted to every attempt made to log into your account.
Admittedly, this method can be a pain, since it’s slow, cumbersome, and reliant on multiple devices. However, it’s also extremely secure. A brute force or keylogger attack can only arrive on half the solution to a password, making the most trusted tools ineffective. It’s not completely foolproof, but it renders all but the most intensive methods of hacking completely useless.
LAYERS OF SECURITY
If you follow all the above steps, even the most skilled and determined hacker will have a difficult time getting to your sensitive information. No method is foolproof – the software of today is a tangled web filled with exploitable weaknesses that every keyboard jockey is constantly hunting for – but a little care for the basics go a long way in preventing your data from falling into the wrong hands. Even if you don’t subscribe to every one of our tips, steering away from common passwords like ‘incorrect’, ‘password’, ‘trustno1’, ‘123456’, and ‘letmein’ is a step in the right direction.