Value of strong password

Value of strong password

How can I generate strong passwords?
 

It’s 2024, and everyone knows how important it is to secure access to one’s accounts by using strong passwords. At least, that’s what you’d think until you took a look at the ranking of the most frequently used passwords.

 

Most used passwords

According to data provided by NordPass, these are the most commonly used passwords today:

  1. 123456
  2. admin
  3. 123456789
  4. 1234
  5. password
  6. root

None of these passwords will resist an attacker for more than a second. And with good reason: they’re among the best-known and simplest combinations, and therefore the least resistant, because they’re the ones attackers will try first.

Let’s be clear: using such a weak password is like not using one at all. Anyone who knows that you have an account on this or that platform could be able to access it in a matter of seconds.

It’s like leaving your house keys on the front door and congratulating yourself on putting a lock on it.

None of your accounts, no matter how small, should be “secured” in this way. Because if an attacker finds an insecure account with one of your e-mail addresses, it could give him the incentive to persevere by attacking other services to which you’ve subscribed.

 

Bad habbits

Even if you use a strong password (we’ll come back to what makes a strong password in a few lines), make sure you don’t always use the same one.

This is because, if your password were to be compromised, it would open the door to all your other accounts. And this can happen even if you don’t make a mistake. All it takes is for one of the services you’ve signed up to store your passwords incorrectly.

This is what happened in 2021 with DailyQuiz, where the attacker was able to gain access to more than 8 million user accounts, because the site had stored their login details (including passwords) in clear text. This information was then put up for sale on the DarkWeb.

It is also possible for a dishonest employee to decide to leave, keeping a list of logins used by his former employer and then passing them on to other companies. TicketMaster was found guilty of hacking several competitors because the company used passwords that a former employee had kept.

As it’s impossible to know whether this will ever happen to you, we recommend that you limit the possible damage by systematically using different passwords for each of your accounts.

This way, if one of your accounts is compromised, the others are not at risk. It also makes it quicker and easier to take backup measures to restore your access and secure your data.

To find out how comfortable you are with managing your logins and passwords, here are a few simple questions.

 

Are you safe enough?

1/Do you use the same password for several of your accounts?
2/Have any of your passwords ever been compromised?
3/Do you store your passwords in clear text?
4/Do you use your browser’s password manager?

=> If you answered yes to any of the above questions, then your password management could use some improvement.

You can check whether any of your accounts have been compromised using the HaveIBeenPowned site. If this is the case, we recommend that you immediately change the corresponding password, on all the sites on which you use it.

 

What is a strong password?


As you may know, the longer a password is, the harder it is to crack. Just as it’s harder to guess a 6-digit padlock code than a 2-digit one.

The more characters you add to a password, the more combinations the attacker will have to test before finding the right one. This is why seedphrases are impossible to crack, even though all the words they contain are public. There are simply too many possible combinations.

A good password should be more than ten characters long. Some sites recommend 12 or 14 characters, but if you can line up more, don’t hesitate to do so. To make the combinations you can test even more numerous, it’s important to use a combination of upper and lower case letters, and to include numbers and special characters in your password.

Naturally, using a long, unique password for each of your accounts quickly raises the question of password storage.

For this, you can rely on a password manager but this can be risky , or use Seedkeeper, eliminating the need to entrust your data to a third party. This is of course the best solution and we strongly recommend you to use a dedicated device in order to store your passwords and secrets.

This being said, what are the best practices for generating strong, easy-to-remember password ?

Contrary to popular belief, the password :
2?w.V3hR<R<;B.x&9gc4

is no more secure than this one:
Rarity2-Justly3-Idiom3-Numerator8-Sway9

But it’s much easier for a human to remember the second password than the first.

Once again, what counts is the number of possible combinations.

Check if your current password is strong

You can test the strength of these two passwords using this tool, which determines how long it will take an attacker to test all possible combinations before coming across yours.

As you can see, while the first option offers perfectly satisfactory security, the second password is even more difficult to crack.

So let’s stop confusing the idea that the more difficult a password is for a human to read, the more secure it is. In reality, it’s only the number of characters and the entropy (randomness) used to generate the password that counts.

Knowing this, you have no more excuses to use weak passwords. Seedkeeper allows you to generate strong and reliable passwords for your everyday life.