- Creating a strong password that is easy to remember but difficult to guess can be tricky.
- That’s why IBM’s Etay Maor suggests using an entire phrase as your password rather than a random string of numbers.
- Since a phrase is notably longer than the typical password, it would be much more difficult for an algorithm to crack it.
- Visit Business Insider’s homepage for more stories.
Today, we use our smartphones and the internet for nearly everything — from mobile banking, to keeping in touch with friends through social media, sending work-related emails, and much more.
And many of the apps and services we use to do so are protected by a password, a defense mechanism that’s become increasingly easy for malicious actors to crack. That’s why it’s important to create a password that’s strong and complex, even if it makes it more difficult to remember.
The perfect password may not exist, Etay Maor, an executive security advisor at IBM Security, told Business Insider. But he said there is a technique you can use to create passwords that are tough for hackers to figure out but easy to keep top of mind. Maor suggests creating a "passphrase" instead of a password.
"Even if you choose a password, which is let’s say eight to 10 characters long and very complex . . . it’s still pretty easy for a computer to guess it pretty fast," said Maor, who studies cyber criminal tactics on the dark web to teach clients how hackers work so that they can better protect themselves.
The passphrase technique is exactly what it sounds like. It entails coming up with a memorable phrase that you can use in place of a password, since the longer the password is, the more difficult it is for a machine to crack.
For example, you could choose a phrase like, "I want to go to a Bon Jovi concert," and turn that into a password. "A computer will take, I don’t want to say an infinite amount of time, but a not realistic amount of time, to be able to guess it," Maor said.
A common technique algorithms use to guess passwords is what is known as a "brute force" attack, which is when the intruder would keep guessing various character combinations until it finds a match. It’s a task that would be very time consuming for a human but relatively easy for a computer.
"For computers today, keep in mind how many [central processing units] are in a computer and the fact that you can use multiple computers, it actually doesn’t take long to be able to generate a list of all the possible combinations of letters and numbers."
But an even better strategy for making a secure password, says Maor, is letting a computer create one for you. He suggests using a password manager like LastPass or 1Password, which can generate complex, randomized passwords on your behalf and auto-fill them when you log into services on the web.
This can help you avoid the critical mistake of using the same password for multiple websites. "Don’t take that task on yourself," he said. "Have an algorithm do that for you."
NOW WATCH: 5 things wrong with Apple’s lightning cable
- Facebook still has incredible control over your data
- Here’s whether you should buy the new $400 Bose wireless headphones or the $350 old version in just 27 words
- Japan recycled nearly 80,000 tons of cell phones and other electronics to make the medals for the 2020 Tokyo Olympics and Paralympics