Passwords are essential in the computing world: from using a password to sign in to your operating system to passwords for accounts on the Internet or accessing email.
The system is highly inconvenient from a user's point of view if basic security rules are followed, and highly insecure if made convenient, for instance by re-using the same password on all services and devices.
The following guide looks at the most important rules when it comes to the creation of passwords. If you follow all of them you make sure that your passwords are secure.
While there is still the chance that someone will be able to decrypt them or steal them, the impact that this have will be less than for the average user who may use the same password on all services.
1. Passwords need to be strong
There is no definition of what strong means in regards to passwords. The general consensus is that passwords need to be of appropriate length and complexity.
I prefer to use passwords of 16, 20 or even more characters if the service allows it. Longer passwords are harder to memorize, but that is only a problem if you are not using a password manager that does that for you.
So, if you are using a password manager, you only need to remember the master password for it and nothing else. And that master password should be very secure (mine is 40+ characters).
Strong also refers to the characters used in the password. It is best to combine
to increase the strength of the password.
2. Passwords need to be unique
This is an important rule, even though it is not the most important rule. The basic idea behind making passwords unique is that if someone gets hold of one of your passwords, they can't use it for other services that you are a member of.
A single strong password that has a low probability of being stolen makes it less likely that this ever happens, even if it is the only password used by a user.
That's in theory only though, as there are means of stealing passwords without having to decrypt them first. This can be through social engineering, keyloggers or software that records network traffic.
It is also important to note that unique means also that you can't use the username or a slight derivation of it as your password.
3. Passwords can't be in the dictionary
There are two major types of attacks against an encrypted password to decrypt it. Brute-Force attacks that try every possible character combination imaginable, and dictionary-based attacks that use a dictionary file. The latter is a lot faster as it just have to go through all the words in a dictionary, and maybe in addition some combinations or additions (two dictionary words combined, or adding 1 to the end of each word).
This includes popular terms, like favorite sport teams, pet or human names, sequences on the keyboard (qwerty, asdfyxcv) or artist names, and all personal information about yourself or your family including the name of the street, your school, license plate of your car or your favorite family vacation.
4. Password Managers do all the work for you
While it may be an impossible task for most users to create and memorize strong unique passwords for every service they use, it is not really something that most users need to worry about, as password managers can do all the heavy lifting for them.
Password managers such as KeePass or LastPass help you generate and remember secure unique passwords. Even the built-in password manager of the browser can be of use. While not all come with password generation options, they do save all passwords that you create on the Internet so that you do not have to remember them all individually.
Along with the creation of secure passwords come guidelines that help you make sure that no one else gets hold of your passwords.
Now Read: How secure is your password?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.