A password is a string of characters used to authenticate a user's identity prior to granting them access to a specific resource.
If you've spent any time at all on the web, it's likely that you have more passwords than you can keep track of. Passwords are used in combination with a unique username to allow a server to confirm your identity and grant you access to your account and other resources. Virtually every website that allows for the creation of accounts or user-content utilizes a username and password authentication system to make sure that you really are who you say you are.
Many organizations and websites have password guidelines that dictate the minimum length and different types of characters that must be included in a password. These types of guidelines are intended to force users to create more secure passwords.
Frequently Asked Questions
What are some good and bad ways to come up with passwords?
Every year SplashData puts together a list of the most common passwords, and the results are always simultaneously funny and worrying. Over the last several years horribly-insecure passwords like “123456”, “password”, “qwerty”, and “abc123” have been among the most common passwords. So what are some of the best and worst ways to pick passwords?
Bad Idea No. 1: Use a generic password.
In combination with long-standing winners like “password”, “qwerty”, and numeric sequences like “123456”, rounding out the top 10 most common passwords are additional horrible choices like “baseball”, “dragon”, and “football”. Picking the first word that comes to mind is a recipe for disaster. Don't go with a generic password.
Bad Idea No. 2: Use a random easy-to-remember personally relevant word.
While a hacker may have a hard time guessing a personal detail – such as the name of your firstborn – if someone close to you ever tries to covertly access your account it's more likely they'll be able to guess this type of detail. While these sorts of passwords are definitely better than generic passwords, they aren't particularly secure (unless you strengthen them using some of the tips we'll discuss in just a minute).
Good Idea No. 1: Turn a phrase into a password.
Think of a memorable phrase such as “Forever I'll stand by your side”, plug into into a phrase-to-password converter (or just get creative), and use a modified acronym like “4I$by$” to represent the phrase. The result is a password you can easily remember, but that will be hard for anyone else to guess.
Good Idea No. 2: Use a random password generator
There are many random password generators on the web that you can use to generate completely random strong passwords. The downside to this method is that you will definitely need some way to keep track of them since you won't be able to remember them.
How can I make my passwords stronger?
If you want to make your passwords stronger, here a few tips from the Huffington Post to strengthen your passwords:
- Mix up a variety of types of characters. Don't use a password that is made up of just one type of characters (such as letters), mix uppercase letters, lowercase letters, numbers, and symbols. Referring back to our previous phrase-to-password conversion, “4I$by$” is much stronger than “fisbys”.
- Make your password longer. Passwords that are 12 characters long or longer are extremely difficult to crack. However, use common sense. If your last name is 12 characters long, that doesn't mean it would make a strong password. Length alone is not enough to make a password strong.
- Don't reuse passwords. Ideally, you will use a password manager application or a document protected behind two-factor authentication (such as a Google Sheets document protected by two-factor Google authentication) to store your passwords. Use a different password for every website or service you use.
- If you don't want to use a completely new password for each website, at least personalize the password for each site by adding some memorable snippet to an already-strong password. For example, if your base password is “4I$by$”, you could personalize it by adding the second, fourth, and last letter of the domain name, as well as a period, to the beginning of the password. For example, when logging into www.facebook.com your password would become “aek.4I$by$”.
Strong passwords a good step in the right direction. However, the truth is that the password is dead, or at least dying, and you should use two-factor authentication or single sign-on whenever the option to do so is available.