The weakest point in the security of your online accounts is usually your password. Traditional passwords are no longer secure. Hacking techniques have evolved rapidly and significantly over the past few decades, but the way we create our passwords has not kept pace.
The latest and most effective password attacks can attempt up to 300 billion guesses per second, and this number will undoubtedly increase over the next few years. Abrute force attack is a method used in cryptanalysis to find a password or key by testing all possible combinations.
This method can break all passwords in a finite time regardless of the protection used, but the time increases with the length of the password. In theory the complexity of a brute force attack is an exponential function of the password length, making it virtually impossible for long passwords.
A correct password meets the following criteria:
Because the length of a password is one of the main security factors, passphrases are much more secure than traditional passwords. At the same time, they are also much easier to remember and type.
They are not as strong as randomly generated passwords from HTACCESS-Gen, but they are still a good option if you do not want to use a password generator. They are also the best way to generate the master password for a password manager or your operating system account, since they cannot be filled in automatically by a password manager.
Choose several random words. You can add a few uppercase letters from numbers and symbols, and you can add spaces between words if you prefer.
For example :
Don't put the words in a predictable pattern or form a correct sentence; it would be much easier to guess.
Do not use song lyrics, quotes or anything else that has been published. Attackers have massive databases of published works to build from for possible passwords.
Do not use personal information. Even when combined with letters and numbers, someone who knows you, or can search for you online, can easily guess a password with this information.
Do not use the same password on multiple accounts. A recent study in the UK found that 55% of users used the same, mostly "weak" password to log in to multiple sites on the Internet. Many popular sites fail to adequately secure your password in their systems, and hackers regularly break them and access hundreds of millions of accounts. If you reuse your passwords, someone who hacks one site will be able to log into your accounts on other sites. Make sure you have unique passwords for all sites that store financial or other sensitive data, or those that could be used to damage your reputation.
Make sure your email password is also strong. With many online services, your email address serves as your identification. If a malicious user accesses your email, they can easily reset passwords and log into your account.
Do not share passwords. Even if you trust the person, it is possible for an attacker to intercept or spy on the transmission, or to hack into that person's computer. If you suspect that someone else knows your password, you should change it immediately.
Do not send your password in an email. E-mails are rarely encrypted, which makes them relatively easy for attackers to read.
Do not save your passwords in a web browser. They often fail to store passwords securely, so use a password manager instead. See the section on password managers above for more information.
On a public computer, do not save passwords and use "Remember Me" in the options. If you do, then the next person to use the computer will be able to access your account. Also make sure you log out and close the browser when you are finished.
Do not write down your password. If it is written down somewhere and someone can find it, then it is not secure.
Don't change your passwords for no reason, unless you suspect they have been compromised. As long as you have the type of strong password recommended on this page, changing it frequently will do nothing to minimize the risk of it being compromised.