Best Practices for Creating a Strong Password and Securing Your Accounts

In recent years, cybersecurity breaches like the one at LastPass have underscored the importance of strong passwords and secure storage methods. Here’s how you can ensure your online accounts remain protected.

Since LastPass reported a data breach in 2022, many users with weak passwords experienced unauthorized access to their accounts, highlighting the vulnerability of online password vaults to brute force attacks.

To enhance your security, consider using a local password manager like KeePass, which stores your passwords on your computer and allows you to back up your vault on a secure thumb drive. If opting for cloud storage, choose a reputable provider with robust security measures in place to mitigate risks from potential hackers.

Regardless of the password manager you use, it’s crucial to employ long and complex passwords.

Hive Systems provides a table that estimates the time required to crack passwords using brute force methods, which decreases annually with advancements in computing power. This underscores the need for increasingly complex passwords. Currently, an 8 to 11-character password, even with numbers, upper and lower case letters, and symbols, is considered unsafe unless it is truly random—akin to picking the eleventh card from a shuffled deck. Common passwords like "123456" or patterns based on easily guessable information are particularly vulnerable.

Creating memorable passwords might seem convenient, but they often lack the randomness needed for security. For instance, an 8-character password based on a date within the last century provides only 36,500 combinations, similar to picking the Ace of Spades from a deck. In contrast, an 8-character password using a mix of random upper and lower case letters, numbers, and special characters offers over a quadrillion possible combinations.

Despite the vast number of combinations, modern supercomputers can still crack such passwords in seconds. Current recommendations advise using passwords of at least 15 to 20 characters, randomly generated, and comprising a mix of characters for optimal security. Simply typing random characters on a keyboard doesn't guarantee randomness.

Tools like KeePass simplify this process by automatically generating 20-character random passwords for each account entry. With a local password vault, you only need to remember the master password for KeePass itself, significantly enhancing security while maintaining accessibility.

By using a single memorable password to protect a vault of randomly generated passwords, you can greatly bolster your online security with minimal added complexity.