Passwords have become a big part of our lives in the digital age. We use them so often that it is easy to overlook the importance of creating a strong one.
A recent study by Google revealed that up to 15 percent of people who use the Internet have been victims of hacking.
In the study, which Google conducted with experts from the University of California, Berkeley, the company noted that to 3.3 billion usernames and passwords were obtained through third-party data breaches between 2016 and 2017.
In that same period, up to 12 million credentials were stolen through phishing.
Another study published in 2015 by Telesign revealed that 2 in 5 people had experienced a cybersecurity breach in the previous year.
If that is not alarming enough, data from Statista shows that up to 178.96 million records were exposed due to data breaches in 2017.
This is a notable spike from the 36.6 million records obtained by hackers in 2016.
It is clear that hackers are adopting more sophisticated techniques to steal the personal information of Internet users. Therefore, we must also update our measures to keep our accounts secure.
Some of the password security loopholes that researchers have highlighted include using the same password for multiple sites and failing to change a password after many years.
So, first up we're going to look at two tools that can help you to create a strong password and also test that passwords strength and how long it would take a hacker to crack it. Fun stuff right!
Create a Strong Password Tool
This free tool will create a secure password of varying lengths, using letters (upper and lower case), numbers, and symbols. You can even select the length of the password you wish to be generated. What's more, your privacy is our main concern, therefore this tool will not store the generated passwords anywhere.
By using this tool, you are supporting non-profit organizations and causes around the world. For each use (one per user) we will donate $0.01 to a good cause. Each year, BitFromBytes selects a different organization to support. This year, it is the Electronic Frontier Foundation (EFF).
How To Test Your Password Strength
As the name implies, a password strength checker is a tool that assesses the complexity of a password. It ranks the strength of your password based on its length and characters used.
In theory, this tool is an excellent way to determine if your password will be immune to the attempts to crack it. However, it has been found that most password strength checkers are not very effective.
A strong password checker tool ranks the complexity of passwords based on how long it will take a computer/hacker to unravel it, and not based on how impenetrable it is.
BitFromBytes has one of the best ‘free' tools for checking the strength of a password. The password generator above also doubles as a password strength indicator.
When you generate a password with BitFromBytes or enter your existing password, the strength of that password is clearly indicated – either weak, medium, or strong. Along with various suggestions to further improve the security of your password.
Just for fun, we also included a line to indicate just how long it would take a computer to crack your password. This can be used to see just how vulnerable some people's passwords are and make sure you don't become another victim.
In 2013, researchers from the University of California and the University of British Columbia conducted a study on the value of password strength meters. The research concluded that these tools can go a long way to help users select strong passwords.
What Makes a Strong Password?
Many of us depend on old techniques like mixing characters with symbols to keep our passwords safe from hackers. While these types of measures are good, they may not provide foolproof security.
It is common knowledge that hackers use computer programs to guess passwords. In the past, we created unique passwords that were elusive to hackers.
Now, we do not only have to watch out for hackers but also their computer programs. If you're reading this the chances are that you've asked yourself the following question…”how secure is my password?”
The following are some of the time-tested ways to create a strong password and secure your data:
- Use a phrase that is not common (or better yet does not exist). This will make it harder to guess.
- Use long passwords that do not only include letters but also numbers and symbols. You can use a password manager to select a password to avoid creating something too simple or generic.
- Don't reuse the same password more than once. Always use a different password for each site, even for those sites that you do not deem that important.
- Use a password manager rather than allow your browser to store your passwords. A password manager will not only save your passwords but also provide you with secure password suggestions that you can use.
- Use two-factor authentication. It is clear that we cannot entirely trust passwords because they are susceptible to hackers despite our best efforts. Two-factor authentication adds an extra layer of security to your data.
Meanwhile, the US government has recommended that Internet users scan their passwords against a database of compromised passwords and common passwords to ensure it is safe.
The latest password guidelines, released by the National Institute of Standards and Technology (NIST), also calls for the removal of password complexity requirements (like mixing uppercase and lowercase letters) and the elimination of periodic password change requirements.
