Take a look at this password security testing website. No, it’s not a scam, they won’t steal your passwords. This website is a fantastic tool that demonstrates the approximate time that it would take to launch a brute force dictionary attack on your password protected systems. A dictionary attack is a type of attack that works “online”, meaning that it is an attack on the login area itself. The attacker essentially tries combinations of words and characters with your username to attempt to guess your password. Now, of course, this website does not consider the fact that in many instances, repeated login attempts will lock attackers out of the login process for some period of time. But, the point stands: you want to have a secure password, and that website may give you some insight on whether or not you do. So, how can you keep your password safe and secure?
Don’t have a common password.
Whether or not your website came back as being easy to break, take a look at these common password issues. If your password involves one of these, be warned:
- Something on the list of most common passwords
- Pet names
- Family names
- Sports teams
- Common number sequences, eg. “123”, “321”, “1”
- Has no special characters, eg. “#”
Make your passwords hard to find.
Obviously, don’t share your passwords with others. Avoid writing your passwords down, and if you do, keep them in a secure place and out of plain sight. Don’t use the same password for any two services. If a service’s password database is compromised and an attacker can see your email/username and password for that website, you don’t want them to be able to penetrate any other websites or services you use.
Here’s a handy tool to check if your email has been involved in a data breach, and if so, what services were comprimised.
Here’s the same tool, but for passwords.
How to create stronger passwords:
Get creative. Use easy-to-remember, long chains of words, but with numbers or special characters replacing certain letters. Moreover, be sure to use special characters in your password, and not just at the end! For example, take the phrase “hellotheremyfriend”. This is a long phrase, but vulnerable to a dictionary attack. So, put some special characters in it, and replace some characters: “4ellothere!myfri3nd” is a fairly easy password to memorize, but is incredibly difficult to brute-force or dictionary attack.
Get creative with this method, and make slightly different passwords for each service. Because passwords are not (hopefully) stored on servers in plaintext (see this article), as long as your password is not identical across all services, you are not vulnerable to data breaches. This means that you can use the same base words for every password, but a slightly different variation for each service, and you’ll be fine.
The best way to keep your passwords safe:
Use a password manager. Check out this list of password managers, or find one that suits your needs.
What is a password manager? A password manager will use a password of your choosing to unlock an application that generates random, long, and secure passwords for all of your password-based applications and services. The passwords themselves are encrypted securely and only unlocked with your master password. You can use your password manager on all of your browsers, computers, and devices, so you’ll always have access to all of your passwords.
Using a password manager solves the issue of “shoulder surfing” (that is, someone watching you type your password), leaving your password written down in an insecure location, attackers brute-forcing your password, and password database breach cross-site vulnerabilities all in one convenient package.
So, it may be a bit of a pain to set up, but using a password manager is definitely what all the cool kids are doing nowadays.
I hope this information has been helpful and that you can tighten your password security. If you have any other suggestions, be sure to contact me or leave them in a comment!
If you’d like, check out some of these featured items! Please note that as an Amazon Associate I earn from qualifying purchases.