Password security is a huge issue, and it always has been. Unfortunately not too many people set secure passwords, and with different sites having completely different rules it can be difficult to create and keep track of the passwords you use.
This leads to a lot of people getting lazy when they set passwords, fortunately we have a simple and easy way to teach you how to set a secure password, and what you can do to protect yourself from insecure sites you use that get hacked!
How to Set Secure Passwords
We have a simple formula we suggest that can help protect you from brute force hacks, and limit damage when a site you use gets hacked, releasing your password to a dangerous underground online world.
Your keyphrase (One capital letter) + site identifier (One capital letter) + two numbers + 2 special characters
You can mix up this order to your own standard, but keep it standard so you can easily remember the password on each site you visit.
Lets go over each of these sections individually
This should be a non-dictionary word that you can remember. Use a capital word in this, but use it in the middle somewhere. This will be the same on every password you use on every website.
If you want you can use a number in this to, but here’s a few things to remember.
- Brute force hackers use dictionary words, and basic brute force hacking lists test the keyword in all lowercase, all upper case, first letter capitalized, last letter capitalized. More advanced lists will test caps on different letters within the word, but these are less often used.
- Brute force hackers use name lists
- You can use numbers within the word too, but brute force hackers use “l33t speak” replacements too, so “L3tter” for instance, would be easily hacked.
The best words to use in your keyphrase are often regional dialect, nicknames, and uncommon slang. Some people simply make up a collection of letters and numbers.
The site identifier is a way to make passwords unique for each site, so if one site gets hacked, you don’t have to change all your passwords. Though these can easily be cracked by hackers, it’s unlikely that a brute force hacker would do this, as they generally just add working passwords to their list.
A site identifier is a way you can generate this part of the password when you enter it through simple deduction.
There are different ways to do this. Some people use one letter higher in the alphabet, others create a “l33t” spelling of the websites name. You can use the full website name, or just the first or last word in the sites name. Whatever you use for this, the more obvious it is, the easier it would be for someone to spot the connection in your password. Ideally an algorithmic string is the best way to go here. Remember to choose a capital too.
i.e for The Guardian website you could use “hvBsejbn”. In this case the site identifier would be one letter up on all letters, with the third letter capitalized.
Number and Special Character
These can be mixed in to your password however you want, however we suggest two special characters and two numbers. Just remember to keep it formulaic and standard so you can remember and rebuild passwords for the sites you use easily. Though two of each is not absolutely necessary, it helps keep yur password with sites that have higher security settings that may require these. As soon as you start straying away from your formula, you start to find it hard to keep track. With the numbers, avoid using date of birth or similar, make them random.
A Completed Password
So here’s a quick example – not one I use I’m afraid 😉
I’ll build one for this site, and I’ll use a slang phrase from back home, eyup, the last word in the site name (whitham) with one alphabetic step down, and $%56 mixed up in the middle for numbers and symbols.
This is quick, easy, unique per site, hard to identify as a pattern, and highly unlikely to be brute force hacked!
The only problem with this system is that if one of the sites you use does get hacked, you will have to create a new password that will not fit with your algorithm. Fortunately this is rare, but if it does happen you will need to create a new password, possibly with a secondary backup algorithm to use if this unfortunate occurrence happens.