As we've pointed out over and over again, the only secure way to store and use passwords is to use a password manager, but some of them do not. In a PCMag survey on passwords, only 24 percent of users said they were using a password manager. What else do you do? Simple passwords like password or 12345678 use? Remember a complex password and use it everywhere? Pay attention to the password security.
Even using the best password manager does not guarantee the security of your accounts – not if you use the password manager to remember those old accounts. tired passwords. You have to go into the trenches and exchange the bad passwords for new, stronger ones.
The above survey found that 35 percent of PCMag readers never change their passwords unless enforced by a violation. In general, is not such a bad thing. The National Institute of Standards and Technology no longer recommends changing a password every 90 days. NIST now recommends using long pass phrases such as "Correct-Horse-Battery-Staple" and changing them only when needed. However, if you use terrible passwords, "if necessary" means .
What is the wrong password? We'll look at some of the attributes of terrible passwords, and then give you some pointers on how to get passwords right.
Stay out of the dictionary
Every few months a news fair appears publishing a list of the worst passwords. We see many easy-to-use options like 1
Some secure sites lock after a set number of incorrect password attempts, but many do not. For those of you who do not have a vicious guess, hackers can traverse a list of e-mail addresses with a list of common passwords and set up an automated process that tries to test combinations until they get started.
A properly secured website does not store your password anywhere. Instead, the password is executed via a hash algorithm, a kind of one-sided encryption. The same input always produces the same output, but it is not possible to resort to the original password from the resulting hash. If the password you enter hashes to the same value that you saved, you will gain access. Even if hackers capture the site's user data, they will not receive passwords, just hashes.
But intelligent hackers can crack weak passwords, even if they are hashed, if they know which hash function the site uses. You start by running a huge dictionary of common passwords using the hash function. Then they search for the resulting hash values in the collected data. Every game is a cracked password. Web sites with the best security enhance the hash function with a technique known as salting, which makes this type of tabular cracking impossible. But why take the risk? Just stay out of the dictionary.
A friend once told me her perfect password: 1qaz2wsx3edc4rfv. She could "tap" it by simply sliding one finger down four inclined columns of the keyboard. It was so perfect that she used it everywhere. And that was a big mistake.
Hardly a week goes by without a company or website reporting a violation that reveals thousands or millions of usernames and passwords. Smart victims immediately change their passwords. Those who ignore the problem may be locked out of their own accounts after the hackers reset the password.
Hackers know that too many people recycle their passwords. Once they have found a working username and password pair they will try the same credentials on other websites. You may not be so worried that you are losing access to your Club Penguin account, but having used the same login on your bank's website will cause you great difficulty.
It's getting worse. If someone else gets control of your email account, they can first lock you by changing the password. You can then break into your other accounts by sending a password reset link to that account. Still worried?
Do not Become Personal
Using personal information as the basis for your passwords is extremely tempting, but a bad idea. Chances are, your dog's name will appear in the dictionaries hackers use for brute force attacks. Other options, such as a family member's initials and date of birth, are unlikely to be a brute-force attack, but if someone wants to hack your account specifically, that personal data may guess a trial and error.  Do not think for a minute that your personal information is private. There are dozens of websites that allow people to find information about anyone: address, date of birth, marital status, and more. Your social media posts can be another source of personal information, especially if you have not properly backed up your accounts. A determined hacker (or a curious neighbor) can probably guess any password you create based on your own data.
Close the back door
If you do not use a password manager, you will surely forget forgetting your password for a site. This is all too general, why virtually every login page a "forgot password?" Shortcut. On some websites, a reset link will be sent to your email address, while you can reset the password after answering your security questions. And that opens a back door for anyone who wants to hack your account.
Most websites provide abysmal security-related options. What is your mother's maiden name? Where did you go to high school? What was your first job? As mentioned earlier, your personal life is an open book for anyone with Internet search capabilities. If possible, ignore the pre-set questions. Create your own question, with a unique answer that you will always remember but no one else can guess.
It's harder if the site does not define your own questions. In that case, it is best to use a memorable answer that is a total lie. My mother's maiden name is Obama. I went to the Communist Martyrs College. For my first job, I was a lion tamer. There is some risk because you might forget which lie you chose. I would suggest saving these weird answers as safe notes in your password manager … but if you were to use a password manager, he would have remembered the password for you.
What you should do now
I hope I did it You are convinced that using shared passwords is a lame idea as passwords are created from personal information. And even the best, random password becomes mandatory if you use it everywhere. When you're ready to take action, here are some starting points:
- Use a password manager.
- Switch to a better password manager.
- Think of an insanely secure master password for your password manager.
- Use a random password generator to update your old bad passwords.
- You can even create your own random password generator in Excel.
- Enable two-factor authentication, if available.
If a secure site does not work If you care about security, you might lose the credentials of this site due to a data breach, but if you make your passwords long, strong, and unique, you've done everything to your online accounts to protect.
And hey! Since you are now playing a role for security reasons, you should add a virtual private network or a VPN. Using strong passwords for secure websites means that other users can not break into your accounts. Adding a VPN means that no one can intercept your connection to these secure sites.