How Secure Is My Password – Test Your Password Strength

Published by Adrian in Web Security

Password Security Isometric Background

Guessing passwords is one of the most common ways for hackers to gain access to all kinds of devices. If that’s what statistics prove, it can only mean one thing… We, the internet users, have a habit of choosing lousy passwords. Or, to put it mildly, instead of focusing on choosing passwords that are hard to break, we focus on choosing passwords that are easy to remember.

Unfortunately, easy to remember also means easy to guess. Don’t underestimate for a second a hacker’s power and instruments. That’s because hackers don’t just sit in front of a computer, gaze at the window, and type random things that cross their minds in an attempt to guess your password.

No, hackers have the means to test billions and hundreds of billions of possible passwords in as little as… one second. That, of course, if it’s a brute force attack. If it’s a dictionary attack, it will simply work with prearranged lists with hundreds of thousands of common words, matching it against your password.

So, do you still doubt the importance of having a secure password?

We have a feeling that, by now, you should actually start doubting whether your current passwords are secure enough or not…

In today’s article, we’re going to help you with just that:

  • Come up with new, more sophisticated (and not necessarily more difficult to remember) passwords – so you’ll never again have to juggle with questions like “How secure is my password?” or “How to create a secure password?”;
  • Test your password strength, just in case you have some passwords you really want to keep but you’re not sure how secure they are.

Without further ado, let’s get to the facts.

How to create a secure password – the basics

We like to think of at least 5 golden rules when it comes to setting up passwords that are hard to break. Here they are, in no particular order:

  1. Take length into account
  2. Consider mixing up different types of characters
  3. Make sure it’s unique to that account, don’t use it multiple times
  4. Make it look like gibberish to everyone else and have sense to you and only you
  5. Refrain from using common substitutions for certain characters

Length

We rely so much on technology that our memory is seriously affected these days. Some of us can’t even remember their phone numbers. Others would be at a loss if anything would happen to their phone agenda, not being able to recall even their mother’s phone numbers. Birthdays, important events and anniversaries, thank God there’s a calendar for it and push-up notifications!

So, what’s to wonder that we choose short passwords? We clearly cannot write those down or put on a poster to have them at hand. So, if we have to remember it, at least make it sweet and short, right?Wrong. The first thing that would make your password fail the test of strength is length. Anything under 12 (sometimes even 14) characters is considered insufficient.

Diversity

Monotony is predictable, we get it. And predictable things are easier to remember. Between Ws_&u9GHk:!@t and Abcdefg123456, the latter is easier to remember. But that doesn’t solve your problem, which is to come up with passwords that no tool out there can predict or guess.

So, instead of going the easy way, try mixing up symbols, letters and numbers, use capitalization and punctuation, and don’t just stick to your native language when playing with words. Of course, you’ll generate secure password that is hard to forget if you also have a certain pattern in mind, but we’ll talk about that a bit later.

For now, just keep in mind you’re supposed to be as playful and creative as you can.

Uniqueness

Perhaps you haven’t thought about it, but if a hacker breaks one of your many accounts, he won’t just settle for it. The temptation to try and see if you’ve used that same password with other accounts is too big to be ignored. And so, you end up losing a lot more when you share your password between accounts.

Needless to say, you don’t even have to have an account hacked. If a website where you have an account is compromised and hackers obtain your login credentials on that occasion, it’s the same thing.

So, taking all the precaution measures to protect your accounts is not always enough. Sometimes, your passwords may leak and that’s when it’s most important that the source of the leak won’t be used for later breaking into your other accounts.

Logic

It has to look like gibberish but still have some sense so you won’t forget it the very next day. Doesn’t seem logical to you? Well, if you come up with your own rules to create passwords, you’ll have fewer chances to forget it.

Maybe you have a favorite poem and you could choose the first word at the beginning of each verse. Then, only use the vowels from those words and capitalize every second word. Add numbers in between those words, for the verses that those words are opening.

When it comes to creating the most secure password, there are no limitations to what you can use. Like literally, the sky is the limit. Or the sky and… your memory, of course.

Illogic

Wait, what? We just said it has to have some logic and now we try to make it illogic? It doesn’t have sense, right?

It does, if you look at it this way: how secure is your password will very much depend on being a logical sequence of characters (to you!) and a completely illogical string of characters to anyone and anything trying to guess it.

That’s why every secure password generator out there will refrain from making logical substitution such as 0 instead of O, 4 instead of four, @ instead of at and so on.

That’s also why they don’t come up with dictionary words or with letters and symbols that have meaning when taken in a particular order – think of the classic qwerty or the not so smart use of 3.14159 (which is the value of pi in sciences).

Which type of password would be considered secure?

Password data phishing,hacker attack prevention

You don’t need to remember the rules from above to realize that “incorrect” isn’t a smart password (even if you’ll always get the “your password is incorrect” message every time you forget it). Or that “password” isn’t a secure password either (don’t think that people know it’s weak, so nobody’s really using it these days, so nobody will think about guessing it…).That’s not the way logic and illogic apply to setting up what is considered a secure password. Aside from the suggestions we’ve just made to you, we have to add that password strength increases when:

  • You don’t use words from the dictionary;
  • You don’t make substitutions that everybody knows of;
  • You don’t use letters or numbers in sequences;
  • You don’t use combinations of letters or numbers that have a particular sense on the keyboard (like following a memorable path);
  • You don’t use security questions whose answers are already public on social networks or on Google;
  • You don’t use names of people or objects that you are clearly connected to, on social networks;
  • You don’t use full words, connected either semantically or grammatically.

If you were looking for examples of good passwords, suffices to google for “secure password check” and you’ll bump into plenty of useful results. Some websites just randomly generate secure passwords by putting into practice all of the rules from above, automatically. Whereas others will let you set up some rules as easy as ticking a few boxes. And there are even websites where you can check how secure a password is.

Websites that generate passwords for you automatically

On passwordgenerator.net, for instance, you get to use a secure password generator that allows you to decide on:

  • Password length – number of characters from a predefined list of options (you’ll notice they call it strong if it has at least 16 characters);
  • Whether it should include symbols or not;
  • Whether it should include numbers or not;
  • Whether it should include lowercase characters or uppercase characters;
  • Whether it should exclude similar characters or ambiguous characters.

To make it even better, after it creates the most secure password according to the rules set by you, it also gives you suggestions on how to remember it. Say you want a 16-character long password, to include symbols, numbers, both lowercase and upper case characters. You also opt to exclude similar characters and ambiguous characters. And you’ll get something like…

7Kc2cj4WL$%%HP_w

The password generator will then make you a suggestion to remember it using the following connections: 7 KOREAN coffee 2 coffee jack 4 WALMART LAPTOP $ % % HULU PARK _ walmart

Without trying to be mean, if you need to find out if or how secure is your password, chances are that all of the passwords you’re currently using can easily pass as examples of bad passwords. In any case, we don’t really think you’d need examples of what not to use. Not after you’ve read the rules from above.

Websites that check how secure is your password

If you don’t want to take a password generated on the web and use it to protect your sensitive data, you still have the option to check up the security of a password created by you. Kaspersky has a pretty popular secure password check tool. But as you’ll notice from the moment you access its web page, it strongly advises you to never enter your real password with such verifications.

So, again, you can write down the secure password that you created for yourself. Come up with a different one following the same rule – you replace the letters, the numbers, or whatever. And only test the replacement password. If it passes the test, use the original one and, obviously, tear into pieces the paper where you’ve written it in the first place!

Whether this is a way to overact about such a sensitive topic or not, it only depends on how much you value your privacy. Practice showed us you can never be too careful when it comes to protecting your identity online. So, perhaps, constantly asking yourself how secure are your passwords is not such a bad thing. And neither is changing them as often as you can…