How to crack a password?
Usually passwords are cracked via online theft. A tremendous amount of user data is continuously “disappearing” into the internet, and unfortunately this also includes passwords. Adobe and Snapchat have been the most recent cases of such security breaches. Normally, passwords are encrypted and can only be cracked by a method of trial-and-error (brute-force-attack) – the feasibility of an attack is only a matter of time. If you want to check how long it would take someone to decode your password, please visit this website. Creating a long and rather unpredictable password obviously might give you an advantage. However, as soon as the password has been stolen, it’s for your own protection to close any security gaps, especially if the password has been repeatedly used on other websites as well. The second most common method for cracking passwords is spying, for example – keylogging or phishing. Nevertheless, in this case the password’s complexity and unpredictability hardly matters – see last paragraph.
How to create a strong password?
For a password to be considered “strong”, it has to be long (more than eight characters, if possible more than twelve), new (should not be used longer than a year), globally unique and last but not least, hard to guess. Names, birthplaces, numerical codes (birthdays, phone numbers, 123456), as well as words listed in a dictionary are considered to be weak passwords, as combinations like this can easily be guessed. Passwords used on multiple websites are also not safe. Here’s an example of a good password: „!Lya_mm3$#ObAsAck:Vay“. If you’re going to use this exact password from now on, please know that it’s at your own risk. It has been made public and is therefore considered weak.
How to create a password to remember?
You might have to use a mnemonic device. The creators of the Mozilla browser wrote an article on this particular matter. The trick is to choose a phrase or a favorite quote, shall we say “Adversity is the first path to truth.” (Lord Byron)? Pick the first two letters of each word and alternate between upper and lower case, in this case it would be “AdIsThFiPaToTr”. According to http://www.howsecureismypassword.net/ it would take a desktop PC eight million years to hack this combination. Add some special characters (“?AdIsThFiPaToTr*”, approximately 70 million years to hack) and with this the first part of your new password is now complete. To generate the second part, set your own rules and couple the name of the website in question with the year you registered, for example – one digit, one letter (Facebook would turn into „2f0a1c4“). Combine it with the first part of the password (“?AdIsThFiPaToTr*2F0a1c3″) and it would take approximately 30 octillion years for someone to hack this password combination.
Can I at least write it down?
The idea doesn’t seem to be unreasonable and some experts agree that it might be the lesser evil (this article gives a recap of the discussion). At any rate, writing down your password is better than using a weak one or the same password for several websites. Of course there is an apparent downside: you could loose the note or it might fall into the wrong hands. Still, to secure a copy of the note in a sealed envelope in a safe location might prevent the chance of losing it.
Isn’t there an app for that?
Sure, there are a whole range of useful apps and little tools. You only have to remember one password in order to access a list which features a number of your highly complex passwords. Most applications have the option to generate a random but secure password. Usually the app automatically stores the created password in the clipboard, all you have to do is paste it into the password field. Roboform is a highly recommended and easy-to-use tool. You can find a comparative overview on tools with similar features on PCmag and Information Week. Security expert Bruce Schneier created a tool for his own passwords: download the open source software Password Safe here. Most tools enable you to save encrypted passwords and even transfer those from your computer to your smartphone. Of course it is still possible for someone to intercept your data during the process. Nevertheless, you’d be safer this way than repeatedly using the same password on various websites.
I’ve created a strong password – am I good now?
Absolutely not! A password which can not be intercepted or snooped on by an unauthorised third party has yet to be created. Maybe your computer is bugged. Maybe some malware sends your every keystroke to a hijacked computer on another continent. Or maybe the website, which required you to enter a password, could’ve already been hacked a long time ago. In order to prevent such a scenario, you’d need much more than a strong password, for example - a fingerprint or an authentication via text message (two-factor-authentication).