This is a text automatically translated from Italian. If you appreciate our work and if you like reading it in your language, consider a donation to allow us to continue doing it and improving it.
Content index
A question that we are sure everyone has asked themselves at least once! How do I choose a secure password? And can I reuse it elsewhere? Let's answer the second question immediately and without mincing words: Absolutely not!
We will see in this article how to choose a secure password but it is essential to avoid repeating it on multiple platforms.
The importance of not repeating it on multiple platforms is evident for some, others perhaps don't know the reason. We'll explain it to you right away: as you know, it is possible to check if one or more accounts have been violated through sites like Firefox Monitor And many others. Here we can check if our email has ended up in any compromised database. Together with our data our password may also have been exposed!
If your password is unique, with a similar breach you just need to change the password for that account and you're good to go. If, however, you have used that password on multiple accounts (perhaps without even writing down exactly where) you understand that you are putting all the associated services at risk.
How do I choose a secure password? No, 123456 is not a strong password
Are we saying things that everyone knows? Maybe you don't know what the most used passwords found in compromised databases are 1 2.
You are ready?
- 123456
- 123456789
- qwerty
- password
- iloveyou
- abc123
- 1q2w3e4r
- 555555
- welcome
- princess
- dragon
- password1
So starting from this assumption the main advice we give you, as always, is to use a password manager For example Bitwarden or even the excellent Keepass, based on your preferences and needs.
Thanks to anyone password generator (like the one included in Bitwarden) you will be able to set a different password on all sites. Complex and very very long passwords (16, 18 or even 22 characters) with uppercase, lowercase, numbers and special characters. This is the solution we prefer and generally recommend. But she's not the only one.
For example, if for some reason you are against password managers and you are fond of the diary and pen and paper or of your memory, you can try using an intelligent system.
The idea that a password needs to be complex to read it is, let's say, a sort of legend. Unfortunately, this legend has favored the use of absurd passwords that are impossible to remember even by those who do not use password managers! In doing so, it often happens that people are forced to use complex passwords that are impossible to remember. And to solve this problem they then write it on the post-it attached to the monitor.
A password must be secure and complex, but it does not necessarily have to be complex to read and above all it can also be more or less simple to remember.
A password must be long!
The paradox of this situation leads people to choose passwords that are short but complex to remember. Or long but written on the Post-It stuck on the monitor. Difficult for humans but often easy for machines to guess. A password like GiùliEtt4! it is very difficult to remember but it is decidedly unsafe compared to a series of random words. One of the most important things, in these cases, is the length and not just the complexity of the chosen word. In fact, keep in mind that generally a password of 8 characters can potentially be hacked in 12 minutes 3.
How do I choose a secure password? Use lots of random words!
As you can see well from the explanatory image above of the good xkdc there's no reason to invent a complex password if you don't use password manager: a sequence of random words is enough to lengthen the time needed to crack it. And you just need to mentally visualize the password to remember it easily.
It also exists xkpasswd.net, a free, ad-free password generator inspired by this cartoon. If you are a fan of the Proton suite there is also the Proton Pass password generator.
Attention: this doesn't mean using two words that are close together because this is not useful. For a cracker (the one who is trying to crack your password) it can be simple to find a password like iloveyou 4.
Even if the discussion is a little different, try to think for example of seed phrase that is, the list of words needed to recover a Bitcoin wallet. They are not complex passwords with characters that are difficult to remember, but they are 12 random words.
Now obviously remember 12 words disconnected from each other is complex for a human being. But just using 5 or 6 words makes you safer. If you choose a few words but insert a special character or number between one word and another, you are better covered. Let's give an example: horse%butter!onion2mickey&.
One of the important things is that consecutive words don't make much sense except to you. CasaRossa is not a good start for example. CavalloBurro is already doing better.
Summarize your favorite phrase!
Another idea to have fresh and safe passwords to remember without wanting to use a password manager is to summarize a sentence by taking only the initial letter. Let's look at an example we found here, translated into Italian:
- Qa7a,mshgimcdpnw! = When I was 7, my sister flushed my stuffed rabbit down the toilet!
An intelligent method to remember a random series of letters that make sense only to you. The only catch with this method is that it can be easy to make a mistake between one word and another in the middle of a sensible sentence (confusing thrown with launched, for example) and therefore risk making a mistake.
Roll the dice and create your password
But the human mind is not really made to invent causal words that are disconnected from each other. In this case you can get help from a simple dice and the fantastic Diceware. It's a very simple method to create passwords with words that are completely unrelated to each other.
Using it is very simple and it also comes to our aid Italian version created by Tarin Gamberini. The instructions are just as simple and you don't need any computer knowledge or be a cryptographic expert.
In short: download the word list and then roll a die to create your password. However, we refer you to Diceware's official Italian website who will certainly explain it to you better than us: Diceware.
So, how do I choose a secure password?
There are therefore mainly two methods for choosing a secure password (there are many others, but we like these two and think they are the easiest and most effective).
The first method is to rely on a password generator and then store it in your favorite password manager. This way you will only have to remember one: that of the password manager.
For those who are not fans of password managers, the most practical, fastest and safest method is to use random words, perhaps with help from Diceware for the most important projects. As we have seen, the ideal for security would be to use at least 12 words. But already using 5/6 of them, perhaps putting in a special character between one word and another, you are quite safe!
I recommend that you use an agenda to store your passwords because you don't trust password managers encrypt your passwords in some way that you have chosen. You decide how but never write the password in clear text. Find a method to screw someone who found your precious diary.
Without prejudice to what we said at the beginning: never reuse the same password on multiple accounts!
Finally, we leave you with some interesting tools:
- List of the most common passwords[↩]
- The most common password used in 2020? 1 2 3 4 5 6[↩]
- A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?[↩]
- Choosing a Secure Password[↩]
Join communities
If you have found errors in the article you can report them by clicking here, Thank you!