Apply following 3 steps-
1. Avoid Predictable Password Formulas
The biggest
problem is we're all padding our passwords the same way (partly because
most companies limit your password length and require certain types of
characters). When required to use mix of upper- and lower-case letters,
numbers, and symbols, most of us:
- Use a name, place, or common word as the seed, e.g., "fido" (Women tend to use personal names and men tend to use hobbies)
- Capitalize the first letter: "Fido"
- Add a number, most likely 1 or 2, at the end: "Fido1"
- Add one of the most common symbols (~, !, @, #, $, %, &, ?) at the end: "Fido1!"
Not only are these patterns
obvious to professional password guessers,
even substituting vowels for numbers ("F1d01!") or appending another
word ("G00dF1d01!") wouldn't help much, since hackers are using the
patterns against us and appending words from the master crack lists
together.
Other
clever obfuscation techniques, such as shifting keys to the left or
right or using other keyboard patterns are also now sniffed out by
hacking tools. As one commenter wrote in the Ars Technica article,
hackers use keyword walk generators to emulate millions of keyboard
patterns.
The
solution: Don't do what everyone else is doing. Avoid the patterns above
and remember the basics: don't use a single dictionary word, names, or
dates in your password; use a mix of character types (including spaces);
and make your passwords as long as possible. If you have a template for
how you create memorable passwords, it's only secure if no one else is
using that rule. (Check out IT security pro Mark Burnett's collection of
the
top 10,000 most common passwords, which he says represents 99.8% of all user passwords from leaked databases, or this list of
500 most common passwords in one page.)
2. Use Truly Random Passwords
Use multiple unrelated words for your strong, long password: Using a passphrase is
more secure and more memorable than complicated but shorter passwords, as web comic
Xkcd pointed last year.
Longer and simpler passwords trump shorter and more complex ones-but
only if the words you use are truly random. If you're using a common
quote or saying for your passphrase, you're a target, because hackers'
dictionaries include common quotes, phrases, titles, and lyrics-and they
can easily employ rules to use just the first letter of each word or
other similar pattern. "To be or not to be" and "2b30rn0t2b3" and
"tbontb" might all very well take just seconds to crack thanks to fast
algorithms, so
make your passphrase truly unique and random. (The
Xkcd password generator can pick four random words for you.)
The best option is to use a password generator and manager:
While the passphrase approach might be good for, say, your computer
login or the few cases you need to remember your password, the best
option is to generate a truly random, long, and complex password. This
avoids the problem of easily cracked patterns and word lists.
LastPass,
KeePass, or
1Password can all generate a random password for you. See
how to build a nearly hack-proof password system with LastPass for detailed instructions. Remember,
the only secure password is the one you can't remember.
3. Use a Unique Password for Each Site
No matter
what passwords you choose or create, this is the most important security
strategy of all: Use a different password for each site. This limits
the damage that can be done if/when there's a security breach-if your
password is compromised on one site, at least all your other accounts
are protected.
×