1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
<!doctype html>
<html lang="en">
<head>
<title>How to Choose a Password</title>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="/site.css">
</head>
<body>
<main>
<h1>How to Choose a Password</h1>
<p>
It’s important to choose passwords that satisfy two basic requirements:
</p>
<ol>
<li>
<strong>No one should be able to guess it,</strong>
either based on what they know about you, by simply guessing common
passwords, or based on other passwords they know you’ve used.
</li>
<li>
<strong>It should grant access to only one thing.</strong>
You should assume that the password <em>will</em> be compromised, and
when it is, the attacker should not be able to use that information to
gain access to any of your other accounts.
</li>
</ol>
<h2>Use long, random passwords</h2>
<p>
The easiest way to make sure that no one can guess your password is to
make it completely random. Using random passwords helps achieve the
principles above because:
</p>
<ul>
<li>
It automatically won’t have any information associated with you, such
as a pet’s or family member’s name.
</li>
<li>
If you need to change your password, it’s easy to come up with a
completely new one rather than just changing <code>randomness</code> to
<code>randomness1</code>, then to <code>randomness2</code> and so on.
</li>
</ul>
<p>
A good, random password depends on <em>entropy</em>, which is a measure
of the amount of information it contains. Some passwords that
<em>appear</em> random and secure are not. For example,
<code>zxcvbn</code> <em>looks</em> like a bunch of random letters, but is
actually a common password because it’s the first six keys on the bottom
row of the QWERTY keyboard.
</p>
<h2>Use a password manager to help you remember</h2>
<p>
Unless you have a superhuman memory, you won’t be able to remember all
the long, random passwords that you have. A great solution to this
problem is to use a password manager. Password managers are software
programs that run on your computer and/or mobile phone that securely
store your passwords and guard them with a master passphrase.
</p>
<p>
A good password manager uses your passphrase to encrypt all of your
passwords. This means that even the company who makes the software does
not have access to your secret passwords; the only way someone could
access them is by knowing your passphrase.
</p>
<p>
Another benefit to using a password manager is that they help you
generate new passwords when you need them. Here are a few recommendations:
</p>
<ul>
<li><a href="https://keepass.info/">KeePass</a></li>
<li><a href="https://1password.com/">1Password</a></li>
</ul>
</main>
<footer>
The content of this site is
<a href="https://github.com/benburwell/howtochooseapassword.com">
hosted on GitHub
</a>
and in the <a href="http://unlicense.org">public domain</a>.
Contributions are welcomed.
</footer>
</body>
</html>
|