We all know the rule so I won’t be redundant – use a strong, unique password for every site you’re on. I also know this borders on the realm of impossible to create “those messy passwords” for every single site, and then try to remember them! This is where Password Managers (PMs) come in to play.
Most modern browsers have PMs built into them, but they can be clunky and inconvenient at times. If you are lucky enough that you only use one device for using the Internet, a browser may be all you need? I prefer, and recommend third-party managers. I won’t get too involved in details of PMs, but would like to focus more on how to craft a password. If you would like to explore a decent (and usually free) manager, check these:
I personally use Lastpass, and I can dive a little deeper in the future if there is any interest.
Passphrase vs Password
The standard at one time was to take a common (to the person) word and modify it a bit with numbers and punctuation, and that may have been all we needed – at one time. So, although a password such as Password would only take 0.19 milliseconds to crack, and changing it to P@ssW0rd would increase that to a 9.5 year cracking time, we have to remember what we changed – was it the A? was it the o? which one(s) did I capitalize? did I put numbers in there? We can see where this would get confusing and frustrating. Although this example seems very simplistic I have seen passwords such as mydogsnameisteddy get transformed into something like MyK9n@m3iz7eDDy – and that was even confusing while typing it.
A passphrase on the other hand is one of the easiest things to remember, and usually boast a crack time of trillions of years. The example I like to use, and I apologize if I’ve given away your passphrase, is The great and powerful Oz. To satisfy most requirements we can modify this to The gr8 & powerful Oz!. Although the first one is fine in most cases (15 octillion years to crack), many places and systems want at least two or three required characters. And just for curiosity, the second one would take 32 septillion years to crack.
The reason I’m covering this – using a password manager we typically only have to remember one password to get into it (the passphrase), and we let the password manager select and remember passwords for all of our bookmarks. Once you have things installed, and with a bit of cleanup and tweak time, you can have unbreakable passwords on all of your bookmarks, and one passphrase you have to remember.
Not to brag, but I have been using a password manager since the early 2000s – I have only ever had to remember one passphrase/word in that time. All of my site passwords are at least 15 characters long, and some are as long as the maximum allows, and they are all bulletproof. My (Lastpass) security score is 88.2% – and that is due to a few shared passwords I have, and a few terrible passwords on legacy systems that cannot be changed. All in all, I feel secure and confident as far as my passwords are concerned, and you can too.