How to pick the perfect password

How to pick the perfect password

Picking the perfect password comes down to a battle between two competing priorities: creating safe passwords that are lengthy and unique, and creating ones you can remember. You might think to yourself, I already have more passwords than I need! I’ve created passwords for years!  But with the rise of password breaches, and with more passwords exposed that are linked to usernames, a solid password strategy is becoming more essential every day.

We’ll start out with the basics: the best ways to store passwords, and how to avoid using popular, easily-guessed passwords. Next we’ll dive into the fun stuff: strategies to pick complex, memorable passwords that have a good chance of surviving a password breach so you have time to change it.

PCWorld’s previous password coverage includes:

How to store your password

Why remember a password when you can store it? You can already keep passwords for free in major web browsers and Microsoft Edge. It’s easy and even tempting to go this route, especially when the browser sees you entering passwords and invites you to save them. 

google password manager Google

Whether it’s a dedicated password manager like Dashlane, or a password manager that’s stored in your browser—either way, it’s often more convenient to let a third-party service manage your credentials.

My colleague Brad Chacos, on the other hand, argues that a password manager is better. I’ll acknowledge this: Password managers are the more powerful tool—they store your passwords in an encrypted vault, and the best password managers will also work across your PC and phone. That’s why we warned you when LastPass changed its free tier to allow just one type of device. 

Password managers and browsers still need one master password that unlocks the passwords stored within. (Microsoft uses your Windows password to store passwords within Edge, while Google uses the password you’ve associated with Gmail.) Even if you have just that one password, it needs to be a good one.

How vulnerable is my password?

You’d be amazed at how quickly simple passwords can be cracked…as well as the months and years it can take to crack more complex ones. Breaches expose these passwords in hashed form; anyone with access can to try and guess your password, using computer power to try billions of guesses per second. As the chart below (developed by professional password-cracking company Terahash) shows, you’ll need at least ten characters in your password to make it secure, and longer is always better. 

terahash brutalis hash combo Terahash / Twitter

Companies like Terahash can combine several hundred GPUs to create powerful password hash-cracking solutions that can break short passwords instantly. This chart illustrates how just adding a few more characters to a password can make the time necessary to crack it almost impossibly long, even with multiple GPUs.

You have some protections. Unless an attacker is looking specifically for you, a massive password breach still offers you the anonymity of being just one of many potential targets. (If a password has been associated with your username before, however, you’re much more vulnerable.) 

Source link


Please enter your comment!
Please enter your name here