How to Choose a Password
It’s important to choose passwords that satisfy two basic requirements:
- No one should be able to guess it, either based on what they know about you, by simply guessing common passwords, or based on other passwords they know you’ve used.
- It should grant access to only one thing. You should assume that the password will be compromised, and when it is, the attacker should not be able to use that information to gain access to any of your other accounts.
Use long, random passwords
The easiest way to make sure that no one can guess your password is to make it completely random. Using random passwords helps achieve the principles above because:
- It automatically won’t have any information associated with you, such as a pet’s or family member’s name.
-
If you need to change your password, it’s easy to come up with a
completely new one rather than just changing
randomnesstorandomness1, then torandomness2and so on.
A good, random password depends on entropy, which is a measure
of the amount of information it contains. Some passwords that
appear random and secure are not. For example,
zxcvbn looks like a bunch of random letters, but is
actually a common password because it’s the first six keys on the bottom
row of the QWERTY keyboard.
Use a password manager to help you remember
Unless you have a superhuman memory, you won’t be able to remember all the long, random passwords that you have. A great solution to this problem is to use a password manager. Password managers are software programs that run on your computer and/or mobile phone that securely store your passwords and guard them with a master passphrase.
A good password manager uses your passphrase to encrypt all of your passwords. This means that even the company who makes the software does not have access to your secret passwords; the only way someone could access them is by knowing your passphrase.
Another benefit to using a password manager is that they help you generate new passwords when you need them. Here are a few recommendations: