“Be sure to use a strong password”. That’s one of the most repeated advice by cyber security experts ever. Yet, what exactly is a strong password? With today’s technologies and computing power, is it even possible to create the perfect password?
Well, not really, to be honest. There are different schools of thought about what makes one password more secure than the rest. Some would say that, you can make a strong password with little effort. Others would say that it doesn’t matter how intricate you make the string, a password can always be cracked given enough time.
The truth is, both statements are valid. Yes, any password can be cracked. Yes, the stronger the password, the more difficult it is to be cracked and the more likely is that the hackers will give up and go to try and hack someone else.
So, how to create the perfect password?
First, let’s get into the mindset of a hacker. How would you approach cracking someone’s password? First, you will try the most common passwords like 123456, etc. There are also plenty of lists with cracked and common passwords freely available on the internet. A hacker would use them as a first reference. Your password shouldn’t be on any of those lists. Of course, you can’t really check them all, but you can make sure your password is as unique as possible.
The simple way is to use a password manager app. There are loads of those available. They will generate random strings for your accounts and each will be different. This way you need to only remember the main password for the manager, while the app will fill in the rest.
Still, you will need to think of at least one strong password. Again, there are several schools of thought here. Simply making a long password or a phrase isn’t enough. A pass like: “Luke1amY0urFath3R” looks good on paper, but it’s not. It won’t withstand a typical brute force attack for long. You see, most brute force attacks take common phrases and passwords and then try various variations. And hackers know that many people replace I with 1, o with 0, E with 3, etc. So, this complicated at first glance pass is actually quite simple to guess.
The true key to a password you can be somewhat confident in is the randomness and length. It doesn’t matter how many digits or special symbols you add in a password if they are predictable. But simply pouring a dash of truly random strings on the keyboard won’t make for an easy password to remember.
Instead, you can mix the best of both worlds to create a unique, but memorable (for you only) password, which will put cracking algorithms to the test.
Start with something simple. Pick a cool phrase that not many people know you actually like. Let’s stick to our first example: LukeIamYourFather.
Now, let’s randomize it a bit. Remember, the trick is not to be predictable. So, instead of changing popular letters with popular numbers, let’s throw a wrench to the string’s spokes by adding a whole new phrase. And also let’s capitalize the wrong letters. So, now we have this: LukEiNeed$50bUckZ!n1aMNoTy0UrfatHer. If you can’t read it, the pass now says: “Luke I need $50 bucks! And I am not your father”.
You can randomize it even more by changing common words and letters for the button next to it on the keyboard or something else you remember or like. Add a completely random word as well. This way, we get this string: LykEiN3ed$50bUxkZ!n1aMN@Ty0Urf?tHetIgl0o. It’s the same phrase as before, but with a few different letters and an added random word “igloo” at the very end.
Now, this is a string that will challenge even the most advanced brute force algorithms. Well, not exactly this one, since it’s on the web now and therefore compromised. But you get the idea. Granted, it’s also a bit difficult to memorize and not 100% hack-proof, but it’s still a lot better than common passwords and not as tricky to remember as a truly random 40-character string. Of course, you can start with a shorter variation. Eventually, you will get used to it and you will be able to create similar strong passwords with your own unique touch and remember them with ease.