If you spend a good amount of time online, and if you have a business that is partially or wholly based online, you likely have a need to use dozens and dozens of websites or web apps that require you to login in order to use them.
If you’re like most people, you probably use the same password everywhere, for every site you need to login to, including the admin side of your own website.
That one password that you’re probably using is also probably short and easy to remember, which, unfortunately, also makes it very easy for hackers (or their password cracking programs) to figure out.
If you use the same simple, easy-to-remember password everywhere you go on the web, you’re putting yourself, and all of your private, personal data, in a very risky situation.
If a hacker figures out your password for one app or website that you use, like your email account, they have half of what they need to login to the admin side of your website, such as a wordpress website.
That’s not a good thing.
One of the best things you can do to protect yourself online and keep all of your online accounts safe and secure (such as your online banking website, email account, business website, webhost account, and so on) is to always create super strong passwords, and use a different one for every website that you need to log into.
By “super strong” I mean long, ugly, and a pain in the butt to remember. A super strong password should be longer than 16 characters. It should not have any words that are in the dictionary, and it should have upper and lowercase letters, symbols, and numbers.
This is an example of a super strong password: #$kK3o;?Asc#m3op8A
This is an example of a weak password that could be easily cracked by a hacker: sunshine77
Here’s a really easy way to test how strong your password is. Go to this website:
http://howsecureismypassword.net/
Then paste in your password. If you happen to use the same password everywhere you go on the web, go ahead and enter the password you always use into the big password field on that page above.
As soon as you enter it, you’ll see some notes about your password below it.
The first thing you’ll see is how long it would take a PC to crack your password.
For the super strong password above, it would take 3 quintillion years to crack. And I’m not making that up. Copy and paste that password above into the password strength checking tool on that page and see for yourself.
3 quintnillion years is a 3 with 18 zeros. That’s a crazy long time. The earth actually won’t even be here 3 quintillion years from now (due to the fact that the sun will expand into a Red Giant star and burn up the Earth in about 5 billion years from now. And I’m not making that up either 😉
In other words, that first super strong password is very secure.
As for the second one, which is sunshine77, it would only take 10 days for a hacker to crack that. In other words, it’s not very strong at all.
On the password strength checking page, below the display of the length of time it would take to crack your password, if your password isn’t very safe, you’ll see some notes about how to make it stronger.
The big take away here is this: wherever you go on the web that requires you to login, if you want to keep others from accessing the place where you’re logging into, use a long, ugly, hard to remember password that’s over 16 characters long, has upper and lower case letters, numbers, and symbols, and that doesn’t have any words from the dictionary in it.
Now, doing this presents a potential pain in the butt into your daily online life: how are you supposed to remember even one of those super strong passwords, much less a different one for every website you need to log into regularly?
Enter a type of software called a “password manager.” This, my friends, will save you in many ways, while keeping you very safe online.
My favorite password manager, which works on Macs, PC’s, iphones, ipads, and Android phones, is called 1Password. I use it everyday, at least 10 times a day. It’s a lifesaver. Seriously.
What a password manager like 1Password does is this:
1) It stores all of your passwords for every website you need to login to.
2) When you come to a website that you need to login to often, as long as you’ve saved your login information for that site in 1Password, you can use 1Password to login to the site with one click in your browser. It will automatically fill in your username or email address and password in the login form, then click on the login button for you. Easy peasy. No need to remember long ugly passwords. No need to remember any login credentials at all…1password remembers them for you.
3) You can create those super strong type of passwords for new sites that you need to login to, or old ones that you want to change the password for, using a built in password generator. Again, it’s very quick and easy. One click and it creates a beautiful, long, ugly, super strong password for you that you can use anywhere you want to. Lickety split.
1Password does a few other cool things as well, and I highly recommend that you check it out and buy it. It’s money well spent if you spend a lot of time online and want to keep your things safe on the interwebs.
Hope this helps a bit! Get out there and create some super strong, beautiful-ugly passwords wherever you go on the web!
HI Forest, don’t you think it’s risky to put your password in this website? If I were an hacker, I would create exactly this type of site to attract visitors and get their passwords, as well as the software you were referring to.
Hi Adriana,
I don’t think entering your password into that site creates a security risk at all. If you’re managing your passwords in an ideal way, you’d have a different strong password for every site that you login to on the web…and you’d be using an app like 1Password to manage them all for you so you don’t need to remember any of them.
Even if a hacker had a fishing app set up on a password testing site like this, if they got your password, they would only have 1/3 of what they would need to hack something of yours. They’d need the location of the thing you login to with that password as well as your username for the thing you’re logging in to. There’s no way they can get that by capturing passwords from a site like this.
Hope that helps a bit! My top recommendation for creating strong passwords is to use 1Password. It can generate very strong passwords in one click, and save them, and then allow you to login to any site with just one click. Super easy!
Cheers,
Forest
I went to the test page a tried a dummy password of 9 chars, the result is 275 days to crack…
Length: 9 characters
Character Combinations: 77
Calculations Per Second: 4 billion
Possible Combinations: 95 quadrillion
I maybe misunderstand the result but to me it means after 275 days a hacker has the list of the 95 quadrillion possible values for my password.
After 3 failed login attempts on my bank website my account will be locked (other may blacklist you as bot after too many tries during a period of time ) – So if a hacker find the right on out of 3 in 95 quadrillion – he’d better play money games…
I use keepass, other use password safe (similar) you suggest 1Password(the only with a fee in the three – but why not ). There is a bigger risk there if a hacker has your master password file on his PC and plenty of time an no limitations as I explained above to crack it and have all your passwords available…..
I don’t try to minimize hacking risk they are unfortunately real but paranoia should have a limit…
Hey Forest,
This is great. Finally getting around to taking care of this. A little paranoid about them having all that info, but I’m hoping they actually don’t. 🙂 Anyway, thanks for the tip.
D.
I use Password Safe, http://pwsafe.org/, and I love it! It was recommended to me by several friends in IT Security. My only regret is I didn’t immediately download it and start to use it. I have it on my computers and my assorted iDevices. I store the safe on DropBox, http://www.dropbox.com, so it it available wherever I need it.