Skip links

How should a secure password be?

A password is something known that allows us to authenticate ourselves in a system, usually accompanied by a user such as an email.

In this post we are going to reveal what methods hackers use to steal our passwords and that you must have at least one password to make it secure and provide us with sufficient robustness.

The “bad guys” (Hackers) have programs capable of revealing a password in a matter of seconds if it is not strong enough.

Password stealing software

We will talk in another post about this much more in detail but to give you an idea these programs have two types of operation:

1- By dictionaries.

2- By brute force

Dictionary attacks use databases with already hacked passwords to find the password very very quickly.

Brute force attacks, on the other hand, what they do is infinitely trying combinations until they find the correct one.

From here we draw two basic conclusions:

1- We should never use passwords with names, known things, common words, personal data, etc. because surely someone on the planet has also used it and someone has already managed to decipher it. We must try to make our passwords absolutely unique.

2- We should never use a short password, we will talk about it later but the longer the password, the more difficult it will be for a program to guess it in a short period of time.

Minimum requirements for a strong password

When generating a password we have three very important factors to take into account:

1- The length: How long is a password: 8 characters, 12, 16 ….)

2- The content: It does contain letters, numbers, special characters, …

3- Randomness: It should not be based on anything known, for example a name, a city, …

Now we are going to reel off each one of them

What is the minimum length of a password?

The minimum recommended for a password is 8 characters but what I recommend is a minimum of 12.

The length of a password implies having more or less possible combinations.

Quick example: If we can build a password with 10 numbers (0..9) and we have 4 characters in length then the possible combinations are 10 ^ 4 = 10,000 combinations, But if instead of 4 characters in length we put 5 then we would have 10 ^ 5 = 100,000 combinations.

As you can see, putting a longer password the number of possible combinations is much larger.

In this way, the task of testing one by one which is the correct password will be much more complicated. Logically every day we have much more sophisticated and faster machines so that the same password will be much easier to find out as the years go by.

What can a password be made of?

There are different types of “characters” that we can use to form our passwords:

  1. Numbers: 0 to 9 (10 characters)
  2. Uppercase letters: A to Z (26 characters)
  3. Lowercase letters: a to z (26 characters)
  4. Symbols: (space)! “# $% & ‘() * +, -. /:; <=>? @ [\] ^ _` {|} ~ (33 characters)

Going back to the example from before, if we build a password of length 8 using the 95 available characters, we have 95 ^ 8 = 6.63 * 10 ^ 15 possible combinations, that’s nothing.

Randomness

We have no doubt that artificial intelligence will help cybercriminals to find passwords much faster. For this reason, it is important that the password is as random as possible and that under no circumstances follow the same pattern. For this reason, we should never use personal data or data associated with us. We must prevent a cyber criminal from guessing the password by testing our personal data or associated information of interest.

In short: This is what a strong password should look like

  1. It must be at least 8 characters long. Personally, I recommend a minimum of 12.
  2. Must include:
    1. Minimum 1 number.
    2. Minimum one lowercase letter.
    3. Minimum one uppercase letter.
    4. Minimum one symbol.
  3. It should not include names or personal data.
  4.  

What are passwords phrases?

To be able to remember a password but to keep it safe, passphrases were invented in English. These types of passwords are basically an easy phrase to remember but that provides much more security due to their length and randomness.

Here is an example of a passphrase:

How-Much-is-10/2

On this website you can find an online password generator which I invite you to try, here is the link:

What authentication methods are there?

Find out which are the three authentication methods that exist today and also how to combine them to create truly secure systems.

Do you know double authentication?

How to generate a strong password?

People generate passwords that are very similar to each other. That is why we recommend using an online password generator which will generate them without relying on any human information. At the end unique and secure passwords.

💬 ¿Hablamos?
Explore
Arrastrar