Now that we know how passwords are hacked, we can create strong passwords that outsmart each attack (though the way to outsmart a phishing scam is simply not to fall for it). Your password is on its way to being uncrackable if it follows these three basic rules.
Don’t be silly
Stay away from the obvious. Never use sequential numbers or letters, and for the love of all things cyber, do not use “password” as your password. Come up with unique passwords that do not include any personal info such as your name or date of birth. If you’re being specifically targeted for a password hack, the hacker will put everything they know about you in their guess attempts.
Can it be brute force attacked?
Keeping in mind the nature of a brute force attack, you can take specific steps to keep the brutes at bay:
- Make it long. This is the most critical factor. Choose nothing shorter than 15 characters, more if possible.
- Use a mix of characters. The more you mix up letters (upper-case and lower-case), numbers, and symbols, the more potent your password is, and the harder it is for a brute force attack to crack it.
- Avoid common substitutions. Password crackers are hip to the usual substitutions. Whether you use DOORBELL or D00R8377, the brute force attacker will crack it with equal ease. These days, random character placement is much more effective than common leetspeak*(*leetspeak definition: an informal language or code used on the Internet, in which standard letters are often replaced by numerals or special characters.)
- Don’t use memorable keyboard paths. Much like the advice above not to use sequential letters and numbers, do not use sequential keyboard paths either (like qwerty). These are among the first to be guessed.
The revised passphrase method
This is the multiple word phrase method with a twist — choose bizarre and uncommon words. Use proper nouns, the names of local businesses, historical figures, any words you know in another language, etc. A hacker might guess Quagmire, but he or she would find it ridiculously challenging to try to guess a good password example like this:
QuagmireHancockMerciDeNada
While the words should be uncommon, try to compose a phrase that gives you a mental image. This will help you remember.
To crank it up another notch in complexity, you can add random characters in the middle of your words or between the words.
The sentence method
This method is also described as the “Bruce Schneier Method.” The idea is to think of a random sentence and transform it into a password using a rule. For example, taking the first two letters of every word in “The Old Duke is my favorite pub in South London” would give you:
ThOlDuismyfapuinSoLo
To anyone else, it’s gobbledygook, but to you, it makes perfect sense.