In 2019 attackers have breached and leaked over 500 Million passwords from the Facebook database alone, and there are even more from other sites.
While you can’t prevent that your data will be leaked in a future breach, you can prevent that your password gets hacked by making a secure password.
Most websites store your password in a hashed way. This means an attacker needs to brute force or crack it by other means. If you choose a secure password, it will take longer to get cracked, and the attackers might even lose motivation.
Entropy for a secure password
To increase the security of your password, you need to increase its entropy.
Entropy in short, is a measure of statistical randomness. If your password has a high entropy it becomes almost unpredictable in a reasonable time.
But how do you increase entropy?
The longer your password is, the more time it will take to be cracked. longer passwords are thus more secure than short ones.
Short passwords also allow for a smaller set of possible combinations. If you have a PIN with 2 numbers you have to try from 00-99, if the PIN consists of 4 numbers you have to try from 0000-9999.
As you can see in the image above, a password consisting of 20 lowercase A’s would take 607 Million years to crack. But you don’t necessary want your password to be 20 chars long. That’s hard to remember
Another way to add more entropy is to use different characters. Ok, that might sound silly but hear me out.
In the English language, if you have the letter T there is a high probability that the next letter will be a H (because of the, this, that, etc…).
It would be rather odd to see an X after a T.
What does this mean? It means that by choosing letters that normally don’t appear after another letter you can increase the entropy.
In the example from above TX has a higher entropy as TH.
And we know that a higher entropy results in a secure password.
Using numbers will likely increase your entropy as well. If you do it right!
The number 123 doesn’t have a high entropy, because it is obviously just counting up by one. That’s not rather random. A 2 always follows a 1 and a 3 always follows a 2. Every kid in kindergarten knows that.
However if you use a random number like 381 the entropy is higher.
And another important note on numbers. Don’t use 1337sp34k. Most word lists already contain 1337sp34k words or language options.
Use special chars
The goal of special chars is to increase the entropy as well. I would recommend to sprinkle them across your password
Easy way to create a secure password
An easy way to create a memorable secure password is to first create a sentence like
If I 3at 5 doughnuts, I will get fat!
Then take the first letter of each word, take all numbers and special chars and combine them:
You can memorize a funny sentence or whatever you want, maybe add some 1337sp34k if you don’t have any numbers in the sentence and create a secure password:
I hope you enjoyed this help. If so, please subscribe to my newsletter to get monthly updates: https://d3vnull.com/newsletter/