We trust the digital world with our lives. We put our memories, thoughts, secrets, and more into it for convenience. But there’s danger in doing that, as it’s a target for many malicious people.
What’s worse is that most of you reading this article is not even protecting your digital life properly, especially when it comes to your password security.
In this article, I’ll be showing you what makes a great password and how to generate a good one. I will also explain why you should be using a password manager and recommend some good ones.
Password entropy
In order to understand what makes a great password, you must know about password entropy.
Password entropy is measuring how difficult a given password would be to crack using guessing, brute force cracking, dictionary attacks, or other common methods,
Basically, an attacker will need to guess your password with multiple entries until the correct one is entered.
It is written in a mathematical formula: Entropy equals Log Base 2 of S to the power of L where S is the size of unique possible symbols to be used, like character sets, numbers, etc., and L is the actual length of the password. S to the power of L is the number of possible combinations and the higher the entropy number is, the better!
Here are some examples.
The first example, this password has eight characters of lowercase English alphabets.
Using the formula, L is the length of the password, so it would obviously be 8. S is the number of possible symbols used would be 26 due to the English alphabet going from a to z.
This means there are over 208 billion possible combinations from 8 various characters of the alphabet and its entropy would be 37.6 bits. This is quite weak due to today’s computers being powerful enough to guess the passwords within a couple of hours at most.
The second example, this password has the same 8 lengths of characters, but this time uses both upper and lowercase letters making S be 52; so the possible combinations are 5.3459 times 10 to the 13th and the entropy would be 45.6 bits.
It’s somewhat of an improvement meaning it may take a couple of days or weeks to crack, but it’s still crackable within a reasonable time.
For this third example, we’re going to go all out by putting in lowercase and uppercase letters, numbers, and other various ASCII symbols while trying to keep it at 8 lengths.
That means S is going to be 95. So the number of combinations is 6.6342043 times 10 to 15. The entropy is 52.56 bits. This is still crackable but it will require more advanced powerful hardware out there to do.
The final example will be a copy of the first example except the character length will be 16 instead of 8. This means the number of combinations will be 4.36 times 10 to the 22, and the entropy will be 75.2 bits.
This is actually pretty good for today and is still hard to crack. You’re probably wondering, what am I getting at with the mathematics and how long it takes to crack the passwords?
What I’m trying to say is that you need long, complex passwords that take an unreasonable amount of time to crack.
Most of you are not doing that, so malicious people can run some password cracker and get it within a reasonable time.
So, you must start by changing your password to something that’s at least 100 bits of Entropy!
Password manager
Each account that has a password must be unique so that way one compromise account will not affect the other.
As a result, almost all of you will never be able to memorize any of those passwords at all.
So the solution is to use a password manager, where all your passwords are stored securely in a vault.
There are many managers to choose from: from offline to online and from free to pay.
So, you will need to choose one that fits you the best while being the most secure. Be careful what you pick because this is your golden egg and remember if you do not trust the manager or there are vulnerabilities in the program, know that there are many replacements out there.
If you find yourself stumped on which to go with, there are three managers out there I recommend you check out.
Now, I’m not saying these three are the best out of the rest out there, but these are some that I personally know are good and can recommend in good faith, at least currently. Also, I’m not affiliated with any of them, so these are just my opinions.
1Password
The first password manager I recommend is 1Password. I specifically recommend this manager for non-technical people.
The manager can be accessed on a web browser, Windows, Mac OS, Linux, Android, and iOS.
For the starting price of $2.99 per month, 1Password stores your passwords in a cloud syncing encrypted vault. You can also create and store notes, identities, and credit card information.
One of the biggest things many people like about 1Password is that the UI is very polished and user friendly.
In fact, it’s the best looking one out of the three managers I recommend.
Another thing 1Password does is allow you to fill out customs forms inside each account login slot besides adding notes, which can be helpful for knowing extra information.
Finally, you get health reports on whether your password was in a website’s breach or whether you’re using the same passwords over and over again. There are some downsides to this manager.
There’s no free option available for this service meaning if you cannot pay, you cannot use the service at all.
Another problem is that the service is not open-sourced meaning 1Password can only look at the code, no one else; so if there are any issues with the program, you’re gonna have to report it to 1Password. You cannot fix it yourself. Overall, this is a great password manager for those of you who aren’t tech-savvy.
Bitwarden
The second manager I recommend is Bitwarden. Bitwarden is a great manager for those of you who want a frugal cloud-based solution. This manager can be accessed on a web browser, Windows, Mac OS, Linux, Android, and iOS apps.
The manager offers two types of accounts: free and premium. The free account offers unlimited password storage while the premium one offers file storage and 2FA.
If you choose to go with the premium account, it’s $10 per year or $0.83 cents per month, making this one of the most frugal paid managers out there.
Another thing is that this manager is fully open source and has been audited.
If you feel uneasy storing your credentials with blind trust, DON’T BE with Bitwarden as many people have their eyes on the code, including security experts. But if you still don’t trust them completely, you’re free to host your own vault on your own server.
The only downside is that the UI, for both the app and the web, is lacking a little bit of polish; but keep in mind, this is open-source software, so as many people help the team develop it, it will change for the better.
KeePass
The final manager I recommend is KeePass. There are multiple variations of this manager since it’s open-source as well. One variant I recommend specifically is KeePassXC.
These managers are meant for offline management, so I will warn you that these managers are really meant for advanced users who prefer to manually keep their database locally rather than online.
With multiple variations of the program, it’s pretty much available on most platforms out there for free, which is a benefit. But it’s also a downside as well as there’s no real company or standard behind this manager other than the database’s format.
Also, if you do not back up often and the database file is gone, you’re screwed. But this is the most secure and free manager out there, so you will need to take precautions, hence why I recommend this manager for advanced users.
As the world becomes more digital, we must secure our digital property properly!
As you learned in this article, you should make strong complex passwords with high bit entropy and then store them in a trusted password manager.
After that, you can log into your account safely knowing that there’s at least some protection on your end.
So, do you use strong passwords? Do you use password managers at all?
