Articles

Cyber security information, guides and research

How to Pick Unbreakable Passwords

Let's start with the obvious: any password, no matter how complex, can be broken. Hackers may be able to install a keyboard logging application on your computer, for example, and this piece of software will silently record any keyboard key stroke, and then email them all to the hacker's server. This doesn't mean that we are helpless, though; we can add MFA to the mix (I have written a guide about that) and we can make sure that our passwords are really hard to break.

Before we begin, let's see what hackers are doing to uncover our passwords. Some of them are simply buying batches of valid username/passwords combinations for cheap by visiting known forums on the dark web. So, it makes sense to change your passwords regularly, especially when the accounts that are supposed to be protected by these passwords are very important.

If your passwords aren't available for sale, hackers will try to discover them through brute force attacks. These types of cyber attacks make use of software which will try all possible combinations of characters until it breaks into the system. With today's ultra fast computers, any password of less than 12 characters can be cracked by a computer farm within hours or days (at most).

Dictionary attacks can succeed even faster. Hackers who employ these techniques use software which loads various dictionary files, and then combines words and phrases, testing passwords such as blue35carrot. If you've been using a pass like this, it's time to try another password generation method.

Others use social engineering and/or phishing to trick you into revealing your password. You may receive an email from your favorite app store which states that your account has been compromised, so you need to reset your password using a custom link. In fact, when you click that link, you will arrive at a page which grabs and then sends those villains your username/pass combination.

So, now that we know all these important things, how can we create strong passwords? Well, don't use crazy strings such as "123456", "qwerty" or "monkey" in the first place. And don't believe that you can outsmart hackers by replacing some characters with leetspeak. In other words, don't use passwords such as "cl3v3rp455w0rd"; hackers are familiar with leet as well, so you'll only make their job easier.

Some people combine several words to create passwords that are hard to crack and easy to remember. Here's an example which combines the words John, Likes, Pizza, and the numbers 3, 5 and 7; the resulting John3Likes5Pizza7 password will be quite hard to guess, wouldn't you agree? To make things even harder, you can capitalize the second letter of each word, making your password look like this: jOhn3lIkes5pIzza7.

Another idea is to think of a phrase which only makes sense to you, such as "My wife cooks fantastic Italian dishes since 1990!". Then, take the first two letters of each word, and you will get something like this: "MywicofaItdisi19!".

The two methods above are perfect for people who want to create strong passwords, and yet be able to remember them. However, if you plan to use a password manager or you have a fantastic memory, you can create random password strings yourself, or use an online password generator. If you decide to utilize a password manager, don't forget to keep the master password written down in a safe place.

Here's an extra tip: to withstand most cyber attacks, avoid giving easy answers to the security questions that are required when you create new accounts. When you are asked the name of your pet, for example, use something like "q34@5Csdl$!", and not Fido, because that name can be easily discovered by anyone who can see your Facebook page.