What To Avoid When Creating a Password
There are many things to avoid when creating a password. First off, do not use the same technique to generate all your passwords.
It is easy to make this mistake considering that we have many accounts which require passwords. And if you have a decent strategy for creating passwords, why change it every time, right? No, wrong!
Many people who are aware of the importance of using a strong password still do this. The point is if you use the same technique to create all your passwords, once hackers can figure out one of them, the chances that they will also crack the others is high.
In a study published in June, researchers from Virginia Tech collaborated with Dashlane to analyze 6.1 million anonymized passwords leaked by hackers.
The researchers sought to highlight the common mistakes that people make when creating passwords. These are some of their findings:
- Internet users tend to recycle the same password or change them a bit for different sites.
- People used letters and numbers in sequence. This means using alphabets that are adjacent to one another on the keyboard. For example, “123456,” “asdfghjkl,” “qaz234op,” or erty098.”
- Most passwords were expressions of intense emotion like love or hate.
- People used brand names like “Playboy,” “Ferrari” or pop culture references from movies, TV shows, games, music, sports, et cetera.
- People often search Google for good password ideas, password lists, and strong passwords examples. Using these lists is a big no-no, how many thousands.millions of people have used the same lists and have the same passwords.
Apart from these, some other common mistakes include using short passwords, using words found in the dictionary as passwords, using the names of relatives and pets as passwords, substituting numbers for letters in words to create passwords like “relat8,” or “m1cr0s0f1.”
If you are guilty of any of the practices highlighted above, then your data is at risk.
How To Remember Your Password
Your online security could also be in danger if you store your password online or on a computer that is connected to the Internet. Hackers often scan through people's hard drives to find passwords.
The best way to store your password is to use a password manager that has a powerful encryption technology. This enables you to ditch those ‘easy to remember passwords' and store something more secure.
Next, to a password manager, the second-best way to recall your password is to use a memorable phrase. But the truth is that unless you have a perfect memory, it can be challenging to keep track of all your usernames and passwords.
The average person today has 27 different logins, according to a study released by Intel in 2016.
The company revealed that up to 37% of the 2,000 respondents of the survey admitted to forgetting a password at least once a week.
What's more, the respondents noted that forgetting their passwords can be very annoying. Some of them even considered giving up pizza to never have to remember a password again.
You could also choose to go old school and write your passwords down with a pen and paper. This can be a tedious process, and all your precautions are useless if the document falls into the hands of the wrong person.
What Are Password Managers?
A password manager is a software that is designed to generate and store passwords. It can automatically load your login details when you visit a website.
Password managers are the ultimate solution for generating and storing passwords for multiple websites. This tool does not only spare you from having to deal with lost passwords, but each password that you create with the software is highly secure.
Password generators are designed to make complex passwords using advanced formulas. Each password generated by this software is unique.
Passwords managers encrypt your password data and store it in the cloud or on your device. This means hackers cannot access them. Also, you do not have to memorize them.
The only thing you have to remember is your login details (particularly your master password) for the password manager app.
Although most browsers like Google Chrome come with inbuilt password managers, they are not very secure and do not provide you with as many features as dedicated password managers.
For example, the password managers on internet browsers do not generate passwords.
Also, they do not encrypt your password data which means it can be accessed from your computer.
Earlier this year, the Princeton Center for Information Technology Policy published research which revealed that third-party scripts are harvesting login details on browsers stored by browser-based password managers. The data is being used for advertising and tracking users.
In the internet age, password managers add a much-needed extra layer of protection to your online presence.
Choosing a Password Manager
Armed with the understanding of the importance of using a password manager, let us look at how you should go about selecting one.
There are many password manager applications on the market. Some of them are very good, but others are less than impressive.
The following are some of the key features to look out for when choosing a password manager.
- Password generator: A few password manager apps out there are designed to only store passwords and not generate them. So, if you are looking for a software to create and store your passwords, be sure to confirm that it has a password generator.
