The REAL way to create strong passwords
Recently another Steem user, @avecaeser, posted this story on how to produce a strong, unforgettable and unique password. They actually succeeded on the unforgettable and unique points but certainly not on the strong point.
Just because a password is long does not mean it is strong
What is important is how many combinations an attacker would have to perform in order to break the password. Unfortunately the scheme that @avecaesar suggested actually cuts down the number of combinations. Why?
- the numbers come from very limited ranges. 12 possibilities for the months, 31 possibilities for the day, and, say,
80 (maximum) possibilities for the year of birth. - the & is always in the same position. This is only 1 possibility!
- the date of birth of a person is fairly easily discovered by a hacker and gives them half the password already
- now all they need to do is find out the nickname the person had in high school!
I am truly not trying to be confrontational with @avecaeser but I think it is important for the community that they understand why certain passwords are safer than others.
The only true way to maintain security is for the password to be unguessable. For it to be unguessable it really needs to be random. Now this does make it hard to remember, but it's the price of security.
What I would actually suggest is using a password manager such as 1Password which encrypts all your other passwords behind a single password.
https://xkcd.com/936/
Yep, that's certainly much more secure!
I get my nerd rage on when sites tell me I need to use one capitol letter and one number in my password, I just think "Great, any other rules you'd like to give to the hacker trying to crack this? Now any brute force OR dictionary attack has far fewer options to check! Good job Admin team."
"Great, any other rules you'd like to give to the hacker trying to crack this" was priceless :-)
Simply Great Information and Presentation