The only person you can rely on to keep your password secure is yourself. You’re probably not doing enough to keep number one safe. The reason: Your special lump of letters, numbers, and symbols are likely spread over too many sites, are not long enough, and are probably too personal. Most of our passwords suck. And it’s kind of a big problem.
The thing to understand is that the biggest threat to your security isn’t some creep sitting in front of your email login screen, randomly bruteforcing his way into your account. Nope, you’re up against computers that can run thousands of encrypted passwords by dictionaries of several languages, everything in the World Fact Book, and Wikipedia in a matter of minutes.
Numbers substituted for letters is really, really bad. Most password applications will try that before they do plain English. Patterns on a keyboard are bad news, too. It doesn’t require much to fell some 6-character entry made from your dog’s name with some digits tacked on. People will use their birth year. If there are four digits at the end, it’s not a remarkable coincidence that most start with 19.
What can you do about it? The most important thing you can do to a single password is to make it long. Adding one more character makes it exponentially more difficult to break-even if you don’t use silly characters. Focusing on length, Appppppppppple with 11 ‘P’s,’ is actually really good. Size does matter – suggest a password 12-14 characters long.
Storing your passwords in a spreadsheet or email is also a BIG No-No. One breach means access to your whole life.
One trick is to start with a line from a favorite song. Pull the first letter of each word in the line and stick them together for something that’s easy to recall but very difficult to crack. This trick provides length—which stifles brute force attempts—and randomness—keeping clear of anything that would pop up in a dictionary.
Or try using every tool you can on your keyboard. You can use parentheses in your password. Letters, numbers, special characters, and upper case—if you’re allowed to, you should use them all.
Keeping track of the dozens of passwords you’re required to remember is pretty daunting. There are just so many other things we have to keep straight. Get yourself a password manager service. These will allow you to create crazy-secure 14-character, dictionary-search proof, symbol-using passwords for every site you visit, without relying on your brain to remember all the gibberish. Here are some to consider:
LastPass (https://lastpass.com/) – manages all of your passwords, as well as additional data in a simple, easy-to-use interface
Price: Basic for Windows, Mac, Linux: Free. Premium (includes mobile) $1/month
1Password (https://agilebits.com/onepassword) – desktop versions of the client will also sync via a Dropbox account with iPhone, iPod Touch, and iPad versions
Price: $50 after 30-day trial. $10.00 (iPhone and iPod Touch) and $15 (iPad, iPhone, and iPod Touch).
KeePass (http://keepass.info/index.html) – open-source application with a sizable user base behind it
Clipperz (http://www.clipperz.com/) – online password manager that doesn’t require you to download any software