- Supported on different platforms and browser extension: A solid password manager must be supported on different platforms.
This will enable you to switch between devices and continue to use the tool. Apart from being available on different operating systems, also check to ensure that the password manager has extensions for popular browsers. This will allow you to take advantage of the features of the app while browsing.
Apart from those two key features, other things to look out for in a password manager are support for importing/exporting your password database, autosaving passwords, and the option to store your password database locally or in the cloud.
Above all, check out what other users have to say about the password manager you have selected. Customer reviews are one of the best ways to get an unbiased opinion about a product.
What is a Key File and Why You Should Use One
As indicated above, password managers encrypt your passwords and create a database of them. A key file essentially contains the keys needed to decrypt the information in your password database.
This means if a hacker gets hold of your password database file, the person will also need the key file to access it. Without the key file, the password database is useless.
Some password managers give you the option of using a master password and/or a key file to open your password database. The advantage of using a key file is that you do not have to store your complex master password in memory.
You can choose any file on your device to be your key file. You can also allow the password manager to generate one.
A key file allows you to enjoy the functionality of a password manager without all the risks associated with passwords.
The only issue is that you must store your key file properly because if you lose it, you may not be able to access your password database.
How To Generate a Secure Password
Generating a strong password can be more difficult than it sounds. There are many techniques for creating passwords. One of the most popular methods is the XKCD scheme.
This technique, which has been proven to be ineffective, involves stringing different words together to create a password.
For example, “homelivingprivacygiven.”
As I mentioned, this technique is not the best because hackers can easily discover your password using a “brute force” attack which uses common words found in the dictionary.
Here are some of the best ways of generating a secure password.
1. The BitsFromBytes Password Generator (it's for a good cause!)
We created this free to use tool for two reasons. First, to ensure that everyone has the ability to create a safe and secure password for all of their online accounts. We take data protection and internet security very seriously!
Secondly, to do more good in the world. We support a number of charitable organizations that help people less fortunate than others or those not in a position to help themselves. For each use of our password tool, we will donate $0.01 to charity.
This method of creating passwords depends on using dice to generate random numbers. To use this technique to create a password, you need a dice.
You have to roll the dice five times and record the numbers that you get. Then you check the corresponding letters for each word on the Diceware list to get a word.
Each number represents a letter on this list. For example, “16661” translates to “clay” and “21121” stands for “clink.” You need to repeat the process at least four times to create a phrase. It is considerably more difficult to hack a long sentence compared to a single word.
While the Diceware list is good, there are some issues with it including the fact that it contains unusual words that are hard to memorize as well as letters in a sequence. To solve these problems, the Electronic Frontier Foundation (EFF) has released a new list which contains the same number of words as the original Diceware list – 7,776.
The organization also issued a “short” list with 1,296 words. The new lists from the EFF contain words that are easier to memorize. The EFF also eliminated vulgar words, homophones, and other potentially problematic words from the list.
3. Schneier's Method
Security expert Bruce Schneier developed this strategy for creating passwords. Schneier's method involves taking a sentence and abbreviating it to create a password.
For example, the phrase “This little piggy went to the market” can be shortened into “tLpWENT2dm” or “Long time ago, passwords were more secure” can be “[email protected]”
The key to Schneier's method is to use memorable phrases to create your password.
There are other techniques for creating passwords like the electrum method (used for Bitcoin) and the Person-Action-Object (PAO) method.
Once you've generated a secure password using our tool or one of the methods above, you're now ready to test your password strength.
Closing Thoughts: Keep Your Data Safe
With the number of Internet users who have experienced data breach on the rise, it is clear that creating a strong password is more critical than ever today.
Precautionary measures like using unusual words as passwords (even non-English words), opting for long passwords, and using a different password for each site is not enough. It is necessary to use a password generator to create a highly secure password.
There are many techniques for making uncrackable passwords manually. However, a password manager takes out all the stress and presents a simple and straightforward way to store strong and secure passwords for all of your online accounts.