How to Choose a Password?

    How to Choose a Password
    Quick Navigation
    What do you need to choose a password?
    #1 Understand how sites store your password
    #2 Think about your password’s length
    #3 Get a password manager
    #4 Avoid common password mistakes

    Nowadays, hackers are always on the look-out for vulnerabilities or users’ mistakes so that they can hack accounts and steal information. The only thing that stands in their way is your password’s strength.

    However, a lot of people don’t know how to choose a password. In most cases, they rely on something simple so that they won’t forget it. Well, that’s a hacker’s dream come true.

    Since passwords protect your bank account, social profiles, and email services, it shouldn’t be easy to guess. That’s why today I’m going to give you some tips on how to choose a password.

    What do you need to choose a password?

    Let’s begin by talking about what would you need to choose a strong password which would hamper any hacker. Well, it’s not much:

    • Some basic computer skills

    • A password manager

    • Imagination

    And now let’s see the steps you have to take to choose a password.

    #1 Understand how sites store your password

    Websites usually do not store your password as plain text because if their servers get compromised, hackers will get their hands on your information. What they do instead is called hashing the password.

    Hashing means that your password is run through a mathematical algorithm, which results in a string of characters. If you hash the word “Debbie”, for example, it will render the same hash every time. However, the word “Debbies” will have a completely different hash.

    So, when you attempt to log into the site again, it runs the same algorithm on the password you enter and compares the hashes. If they match, it lets you log into your account.

    As you can see, hashing is different from encryption because any encrypted data is meant to be deciphered at one point or another. Hashing, on the other hand, is a one-way street. While it’s very easy to generate hashes, it’s almost impossible to reverse-engineer one.

    That’s why sites store hashes on their servers, not the passwords in plain text. In this way, anyone who steals that information would find it useless or hard to use

    #2 Think about your password’s length

    Now when you know how most sites keep your password, the question is how hackers are able to hack into someone’s account. Well, these people usually have the time and the resources – a lot of computing power – to run common passwords through the hashing process and see if it matches.

    If your password is a short one – six or less– with the right equipment, a hacker might guess it in a couple of days. That’s a big possibility is the site doesn’t “salt” the password.

    Salting, in this case, means adding a string of characters to the password before hashing it. That extends the length of the password and makes the job of the hacker difficult. Unfortunately, not all sites use salting when it comes to passwords, so you might not be as safe as you think you are.

    What you can do in such situations is use long passwords. Adding two characters to a six-letter password drastically lowers the chances that a hacker will ever uncover it. The chances are even slimmer if you use symbols.

    That’s why some sites require that you use cases, numbers, and symbols in combination when you create your password. What’s more, some websites do not accept password shorter than 8 characters. So, your password should be eight characters at least, preferably 12.

    #3 Get a password manager

    But how are you going to remember a 12-letter password containing a combination of numbers, symbols, and letter? Well, you don’t have to.

    I’m not talking about writing these passwords on a piece of paper on a Word document because it’s easy to lose the paper and your computer can be hacked even if you’re extra careful.

    What I propose is a password manager. It helps you create unique, strong passwords and store them securely. And since the password manager autofills the password, you don’t have to remember it at all.

    I recommend Keeper Unlimited, which:

    • Allows you to access and sync your password from any device
    • Protects unlimited numbers of passwords
    • Stores credit card information securely
    • Has two-factor authentication
    • Uses AES and PBKDF2 encryptions

    #4 Avoid common password mistakes

    Finally, there are some common mistakes that users do, which usually result in a hacked account. So, here’s what to avoid when you choose a password:

    • Do not use birthdays, pets’ names, surnames or anything that could be found on your social media’s profile. Not to mention, 123456.
    • Never use the same password twice because if it gets hacked, it will compromise all other accounts.
    • Avoid sharing your password with friends or even family, especially over emails.
    • Do not use recognizable keystroke patterns. For example, “qwertyuiop” is a bad idea. Just look at your keyboard.
    • Never keep a copy on your passwords on your phone or laptop in plain text. Be smart and use password managers.
    • It’s a good idea to change your passwords from time to time to keep hackers on their toes.

    So, let’s wrap things up. The best password is at 12 characters in length, and it’s a combination of symbols, numbers, and letters, which can’t be linked to you in any way.

    What do you think about these tips on how to choose a password? Do you use password managers and what’s the best one? Share your experience in the comments. 

    (Last Updated On: January 22, 2019)
    About the author

      Whale Sumo

      Hwang is a self-proclaimed nerd who loves helping people understand complex concepts. He has a passion for crypto and online privacy and enjoys teaching others about the benefits of both. Hwang is an advocate for individual freedom and believes that knowledge is power. When he's not busy sharing his knowledge with the world, Hwang can be found running full marathons or playing video games.