Strong passwords are important because your personal data is important. I’m going to show that everybody can have safe passwords easily without forgetting them.
You should never use the same password for different accounts, even if the password is sufficiently strong. If one account gets hacked and somebody gets ahold of your password, all your other accounts are wide open.
If this happens you’re in for a lot of work because you have to change the password for all your accounts. It’s better to invest just a little more in the beginning.
What Are Passwords Made Of?
Strong passwords are long and don’t consist of any personal information or are made from common words you can find in a dictionary. Also they mustn’t consist of well-known information like a quote or lyrics.
The reason for this is a hacker can just grab a dictionary and try all those words one after the other. This is called a brute-force attack.
Don’t Try to Be Smart
If you use a password like password and change it to [email protected] to include numbers and special characters, which is still readable and therefore convenient, then you just got hacked. Hackers also know about these tactics and try all those combinations. It’s very unlikely that you are able to outsmart professional hackers.
A more detailed explanation of weak passwords is on Wikipedia.
Passphrases and not Passwords
It’s better to use a passphrase. strongpassphrasesaregood is better than strongpassword. But the same which applies to passwords also applies to passphrases: no personal information and no common phrases.
How Long Should a Password or Passphrase Be?
Having at least 10 characters is crucial. 15 to 20 characters is much better if you want to stay future proof. Passphrases tend to be even longer.
What is secure now won’t be secure in 5 or 10 years. If somebody saved your undecryptable data now they will be able to decrypt it after those years.
While you don’t know what happens to your data in the future I guess you very much don’t like to see your personal data being widely available to everybody as long as you live. So better make sure your passphrase stays safe for a very long time.
How to Memorize Strong Passwords or Passphrases
You don’t. It’s not feasible to remember a large number of sufficiently strong password which tends to be very long. There are exceptions (Diceware, see below) but the best idea is to use long and completely random passphrases and store those in a password manager.
Password managers are safe storage applications which specialize in passwords and other secrets. Generally they don’t store large documents but only small amounts of information.
Popular password managers are 1Password, KeePassX or LastPass. There are a lot more lesser known. I recommend local applications over web services like LastPass, which store your passphrases on their servers where you have less control and needs a lot of trust.
To save a password you create a login item having your username, passphrase and the URL of the website if it’s a website. Using your manager you can log in by automatically filling in your username and password and initiating the login. Depending on the manager this works on desktop and mobile, because the passphrases are synced between your devices.
Password managers do also generate strong passphrases for you and store them automatically as login items, which can be filled-in automatically.
I use 1Password on my Mac, iPhone and iPad and I’m very satisfied with the experience. It’s the first app I install on all those devices whenever I get a new one.
Generate In Bulk If You Are a Techie
If you are a techie and have access to a computer running Unix like Linux or macOS you can generate your password after installing a terminal application like pwgen.
This generates 10 random passwords with the length of 20, the output is one password per line:
pwgen -cnys1 -N 10 20
Don’t Use Password Generating Websites
Never use a website to generate the passwords for you for free. You want secure passwords and don’t know if the people running the server either store the generated passwords for hacking attacks or if somebody is intercepting the generated passwords because the connection to the server is not secure.
Always create them on your personal devices.
Use Diceware If You Are Human
Of course techies are also human but this is a very non-technical approach. I like it very much. Diceware means rolling five dice and picking the corresponding word from a list using the five-digit number. The passphrase should consist of at least six words separated by spaces or another character like a hyphen. There are lists for English and other languages.
Passphrases created with dice are safe because even though the word lists are known the chosen words from these lists are completely picked by random. A random passphrase of the same length would have more strength but the whole point of diceware is having safe and memorable passphrases.
Passphrases made by dice can be remembered quite easily. You should use these for those passphrase which you cannot store in a safe password manager. Like the passphrase for the manager itself.
For everything else you should use a password manager and use a distinct random passphrase for every account and store it in your manager exclusively.
And to increase security even more you should use two-factor or multi-factor authentication.