Basic: How to set up a strong password
As you know, at Berty’s, we greatly value your privacy. We thought it would be nice to do a post on how to protect it a little more, starting with simple things: creating a strong password.
But what is a strong password? A password is strong if the most potent computer takes years to crack it.
- If use a word from the dictionary, it takes less than a second for the computer to crack this password.
- A 10-letter password will be cracked in 9 hours.
- A 10-character password that combines numbers, letters, and special characters will be cracked in half a century.
The password is the only protective barrier between your sensitive information and the rest of the world. It has to be hell strong! If criminals get your password, they get bank accounts and private files and wreak havoc. That’s why it’s so important to have a strong and secure password.
Try your Password
We know that you already have your password in mind (which is not composed of your pet’s first name followed by your year of birth… no-no). Right? 🤔
Well, have you tested its strength? We suggest three tests check it:
- Measure the strength: http://www.passwordmeter.com/
- Calculate time to crack your password: https://howsecureismypassword.net/
- Check if your password has been exposed in data breaches: https://haveibeenpwned.com/Passwords
So what’s the verdict? If you don’t pass the tests, here is a method to create a strong and memorable password!
Create a strong password
Password cracking techniques
First, you need to understand how a hacker finds your password. Criminals are perfect at guessing passwords. Some have computer programs that can make millions of guesses until something works. And if they already know some information about you, it’s even more straightforward.
Several techniques can be used to crack passwords. Here are the most frequently used:
- Dictionary-based attack - This method involves using a list of words to compare them to users' passwords. Check Top-20000 French passwords .
- Brute force Attack - Brute force attacks use algorithms that combine alphanumeric characters and symbols to create all possible passwords until it cracks!
- Rainbow table attack - This method uses pre-calculated hashes. Suppose we have a database that stores passwords as md5 hashes. We can create another database that contains md5 hashes of commonly used passwords. We can then compare the password hash we have with the hashes stored in the database. If a match is found, then we have the password. Read more about the Rainbow Table Attack
- Guessing - Yeah, sometimes it’s as simple as that. Thanks to the information that we leave lying around on social networks or leaked data…
Strong Password Generation Tutorial
Now that you know a lot about password cracking, how do you create a password? It’s based on three elements:
- Length: the number of characters the password contains.
- Complexity: does it use a combination of letters, numbers, and symbols?
- Unpredictability: is it something that can be guessed easily by an attacker?
We love this Intel ad: “When it comes to passwords, size matters”
So, your job is to create a password that is very hard to guess (thanks Captain Obvious! 😅). You can follow these tips.
Tutorial: Create A Memorable Password
Think of a sentence or phrase of at least eight words that are easy for you to remember but hard for someone who knows you to guess. It could be a phrase from a poem, story, movie, song, or quote that you like. Example: " Berty Builds The Best Messaging App In The World And Hates Surveillance “
Delete all the words in your sentence except the first letter: BBTBMAITWAHS
Replace several of the upper case letters with lower case letters. Our advice is to replace verbs in lower case letters for example BbTBMAITWAhS
Now substitute a number for at least one of the letters. (“B” into “8”): 8bT8MA1TWAhS
Finally, use special characters ( $, &, +, !, @) to replace one or two letters - preferably one letter that is repeated in the sentence. You can also add an extra character to the shuffle (here, we replaced the “t” with “+”, and replaced the “A” with an “@"). The following is a list of the characters: 8bT8M@1+W@hS
And because your password is now impressive, you can add “!” at the end of it: 8bT8M@1+W@hS!
We’re cool for 2M years! 🆒
Thing to avoid in a password:
- Pet name. It’s easy to guess a pet name.
- Your date of birth
- Address of any place
- Phone number
These things are too easy for criminals to discover. So, don’t use them. Your password shouldn’t be based on the names of anyone from your family, or on any information about you.
Final tips on a password
So, now you know how to create a strong password. No worries, it looks complicated, but it’s not. You will probably need to practice a few times before you can type it quickly.
Never share your password. Never.
There is still a risk that criminals can trace over via phone calls. So, never tell your password to anyone on the phone. Be careful when you get an email that asks for a password - it’s certainly a scam. Don’t write your passwords down, even though it can be tempting, especially in the workplace, to keep track of passwords.
Don’t use the same password.
That’s like having one key that unlocks everything. The stakes are high if you lose it. If you’re using the same password across email, shopping, and other websites holding sensitive personal data (or even a local community website) and one of those experiences a breach, you’ve now exposed the other services to the risk of being breached as well.
Use a password manager. Many apps store your passwords securely.
We are going to write an article on Password Manager. Suscribe to our Twitter to be notified of the release of the article.
Remember to log out.
Be careful if you use a computer of any other person then, after check your work, must log out of your email. Always remember to log out of each site you visit on a computer that is not yours.
Browse in Incognito mode.
The incognito mode works by destroying the cookies once the session is over (which is indicated by closing the incognito window). This ensures that the site does not keep track of activities and avoids forgetting to log out.
Add another security layer: 2FA.
Two-factor authentication (2FA) is a strong authentication method by which a user can access a computer resource (such as a computer, smartphone, or website) after presenting two separate pieces of evidence of identity to an authentication mechanism.
Passwords are an essential part of life online, and if you are not careful about keeping them secret, they can cause significant problems. Stay safe by understanding the risks and making your passwords stronger.
✋ Before you go:
- We hope you enjoyed the article. If you did, please let us know by retweeting or subscribing to our newsletter. It means a lot. 🧡
- We are creating a brand new messaging app where privacy matters more than ever before! Be sure to check it out to see what Berty’s doing. You might be interested!
- Learn more about Berty: https://berty.tech
- Share your tips in the comments section below!