You use passwords every day, for everything from social media to bank accounts. Give this article a quick browse to make those accounts more secure.
For this post, we are going to assume that the password is being used to protect a local file, rather than an online account. It will always be faster to crack a password locally, rather than online, but don’t let that cloud your judgement, everything mentioned here goes for online passwords too. Always be secure.
Curious how secure your password really is? Check for yourself.
Although be sure not to just type your password into boxes on random websites. This one’s safe though. Promise!
Introduction
Let’s be honest here. At one point or another, you’ve most likely used a weak password.
Take the password “jennifer” for example. Maybe you think that’s a good password. “Who’s going to guess my password is “jennifer”?”
_Scenario: Your computer is no longer in your control, but the important files on your computer are encrypted. Whoever has your computer doesn’t know the password that is being used to encrypt the files, so the password must be cracked instead.
Cracking the password “jennifer” will take roughly 3 seconds.
Make sense? You wouldn’t leave your front door unlocked when you go on holiday, and using a weak password is basically the same thing. You’re giving criminals access to your personal data.
Passphrases
Now, let’s try something different. Rather than just add a number or two to our password (jennifer05), let’s try a pass_phrase_. A passphrase is like a password, but it is generally longer, like a sentence, and a lot more secure.
While you can brainstorm for a while, or bust out a thesaurus to get some cool words, there is a much easier way to create your new passphrase, and that’s by just looking around you.
Looking around my desk, I see a small piece of cardboard, a pen and a battery. Let’s piece that together in some way.. maybe, “Draw battery on cardboard with pen”. That’s it. If you can memorise something like that (which is a lot easier than trying to memorise h0D0rK22~.-) you will be much more secure. Let’s check out how long it would take to guess that password.
_Scenario: Your computer is no longer in your control, but the important files on your computer are encrypted. Whoever has your computer doesn’t know the password that is being used to encrypt the files, so the password must be cracked instead.
Cracking the password “Draw battery on cardboard with pen”, at one hundred TRILLION guesses per second, will take about 4.03928652 × 1051 seconds. So, roughly 1.28 million trillion trillion trillion centuries. Quite the difference.
Password Managers
A good rule of thumb is to never use the same password/passphrase for multiple accounts. However, memorizing a bunch of different passwords can be pretty difficult. That’s where password managers come in.
If you wear a tinfoil hat, you’re probably already screaming “use a local password manager!”, rather than a cloud-based one. But, if you have multiple devices, sometimes that’s just not viable. Here’s a quick rundown of one of the most popular password managers, LastPass.
LastPass
LastPass is easily one of the best cloud-based password managers around. It supports 2FA using Google Authenticator, USBs and even YubiKeys. LastPass also features a password generator, so if you’re really not interested, you can just have LastPass generate your password and remember it for you. And, of course, once you save a password, it’s instantly available on all your devices.
Oh, and also, it’s super secure. That’s important.
Other options would be Dashlane or KeePass, both of which offer similar services.
Conclusion
In conclusion, stop using 1 word passwords with numbers at the end, and use a passphrase instead. If you’re lazy, use a password manager. Thanks for reading! Let me know if there’s anything you think I may have missed.
This article was originally written by myself in 2021 on Medium.com