How to choose a secure AND memorable password
You see it on nearly every website you register for. Instructions on choosing a secure password. You then rack your brain trying to think of a password that fits the criteria, is secure and you have a chance of remembering. So how do you choose a secure AND memorable password?
Difficult isn’t it?
Well, we build lots of websites with admin access online, so we have a few tips we share with our clients on choosing a secure AND memorable password. And I’d like to share them here to help others.
Listen on BBC Radio Nottingham
Listen to our help and advice on BBC Radio Nottingham about choosing the right passwords that are memorable and secure.
Firstly how good is your current password or passwords?
Advice originally was to choose a memorable word that was personal to yourself and you could remember. Great, but then hackers cottoned on to this and started to try and guess passwords using a dictionary attack. This is simply using a computer that is set to just go through the dictionary trying every word on your login until one works. For a computer to do this, it can take less than a day, and only seconds if your password is one of the most popular used. See the list below:
The Top 10 most popular passwords hacked from 38M Adobe accounts
So it was suggested random passwords. Just a random string of upper and lowercase letters mixed in with numbers. The longer the better, but whilst secure they are nearly impossible to remember. So you end up writing it down or storing it in the browser. This then makes it more insecure as if your computer is stolen or lost, it becomes easy for anyone to get in the accounts.
So what about words with numbers replacing letters?
These are quite popular and was good advice, but again it didn’t take long before hackers cottoned on to these types of passwords again. so they again become possible to crack. Not as quick as just a normal password but still possible.
Check out this website ‘How Secure is my Password’ to see how long it would take your password to be cracked. It will probably surprise you how quickly some of them can be.
Has your password already been hacked?
You may have heard of passwords and usernames being stolen from other websites around the world. These are then leaked and hackers use them to try and force their way into different accounts on popular websites. You may have a very secure password, but if it has been leaked it means nothing.
Take a look at https://haveibeenpwned.com/ to see if your username or email address has already been stolen along with a password. If it has then you need to change your passwords, quickly.
Choosing a secure and memorable password.
The best current advice is to choose a string of words that are memorable to you. Intersperse these with a few special characters and you are away.
Something personal to you, quite long, but easy to remember.
Put this in to ‘how secure is my password’ and it would take a computer 6 quattuordecillion years to crack. That’s a 1 followed by 45 zeros. How does that compare to your current password(s)?
It’s the sheer number of combinations of words and characters that make it so hard to crack. It’s the old needle in a hack stack routine.
Website Login security
Just as a side when we build websites for clients we also put on security to limit the number of login attempts. Most websites logins will allow you to try and keep trying until you get it right, but this is very insecure. A computer trying to guess (otherwise known as brute force attack) your password can try 20-100 times a second. This uses immense strain on your website and can stop it working for normal visitors and customers and can cause it to stop working altogether.
By limiting the number attempts it can keep your website up and running as well as increasing the time it takes a computer to guess your password. The example above if used on one of our websites would be even longer 6 quattuordecillion years.
Try it out and be secure.