How to come up with a strong password: basic rules
Many users are faced with the need to come up with a password that is used to register on sites on the Internet. You need a strong password that is not easy to crack, even with special software.
A password is needed to use e-mail, to enter a social network, to use on the websites of banks and payment systems, online trading organizations, in other cases. It is clear that the security of the account and other user data depends on the strength of the password.
An attacker, using various means, can gain access to private or confidential data, to the user’s funds. On the Internet, there are often reports of hacking and theft of accounts, extortion of money, leakage of correspondence and compromising information.
There are many dangers on the Internet, so you need to securely protect your data from outside attacks. The password is one of the most important elements of digital security. Based on this, the user has a question about what password to come up with in order to protect their data from hacking by intruders.
There are several ways to create a password:
- self-creation of a password by the user to enter each site;
- using a special program – a password manager.
In the first case, the user himself invents a password using a random set of characters or a specific algorithm in the old proven way. To guess the password, you can use the online password generator , which will automatically generate a strong password according to your preferences, which can be used on sites on the Internet.
The second method involves the use of one complex master password, which must be remembered. All other passwords that can be used in unlimited quantities will be created in the password manager program, so there is no need to remember them. Such applications have a built-in password generator that creates passwords of any level of complexity.
Password managers operate on the principle of a “safe”, which requires only one password to access. Some programs may use hardware solutions: tokens on USB drives, fingerprint scanners, etc.
In this article, we will analyze how to come up with a strong password, what methods should be used when creating a password.
What password is strong: general rules
Most users know that a strong password is made up of letters, numbers, and symbols. Some users use weak passwords, sometimes very simple ones that are very easy to crack, for example, “12345” or “qwerty”.
When creating a new password, you must follow a few basic rules that provide greater security. A strong password meets the following requirements:
- The password should be long, ideally starting at 16 characters.
- The password must consist of a combination of numbers, lowercase and uppercase letters, punctuation marks, and special characters.
- Passwords need to be updated from time to time.
- A unique password must be used for each new registration.
- Use, if possible, two-factor authentication (password and SMS).
Ideally, the password should be long, but some services have restrictions on the number of characters you can enter. Therefore, it is advisable to use at least 8 characters in the created password, this will make it difficult to crack it.
What characters to use in the password? Use the following combinations: the password must contain at least one number, insert letters of different case and special characters, such as a hyphen or underscore.
For more security, use two-factor authentication, for example, using SMS messages. There is a very small chance that an attacker will gain access to your account password and at the same time take possession of your phone, or be able to intercept a message transmitted over a mobile network.
Do not include the following personal information in the password you create:
- Names and aliases.
- Date of birth or other memorable dates.
- Service name.
- Phone number.
- City of residence or city where you were born.
- Information from home address.
- Nicknames of pets.
- other similar information.
The fact is that attackers can find out this data on the Internet, due to the fact that they are in the public domain, for example, on the user’s personal page on a social network.
The “dark” Internet (Darknet) has databases of passwords tied to e-mail. On the Have I Been Pwned service , you can check whether a particular email has been hacked and find out if the password is in the hackers’ databases. You can check the strength of the password on the Kaspersky service: Kaspersky Password Checker , which uses the database of the mentioned service.
Using commonly used words or names as part of a password is unreliable because hackers use programs that guess passwords using special dictionaries containing frequently occurring secret combinations. If your password corresponds to some concept included in such a dictionary, it will not be difficult to crack it.
Is password reuse allowed? It is better to create a new password, because, having gained access to one password on a resource with weak protection, an attacker will be able to use this password on other user accounts.
Do not change your passwords before traveling or on vacation, because in case of problems, you may not remember what was changed and how. Use the password recovery procedure.
What password can you think of
Often users are faced with the fact that they have questions about how to come up with a password for registration, for example, on a website on the Internet.
The password must not consist of only numbers or letters. When creating a password, you can use mnemonic rules: come up with a long sentence from which to use the first letters of words as a password. This sentence can use numbers and punctuation, which can be included in the generated password.
You can use a certain algorithm in passwords: type vowels in upper case, and consonants in lower case, or vice versa, add special characters, at the beginning, end or middle of a phrase, insert numbers and punctuation marks, you can use a space in the middle of the password, but do not use the password at the very beginning or at the end, remove some letters from a meaningful phrase.
Many phrases and sayings are already in the databases of hackers, even if they are entered on a different keyboard layout, for example, an expression in Russian, typed in English letters.
Should not be used in a password:
- Common expressions and phrases.
- The sequence of characters on the keyboard.
Use words from poems or favorite songs that you know by heart, but not directly, but for example, use only the initial letters in capital and lower case mixed.
You can use phrases from random words that you can easily remember. This phrase will make sense to you, but to outsiders it is meaningless.
The following options will work:
- Text from poems and songs.
- Phrases from movies or books.
- Abbreviations from the first letters, taken from the quote.
Where to store passwords
An important question: how to store passwords. Passwords should not be easy prey, so you should take care of their safety.
If the user creates passwords on their own, then it is better to store them at home, and not on devices in the form of an unencrypted text file. In the event of a leak, all existing passwords will become compromised.
Write down the password on a separate piece of paper or in a notebook, keep them not near the computer, but a little further away, for example, in a nightstand or in some folder. The chances that a thief will get into the house are small, because now the main danger lies in wait for the user on the Internet.
If a user uses a password manager, he should pay attention to the safety of the “Password Database” – one of the elements of the program. The password database is encrypted, an attacker will not be able to access it without entering the master password.
Some programs store password databases locally on a PC, such as KeePass, other applications, such as LastPass, store this data on a server on the Internet. Based on this, you need to take care of the safety of the password database.
Online solutions are more user-friendly in terms of comfort, while offline programs are more reliable in terms of security. Online password managers are synchronized between devices, and in offline applications, passwords are relevant after authorization on a specific device. Local safes are well suited for important passwords, such as those from online banking or payment services.
Serious problems can suddenly arise on your computer, due to which you urgently need to reinstall the operating system. In this case, you can lose all user data, including the password manager database.
In this case, it is necessary to create copies of the password database in advance, stored in different places: on a computer, in the cloud, on a USB flash drive, etc., or additionally use the function of backing up important data on a computer disk.
In this case, the password database will not be lost due to force majeure. Don’t forget to copy the original database after making changes to it: adding new passwords.
Article Conclusions
On sites on the Internet, users use passwords to log in to their account. Attackers are trying to crack passwords from email accounts, social networks, online banking, and other resources. To protect your account from hackers, you need to create a strong password that will be difficult to crack. When creating a password, you need to use the basic rules for creating a password with a large number of characters: from uppercase and lowercase letters and numbers, with special characters.