From IT Safety column in Doitsu NewsDigest (translated to English)
When you read stories about famous people who got “their accounts hacked” in almost all cases it was just the password that was guessed by another person. You can encrypt data and take as much security precautions as humanly possible, but if your password is easy to guess, all security measures are void.
Now you might ask, what’s a weak password, what’s a strong password and what does it mean to guess a password?
In the old days when computers weren’t connected to the internet, a parent would choose a password for their family PC that their kids wouldn’t be able to guess. This was usually an effective measure to keep the kids from accessing their data. Now the kids trying out different passwords one by one are replaced by very fast computers that can try out thousands of passwords per second!
If your password is a real word from a dictionary it’s usually cracked within a couple of seconds. Therefore a strong password must be hard to guess for a computer, but still be easy to remember by a person. Actually, the term “password” is misleading and outdated, nowadays it should be called “passphrase” (not just one word but a sentence).
A good rule of thumb is to use a passphrase that consists of 4 or 5 words and which also includes some special characters. Think about a sentence or a picture consisting of different elements you can remember. Using words from different languages is a very good idea here, since it makes guessing words from a dictionary much more difficult.
Here’s an example: The probablity of rain is 50% and there’s an ape under an umbrella together with a snail. 50%ameRegenschirmAffe&katatsumuri
This password is really strong (especially as it mixes Japanes, English, and German words) and it’ll take even a super-computer many years to guess it.
Once you come up with a strong password, don’t use the same password for all your accounts and websites. I recommend using a different password for every account.
But how to remember hundreds of different passwords?
Fortunately there are software tools that help you here. Web browsers like Firefox and Chrome have a password manager that remembers the right password for every website.
You just need to remember you master password.
MacOS provides a software called “Keychain Access” which helps you to create and manage strong passwords. My personal recommendation is the free software KeePassX which runs on Linux, Mac and Windows.
Even with the most sophisticated password management software, it’s highly recommended that you have your passwords written down in a small notebook and have it hidden in a secure place. I hope this little article will help you to use more secure passwords and you will never be a victim of a password cracking attack.
Link to original article in Japanese: