“My Password is Strong!” Really?

Passwords, these sesames giving access to all your data almost. When will we need a password to read your mind?

Whether your mailbox, your credit card, your phone, your bank account, even your car, passwords are everywhere.

The human being is intelligent, and for that, he tries to be lazy in order to save time and avoid the grunt work but also avoid having to remember complex things.

Create a Password

But you’ve already read that your passwords must be 56 characters minimum, contain lowercase, uppercase, numbers, special characters, 200g of flour, 3 eggs, a license plate number, a section of the Bible in Aramaic etc. Are you really doing that? Seriously? Honestly?

No, the next one is NOT a good password, read it five seconds, close your eyes and repeat. Here, you understand?

SuPeRp4SsW0oD?#!lOnG3n0Ugth999

It is likely that your password is simpler than that, I hope I’m wrong. Notice I say “password” as if you had only one. But do not worry me, you don’t have only one right? Or even two?

It is very important to have a different password for each site, service, product you use. And when I say different, I mean really different. Add or edit a character does not make a sufficiently different password.

Those three are quite different:

• julio1979?secupress123
• julio1979?secupress456
• julio1979?secupress789

So you tell me, yes, I have a different password for each site and service. But these passwords are following a pattern that only you know? If so, again, this is not enough.

The patterns are evil:

gmail password: Juli0+Gm41L=11!

facebook password: Juli0+F4c3b00K=14!

twitter password: I’ll let you guess.

The pattern is:

Always begins by Juli0+
Adds the site name with the first and last letter capitalized,
the rest is lowercased,
and if possible, transforms in figures letters o = 0, e = 3, i = 1, a = 4
Adds a =
counts the number of characters (= without) then adds in figures
Ends!

If your password is discovered, all the others will follow, one recognizes only too well that a pattern was established.

Help me

To help you, there are small scripts, WordPress is using one when you change your password in your profile. These scripts give you an indication of the strength of your password, low, high usually.

But can we rely on these scripts? I tested for you, spoiler: no.

Here is a WordPress password field (light for the demo) in which I used the following password ² (space space space space ² ²)

Yes, this password is supposedly safe, but it is? How long would put a brute force to find it? Howsecureismypassword.net test response in yourself, it takes less than a tenth of a second to crack this password brute force … Super strong, brute force!

PixelPrivacy wrote a perfect and long post about password, worth the read: https://pixelprivacy.com/resources/reusing-passwords/

P.S.: In other tests you may have impressive time-like 48 billion years in truth it will take less BUT it is still a much more acceptable password.

But then, how to have a strong password

There are two ways, manual, automatic.

Automatic is the use of a tool like OnePassword that will generate the best long passwords, complex and random. You don’t have to remember your passwords, only he knows them.

These passwords are stored encrypted with a high secure algo (AES-256 bit) and you only have one password to know: one that gives you access to the other! Choose well, it’s the only one.

The disadvantage is that you must always have your wallet password to log some share. Of course there are apps and addons to facilitate that.

The manual way is that you already do, but then you do best, a long password is better than a short and complex.

Edward Snowden speaks about passwords in this video, if you have read so far, you should watch it. In this interview, the reporter gives her words and Edward must say if it is a strong password or not, it is serious and funny at once.

A good strong password? margarettatcheris110% SEXY and it’s Edward who says;)

I posted my opinion that the subject in this ticket in zxcvbn little chance that it moves quickly, attention to you and do not trust too scripts!

PS. do not take this one eh!