CS Chris Smith
CodePen Mastodon X (formerly Twitter) Feed

Safer Passwords

by Chris Smith

Just thought I'd pass on a few tips that I've been given for setting a password that won't get hacked.

Passwords can be hacked in two ways - being guessed by a human or being "brute forced" by a computer. Brute forcing just means trying lots of different passwords until it succeeds and powerful computers can do a lot in a short time.

Go Long

The more characters you use, the more possible combinations there are and the longer it would take a computer to crack. To keep it easy to remember but hard to crack, try using a few words. However, you should avoid any common combinations of words, such as well known song lyrics, which may be more guessable. Random, unconnected words are best.

How Secure is Secure?

You can actually get a measure of how secure your password is on the aptly named https://howsecureismypassword.net/. This site will estimate how long it would take a computer to crack your password. You want this to be so long that it wouldn't be possible within your lifetime. You should ideally allow far longer than seems necessary as computers will inevitably become more powerful and faster over time. I'd aim for at least a millennium (1000 years) but the longer the better.

Pwned? *

The final check is to see if your chosen password has been previously involved in a data breach. When companies' user accounts are hacked, the usernames and passwords used are stored (not together) in a public database so they can be flagged as unsuitable for reuse in the future. The service https://haveibeenpwned.com/ allows you to check if your password is safe from being on hackers' known password lists.

Pass It On

Please pass this info on to anyone and everyone so that we're all safer. Share or feel free to copy and reword the content of this post however you see fit, just get the message out there. No more Pa$$word1.

* It looks like a weird typo but 'pwned' just means hacked.