Password Basics
Is your bank account using a strong password?
Do you use the same password for different online accounts? How long would it take a hacker to crack your password? If you don’t know the answers to some or any of these questions, that’s okay! Read on to learn all this and more!
What is a Password and why is it important?
A password is like a digital key that unlocks digital accounts, like email, banking, video games, and other sensitive things. You likely have a password that allows you to use your computer or access your Wi-Fi in addition to your online accounts. Anyone who knows these passwords will be able to log into your accounts and access your personal information.
Meaning if you share your bank account password with a stranger, then they can log into your bank and transfer money away from you.Obviously, this is not something you want to have happen, so you should never share your passwords, but you should also make sure that you have a strong password, so that it isn’t easily guessed.
What makes a strong Password?
To answer that, let’s first look at the most common passwords.
According to a digital security company called NordPass, the top 20 most common passwords include, 123456, 123456789, password, 111111, qwerty, abc123, 000000, iloveyou, and password1. If you use any of these passwords for any of your accounts, or any other passwords in the top 20 list, we highly recommend you change your password as soon as possible.
Password Strength Testing
Normally, we don’t recommend typing in your passwords into websites you are unfamiliar with, but for demonstration purposes, we’re going to take a look at a Password Strength Tester.
This is my1login.com and we’re going to use this tool that allows us to type in our passwords to see how long it would take for a hacker to crack them. Let’s try one of these top 20 passwords from NordPass. I’m going to enable the Show Password feature so that you can see what I’m typing.
First, let’s test "password".
My1login is telling us that password is likely to be cracked in less than 1 second. That doesn’t seem very good, and in fact, it is telling us that this is a very weak password.
Next, let’s try "abc123".
Also would be hacked in less than 1 second.
Now we can see here that my1login is giving us some general advice on creating a stronger password. It says to include lowercase letters, uppercase letters, numbers, and symbols.
So let’s go back to the word "password" and try to make it more secure.
A common practice might be to capitalize the P, change the a to an AT symbol, and change the o to a zero.
Hmm. Still less than 1 second to crack this password.
Well, maybe the issue is that I’m using the word password, so let’s try something else, like computer.
We're going to capitalize the C, change the o into a zero, change the e into a three, and add an exclamation point onto the end. Looks like this password still isn’t very secure.
If we look just above the tester, though, we’ll see that my1login is giving us another hint: passwords should be longer than 15 characters - characters are letters, or numbers, or symbols.
There aren’t very many words that are longer than 15 characters, though. So what do we do?
How to make a strong Password
A popular online comic called XKCD, actually tackled this exact topic in 2011.
It says, “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
The author suggests that passwords, like the one we came up with, is difficult to remember, and is easily cracked. Instead, what we should do is use four random words to create our password.
We tend to agree, although, we're not convinced that we could remember four random words on an account that we don’t use very often. And even if we did remember the words, we don’t know that we would remember the order they’re in. Instead, we recommend coming up with a passphrase.
Creating a Passphrase
A passphrase is a string of words, that make sense to you, and then we make sure to include numbers and symbols into that passphrase, as well.
For example, if we use the password PlugIntoPortland247! then we're pretty sure we can remember that password. We included capital letters, numbers, and symbols, but none of them are in a place that we wouldn’t expect.
Also, according to my1login, we can see that this is a very strong password, with 20 characters, and that would take around 10 years to crack. That’s a significant improvement!
But what would the perfect password be?
Creating a Perfect Password
The perfect password would be as long as possible, uses random numbers, letters, capitals, and symbols, and it might look something like this: z59BEbwm37%MmY2RR8&ajeImR9MF^z
Now, this might be a perfect password, but I definitely don’t think I could memorize this and use it regularly. Using a passphrase is much more reasonable and is still very secure.
I need more than one Password?!?
However, we’re not done with just creating a single passphrase! We need to create a passphrase for every website or login that we use! Why is that?
Well, let’s say that you have an email account with Google, a shopping account with Amazon, a social media account with Facebook, and a banking account with First Tech Federal Credit Union. Now let’s assume that they all use the same password, and they’re all using your GMail account as the username.
This means that if Facebook, Amazon, or your GMail is hacked or otherwise leaks your username and password, hackers might try to log into other popular websites.
The first places a hacker with a new password is likely to check are banking websites and popular shopping websites like Amazon. Since all of your usernames and passwords are the same, a hacker can now easily log into your accounts, and transfer money, or buy expensive items.
And this also includes smaller websites, like one for a video game, and the password for your computer itself.
So it is never a good idea for your passwords to be the same as the password for another account you use.
"But Free Geek!
How am I supposed to remember all of my passphrases?
That's so many things to remember!"
How am I supposed to remember all of my passphrases?
That's so many things to remember!"
Password Managers
You’re right! Having a different passphrase for each website you visit is very difficult to remember. Enter the password manager.
Password managers are security accounts that keep all of your passwords locked up safely so that you can access them whenever necessary. You can kind of think of it like digital notepad where you keep all of your usernames and passwords.
And while we’re talking about notepads, please don’t physically write down your passwords near your computer. If you were to do that, then anyone sitting at your computer would then have access to all of your sensitive information.
So please, use a password manager - not a notebook.
If you want to learn about password managers, please feel free to check out our next article on password managers and how to use them. For now, we’ll just let you know that our favorite password manager is BitWarden, but we’ll go over why in the next article.
Thanks for reading! We hope you learned something!
And thank you for supporting Free Geek!
