Is your password strong enough?

You should read this post if your passwords look like this:

‘password’
‘robert1980’
‘1234567890abcdefghijklmnop’
‘qwertyuiop’
‘J0hnSm1th’

Or perhaps you use something from this list of worst passwords of 2015?

Try the Kaspersky Secure Password Check to see how your password measures up.

In our increasingly digital lives, we require an increasing number of passwords and we are tempted to use simple passwords that we can remember.  Makes sense, but unfortunately, at the same time as we are in password overload, the tools and techniques for password cracking keep improving.  With ever faster computers and abundant cheap storage, hackers can quickly crack passwords.

And while password strength checkers are a good start, they may not accurately gauge the real world value of your password.  (Also worth reading is this article by Dan Wheeler). The password checker may report that a password is strong when in reality it can be quickly cracked. (Take this into account when using the Kaspersky Secure Password Checker.)  On the plus side, though some password strength checkers may be inaccurate, they do encourage us to use stronger passwords.

So what is the best password?  The ideal password is a long series of random characters incorporating lower case, upper case, numbers, and punctuation.  Try this one:

Kqx+ZZoi!0n!X^0}w1%pexg)IeYUbr5A^4WLpb/zeDs?T`$q:^(d+0Ds4P.0
%;3rBB6L"DX*qdTy$niy~}gl0}=X=NX!8+232CG11;eA,4}~e4|Oa$S%G@dH
WtKBq"WMJTq#dm*NlA%&o@ht^Xu%ESi)PL;[s]cU;XJ0{B|mEdw:3u)SGf'a
r94+jfUo<`lq[j08}9FAqsks,<:2iu\rOFeKNcE1SB63//Hbc(kj.zHRT,V[
[|$I'@UdN.zw+>wHoBk84#C)29aK^4:YP|jXZB}2Yd7:qkZ:In>"Ninf$Q\X
g7>1td<f2=yT+bxLpf1&B8cc=,Zli}8<@`BXX(6h|@voqF)5frZwrepEUxXd
inrQ/hY56Uk^!tL+q8uH`=.t?%iN^.+4}>=$re`f=P<$pHw[^8c9=}rHQ@C#
&ZlEXD!^U}H<y(LJS#x]$fg"<t6FfBm4k]cuR0v:wd^V"h^}[,XDN?XGBHYq

That looks pretty good.  Kaspersky estimates it will take 10,000 centuries to crack it by brute force.  Should be about long enough.  I use passwords that look exactly like this.  I don’t bother trying to remember these passwords – I use password manager KeePass.  It’s a secured digital vault for your passwords.  I’m a big fan of KeePass but you could also look at LastPass. KeePass also has a handy password generator or you can use this great online tool from Gibson Research. (** Update from January 25, 2023: After the LastPass breaches of 2022 and their poor handling of it, I’ve now switched from LastPass to 1Password and am very happy with it.)

My password tips:

• use a password generator to create a random sequence including at least one uppercase letter, lowercase letter, number, and symbol
• use as long a password as possible
• store your passwords in a password manager like KeePass or 1Password
• use unique passwords for each account
• keep your password secret!

Now that’s all fine for most passwords but there are some passwords you will need to remember – like the one to access your password manager!  What kind of password should you use then?  I like this advice from Steve Gibson: include all the different types of characters and then go for password length.  He maintains that between the following two passwords, the first is better due simply to containing more characters (note that both contain uppercase, lowercase, numbers, and symbols).

D0g.....................

PrXyc.N(n4k77#L!eVdAfp9

For all our complex firewalls and security measures, hackers first try knocking at the front door and often we leave the key in the lock when we use passwords that are easily guessed.  The techniques above add only a little complexity to my day but they add a considerable amount of confidence that the front door is shut to hackers.