How to choose safe passwords—and remember them, too

This article has been updated. It was originally published on March 27, 2017.

Another day, another massive data breach—and another reminder to strengthen your online defenses. Our digital lives depend on passwords, the keys to everything from social media to bank accounts. Strong passwords and effective management are crucial for protecting your identity. While not the only security measure, they're undeniably vital.

Many of us fall short when it comes to password security. We favor easy-to-remember (and therefore easy-to-guess) passwords, often reusing them across multiple accounts. This article offers guidance on improving your password practices.

Essential Password Practices

Creating a secure password is like safeguarding a secret society: Members need to remember it, while intruders must find it impossible to crack.

Using "123456" or "password" is incredibly risky; millions use these common combinations. Hackers target these first, followed by predictable variations like "password1" and "passw0rd".

Avoid easily guessable combinations based on personal information readily available online. A quick Facebook scan might reveal your birthdate or address—incorporating this data weakens your password.

[Related: Twitter's Move Towards a Password-Free Future]

Aim for passwords at least 10 characters long. Longer passwords, diverse character sets (letters, numbers, symbols), and nonsensical sequences are stronger. Consider this: a four-digit numeric code has 10,000 possibilities; adding a single digit increases this to 100,000. The addition of letters and symbols, extending the length to 10 characters or more, exponentially strengthens the password.

Security expert Bruce Schneier suggests creating passwords from random sentences (not well-known quotes or phrases). For example, "The quick brown fox jumps over the lazy dog" could become "Tqbfjotld" (first letter of each word). This generates a random sequence easily recalled by remembering the original sentence. Remember, this example is now compromised due to publication. Create your own unique sentence. You don't need to use only the first letter; you can be more creative.

Many websites assess password strength during creation, alerting you to weaknesses. They also help protect against "brute force" attacks (rapid attempts to guess passwords).

Reusing passwords across multiple accounts is a major vulnerability. It's like giving a hacker access to all your accounts simultaneously if one is compromised. Using unique passwords for each account minimizes the risk.

Effective Password Management

Remembering numerous strong passwords can be challenging. Fortunately, solutions exist. Web browsers offer basic password management, while dedicated password managers provide more robust features.

Enable two-factor authentication (2FA) whenever possible. This adds an extra layer of security, reducing reliance on the password alone. It's like needing both a password and a ticket for access. Most major services (Google, Facebook, etc.) support 2FA.

Most browsers (Chrome, Firefox, Edge) include built-in password managers. They often prompt you to save passwords, syncing them across devices. However, browser password managers are only as secure as your browser access. Ensure you have a strong, personal password for your operating system (Windows, macOS) to protect your password cache.

[Related: Why You Should Use a Password Manager]

For comprehensive password management, consider a dedicated password manager application. These programs securely store passwords across multiple devices, often assisting with strong password generation. They encrypt data, protected by a single master password.

Many password managers are free, with premium features available for a subscription. They often integrate with 2FA services. Some also store other sensitive information (Wi-Fi passwords, credit card details).

LastPass is a popular and reputable password manager, offering unlimited password storage across devices. 1Password is another strong contender, though not free (a trial is available). Dashlane and Keeper are also worth exploring. Research and choose the best option for your needs.

The above is the detailed content of How to choose safe passwords—and remember them, too. For more information, please follow other related articles on the PHP Chinese website!