Choosing A Password
When you create a password for an online service, you are giving that password to that provider. You are also potentially giving the password to any malicious actor who hacks that service and retrieves the passwords. If you used the same password on another service, the malicious actor can easily gain access to the other service, even if they are very secure.
The worst security mistake you can make is to use passwords more than once. The second worst mistake you can make is to use simple passwords. Generally, you want long and complex passwords instead of short, simple passwords.
Passwords should contain a mix of upper and lower case, and numerals, and other characters. This is to expand the possible combinations of passwords which makes it harder for computers to cycle through each combination. If you use only lower-case characters, there are only about 300 million possible 6-character strings, but if you use upper and lower, plus numbers, plus a choice from a selection of other symbols, there are about 139 billion possible strings. This might seem like a lot of combinations, but they can be attacked fairly quickly on modern processors.
Thus, “dog”, “frank”, and “password” are very bad passwords.
“wzAUeE6w?90SXe9d” is a very good password, but obviously very hard to remember and to type in.
But you should not choose passwords based on your ability to remember them. They can be stored in a file.
A very simple way to make suitable passwords is just tap at the keyboard. For example: “woksjhkhakd”. Then put some numerals in. Your password text file could consist of:
Ebay, email@example.com, ouljsld1jsasdas
Amazon, firstname.lastname@example.org, 077404fea9a815f4e82effc52d43ae9b
When you need to log in to these services, the web browser will usually cache the password or you can copy and paste from the passwords file. It takes very little effort to maintain a series of quality passwords.
Remember: at every minute of every day, hackers — who, these days, are real criminals, not just teenagers fooling around — are trying to break into systems to steal money. They have complicated methods and will keep going and going, and they store large databases of tiny fragments of information, which build up over time. If you have a common password for many services you are making yourself an easy victim.
You should assume the following at all times:
- If someone can find a way to steal from me, they will.
- Every password I have will be known to a hacker eventually.