Password is something everyone has a relationship with, but very few knows how to treat them.
Use a strong password
And don't use the same password multiple places.
Everyone has heard this multiple times before, and it really makes sense, but in pracis it's not that easy - at least not if you are supposed to remember them all in your head.
1. Use a password manager
What is a password manager? Well, it's excatly what it sounds like; a piece of software that manages your passwords for you!
Because it's impossible to remember all your passwords, since most of us use more than 3-4 services.
2. Create a strong passphrase as a Master Password
Master Passwords is important when it comes to password managers, it is the main key to open your vault.
What is a Passphrase
A passphrase consists of multiple words, commonly sepearated by a special character. The words in the passphrase should be irrelevant to each other.
A bad example would be
apple*orange*kiwi, because all of those words have one
thing in common, fruits!
2.1 How to create a strong passphrase?
You can either use your password manager to help you out or create one yourself. You create one by using at least 3 random words, one or more special characters to sepearate the words and add a random number somewhere for added strength.
I usually recommend a specific method to get started quick; pick 3 or more random categories, like this example:
- car manufactures
Then I pick the special character, I don't recommend
! as this is the most
common one, pick
[ or something more random. And lastly I pick a random
18. It's important to note that you should know how to type the special
character on either Mac or Windows keyboards.
With the steps above I could've put together this passphrase;
With a passphrase like this you can write down the categories you picked earlier and store them somewhere safe. Because it would be possible for you to know which words you accosiated with each category in your passphrase.
3. Use a Password Manager for all passwords
Update your passwords for all the services you use, use the auto generated passwords provided by the manager.
NOTE: Don't try to change them all at once, you will get tired and forget about the rest.
4. Use Multi Authentication when available
Also known as 2FA/MFA/Two-factor Authentication.
Use this when available. Sometimes the services we use store our passwords in plaintext, which makes us very vulnernable for leaks and/or attacks.