Passwords, huh, what are they good for?
At the end of the day, absolutely nothing (to paraphrase a classic), particularly if you are using a weak password, which in my experience 90% of the population do.
Do these passwords sound familiar to you
password, password123, Password1234, your partner's name, your dog's name, your child's name, your dog and child's name, your child's name and the year they were born.
Which password are you?
What constitutes a strong password?
The conventional wisdom was that a strong password contained at least 8 characters and number and 1 special character such as `~!@#$%^&*()
This has resulted in a culture where we have short passwords with some character substitutions for example;
- Password - hacked instantly
-
P@ssword - hacked in 3 hours
-
P@ssw0rd - hacked in 9 hours
-
P@ssword1 - hacked in 4 weeks
-
Sweetpea - hacked instantly
-
Sw33tpea - hacked 2 hours
-
Sw3etpe@ - hacked in 9 hours
-
Sw33tpea! - hacked in 4 week
Based on password testing at https://howsecureismypassword.net/ this also assumes 1 computer, so that password that can't be hacked for 4 weeks looks fine until you bring to bare a bank of computers, which are parallel processing decryption technologies or a mainframe computer and that password is useless. And when quantum computers are a reality (which not far away) all bets are off.
Emerging wisdom,
in the password space is to use a phrase, a series of words strung together that may or may not make sense to anyone by you.
- Whykickamoocow - hacked in 837,000 years (fictional place in New Zealand, that my parents tricked us with many years ago)
- Whykick@moocow - hacked in 29 million years
- Ilovepineapple - hacked in 837,000 years
- IlovepineApple - hacked in 837,000
- Ilovepine@pple - hacked in 29 million years
As you can see from the above data, having a phrase as a password significantly increases your password strength, adding some character substitutions such as the @ sign for an A - gets you to millions of years.
The best solution
However, the best passwords to have are long passwords minimum of 15 characters and more if you can - of random characters.
The problem with this is that most people would never be able to remember their passwords, but a 15 character random character password such as R#bc!$9lkgL5w$K would take 16 billion years to hack.
Password vaults are your answer, i've been using LastPass www.lastpass.com for over a year now. I only have to remember 1 master password, and Lastpass not only saves all my password to all my websites/web services, it will generate long and strong (random character) passwords. A password vault should also be able to share a password with friends or colleagues, as well as run on different platforms and browsers e.g. Phone App, Chrome, Safari, Internet Explorer, Mac/PC etc.
Password vaults are your answer, i've been using LastPass www.lastpass.com for over a year now. I only have to remember 1 master password, and Lastpass not only saves all my password to all my websites/web services, it will generate long and strong (random character) passwords. A password vault should also be able to share a password with friends or colleagues, as well as run on different platforms and browsers e.g. Phone App, Chrome, Safari, Internet Explorer, Mac/PC etc.