How Secure is Your Password?
Following the trend of my last few blog posts, I wanted to cover what makes up a good password. If you haven’t already, please read my previous post about password managers (http://opiescomputers.com/too-many-passwords/). This will make it very easy for you to handle passwords that are impossible to remember, and almost as hard to crack.
The strength of a password is measured in bits. The number of bits listed for entropy is an estimate based on letter pair combinations in the English language (source: http://goo.gl/zkfemX).
- < 28 bits = Very Weak; might keep out family members
- 28 – 35 bits = Weak; should keep out most people, often good for desktop login passwords
- 36 – 59 bits = Reasonable; fairly secure passwords for network and company passwords
- 60 – 127 bits = Strong; can be good for guarding financial information
- 128+ bits = Very Strong; often overkill
Ideally you should try to keep your password strength in the 60-127 bit range. If you are using a password manager such as KeePass, it contains a password generator. You can select the number of characters, whether to use uppercase, lowercase, both, numbers, and special characters in your password. All of these options will increase the number of bits of strength.
A lot of websites will try to tell you what they think is a secure password, but here is my list.
- Make it a minimum of 12 characters long. The longer the password, inherently the strength increases.
- Use a mix of upper and lower case letters. This isn’t an option on all systems, but if it is, it should be utilized. It is becoming more common.
- Use numbers. Not just one number, and not just one number at the end of the password. Mix numbers into the password.
- Use at least one special character (ex: $, #, %, *, &, etc).
If you are wondering whether or not you have chosen a good password, one particularly good site to check that password is “How Secure is my Password?” (https://howsecureismypassword.net/). This site will gauge your password as you type it in. It will change the background of the page based on how good it is. Red, change it immediately. Yellow, think about changing it. Green, you’re good!
This site will also give you a rough estimate of how long it would take one person with a single desktop PC to crack your password. This is a good estimate, but keep in mind that most hackers have much more than a single desktop computer at their disposal.
Don’t underestimate the need for someone to crack into your accounts. Once they have one account, it is usually a matter of time before they are in all of your others. They can get access to bank accounts, credit cards, online shopping/loyalty accounts. All of these can ruin your credit or cost you a lot of money down the road.
The only thing keeping them out is your password. Choose wisely!