Try to recall the passwords of 5 websites you often visit, and ask yourself:

  • Are they identical?
  • Are they complicated?

If your answer is: they are identical and simple, then kudos, you successfully put yourself in danger by offering extremely easy access to your accounts to others!

You might think nobody would bother cracking into your account, as you are not a public figure, nor do you have really important information stored online.

This is wrong, obviously.

Last year, there were 3 records of unauthorized access attempts to my Google Account, and thanks god I fended them off by setting a really sophisticated password:

,SSHzdNuZ[;`GnYE0^:.k>-M}9a&hFF>h/u7<7<".#6o:O)9I1Q)&Xo$QP$YecLm

Don’t worry, the above password is just an example.

In fact, A strong password should:

  • has 10+ characters: Although most websites have the minimum requirement of 8 characters, I would recommend having at least 10 characters in your password, as this enhances the difficulty to brute force attacking your password significantly harder.
  • include Numbers (012345), Characters (abcABC), Symbols (!@#$%^&): simply because this makes guessing passwords much harder. You could also use special characters, like European Special Characters (áéíóú) or Chinese Characters (一二三) if the system/website supports such characters.
  • not commonly seen: Combinations like abcde12345, password, IloveCHOCOLATE are just too easy to guess, don’t tell me you feel safe with these ones.

So how do I create a strong password properly?

password_strength

This comic by the famous author Randall Munroe already told you how to create a strong password.

There are many ways to create passwords, like combining random characters with substitutions, or if you are just as lazy as me, a password generator.

Okay, so I have created some random passwords like ]Wzx?y@c5mce{Kp2_v6c=\254q\'C`Du)2(6l\9'd`ezFt<zO)209OQx4Hxq31"F, what’s next?

The next thing you’ll need is a password manager. Why? You don’t expect to remember crazy passwords like the one above with your mortal brain. Except, of course, you did practise memorizing things.

If you are just an average user like me, and are too lazy to write down all your passwords in your super secret diary but still wants some level of security online, then you will need to a password manager to help you store all your passwords safely.

The main advantage of password manager is that they can store all your passwords and/or personal information related to accounts in digital format – It is like a vault, specifically for passwords. It is encrypted and can only be decrypted with the master password you’ve set. Most password managers feature multi-platform compatability. So even when in vacations, you can still access your password database on your smartphones, be it running Android or iOS.

I know you don’t want to pay for such things, and developers know as well. There are numerous free password managers and they are as trustworthy as paid ones. Let me introduce the two managers I’m currently using.

  1. Keepass

main_big

Keepass is perhaps the most loved open source password manager out there. It is constantly developed and well equipped. It locks your passwords in a single file with a master password or a keyfile (You can also bind the database to your Windows account, if you wish to).

What makes Keepass my favourite is that it is open source, which means any security vulnerabilities would be eliminated once they are found – no backdoors. It is also quite tidy, allows you to quickly search for the desired password with just a few clicks, or by searching. You can also store your databases offline, so even you are not accessible to the internet, you can still manage your password vault, and sync it with online copies later.

  1. Lastpass

abc

Lastpass is one of the many password managers that offers perfect multi-platform compatability and clean interface. Although it had a security breach, but overall, it is still a great product – for free.

It is an online product, which means that all your passwords are stored online, instead of offline like Keepass. This is good and bad – You may sync your passwords across devices immediately while you are unable to sync offline. As an online product, it features more security features, like 2FA (Two-Factor Authentication), Emergency Access, Safely Share Passwords, Security Challenges, which the Keepass lacks or are subpar to.

The Free plan is already good, giving you the abilities to sync vaults across devices and sharing passwords to 1 peer at a time. Premium Plan features Emergency Access, Advanced 2FA options, 1 to many password sharing, prioritized support, Lastpass for Applications and 1GB cloud storage.

There are other choices as well, like Dashlane, 1Password, Roboform, etc. Which one do you prefer?

If you haven’t started using password managers, do it today, and secure your digital life!

Leave a Reply

Your email address will not be published. Required fields are marked *