This article is inspired, and tries to bring some solutions, to the problem of passwords too easy told in this article of Wired.it: Le peggiori password del 2018 (italian article). The article mentions the ranking drawn up by the Spalsh Data in the article The Top 100 Worst Passwords of 2018, with passwords most used by users in 2018 and ranked among the most frequent; the scepter of the most used password goes to 123456 (surely some of the readers will use it somewhere), followed by password.
The importance of difficult password to identify is very articulated and we should define what it means with difficult to identify, make a good combinations of letters / numbers and special characters, describe how these can be identified and via below ... for simplicity I will report some hints which I hope will help you understand the subject and lead you to make your passwords more secure.
Let's start, for example, with password 123456, in your opinion how long does it take a computer to try all the combinations of numbers / letters / special characters to guess it? To find out, you can use one of the many online tools that can be found by searching for "password testers", like this one or this one, which can tell us how long does it take a computer to guess the password by trying all the combinations ... the answer is:
Interesting isn't it? Try as well with any password on the list or possibly your own and if the result is the same then you HAVE to change your password. Here are some practical tips to keep in mind when choosing passwords:
- NEVER use common words (those in the dictionary);
- NEVER use birthdays, wedding or engagement date;
- Use MORE characters as possible (at least 8);
- MIX together numbers, uppercase and lowercase letters, special characters;
- DO NOT use the same password for different accounts;
If you don't respect any of the rules in the list then you should start doing it.
To fullfill the advice in the list it's possible to use password generators, software that can be found online and using very simple rules, can give you a big hand in generating passwords which can be very difficult to guess or very expensive to discover. One of these online tools is: LastPass password generator, in which you can choose various options and the site will give you a random password. So, with the indications on the list: complete nonsense, 8 characters, numbers, uppercase / lowercase letters and special characters a generated password is:
How long does it take to discover it? Let's try to ask one of the sites before and the answer is:
Let's say that from instantly to 9 hours (12 days for a home computer of medium power) is already a success ... or almost ... To increase the time and make it too high, thus making the password reasonably secure, simply increase the number of characters, here are some examples (time is calculated with the first site):
- 12 chars: UW!5W$df#Tqj → 34 thousand years
- 16 chars: jLyE$Cung7B#fuDM → 1 trillion years (1 billion billion)
- 24 chars: L^$E#!yJ6*lKg#1anJFXckzC → 10²⁷ years
I hope I made the idea. Now only one last problem remains to be solved, now that you know how to generate safer passwords for your accounts; the last point on the list was:
DO NOT use the same password for multiple different accounts
So how can you organize, save and manage different passwords for all your accounts? The answer is in the Password Managers.
A password manager is nothing else than a service or program that keeps a list of associations between account or site and the password you have chosen to access it, imagine it as a kind of phone book. In order to read this list all the software ask you to choose a password (named master password) to "unlock" all the others, this is the only password you must remember, then use ALL the tips of the list above to choose it and keep it safe somewhere.
Password managers can be both online and offline; the first are websites that can be used from any device (most of these also have an app for both Android and iOS, browser extensions and auto-completion of logins), the latter are programs that have to be installed on your system, generally they don't have a synchronization between devices and could be considered safer than the online counterpart ... obviously it depends which of the two systems are safer and could be the topic for a subsequent article where we can discuss the points of strength and weakness. In case you would like to try different ones and then choose the one that best suits your needs, here is a list of the most popular:
- LastPass (Online, Android, iOS)
- Dashlane (Online, Offline, Android, iOS)
- 1Password (Online, Offline, Android, iOS)
- KeePass (Offline, Android Contributed/Unofficial, iOS Contributed/Unofficial)
- KeePassXC (Offline)
- Bitwarden (Online, Offline, Android, iOS)
I hope in this article to give you some useful advice to improve your passwords and to organize them, making your online life a little safer. What I would like to point out of this article is: a different password for each account, as long as possible, different characters and mixed together.
REMARK: the tests on the hackerability of a password as well as the time necessary to find it can be very very different depending on the hardware and techniques used but in general you can rely on the statistics of the paragraph - password generators - and advice data in the introduction.