In today’s world, it’s more important than ever to create and securely store passwords. Each year hundreds of millions of consumer accounts are hacked, thanks to passwords that were easily guessed or reused after they were revealed following large information breaches. The solution, of course, is to create strong and unique passwords regularly. And the easiest way to do this is by using a password management program. Management programs not only help mitigate the worst of our habits, preventing us from reusing the same password over and over with simple variations like character substitutions rather than character strings that are arbitrary, but they are also the most secure for this task, as they are specifically designed and encrypted for password storage.
Password managers can generate secure passwords for every site you use and put them in a list. The only catch is you have to create a master password to have access to this list. Security researcher and creator of Have I Been Pwned? Troy Hunt says that, when developing a master password, it must be strong. What does this look like? Human behavior, even faulty behavior, follows certain patterns and rules. So the main thing is to create a password that will come to you unnaturally and will require memorization. Secure passwords have plenty of things in common: they are long, distinctive, involve a character mixture, and avoid hints and references to our personal lives.
Lorrie Faith Cranor of Carnegie Mellon University says people are predictable. They place their unique characters at the start and end of passwords rather than mixing them up in the center, or use common phrases and patterns, such as iloveyou. In addition, people frequently choose passwords which are too short. For a secure master password, at least 12 characters long is a good rule of thumb. For Lorrie, the key measure of password security is entropy. “This, in computer science terms, is a measurement of how unpredictable a password is based on how long it’d take an attacker to work it out by making a guess at each character.”
By this standard, longer passwords are more secure. Nevertheless, people are bad at being arbitrary. So it’s best to find a good password program that will store and create unique, difficult-to-guess passwords for you, like 1Password.