9 August 2018 · 5 min read
Hacked accounts and leaked passwords are often recurring topics in the media. E-mails from influential politicians and hot photos from the world’s most famous artists are hot topics, but what about your favorite passwords? Is that impossible to remember case really as safe as you think? How do you give each account a unique password without forgetting them? Is your password not already on the street? We have the answers.
The complexity of a password can be determined by the amount of random data, entropy. The amount of entropy can be increased by a greater diversity of the number of characters. Example: a password of 4 characters consisting of numbers has 10,000 possibilities, while a password of 4 characters that has small letters and numbers has 1.679.616 possibilities. The number of characters also has a big influence on the amount of entropy. A password of 8 characters that consists of lowercase letters and numbers has 2,821,109,907,456 possibilities. The almost 3 trillion possibilities from the previous example seems very much, but for a computer that is not much work. Security experts therefore recommend that you take a password that is 32 characters long. With this length, a computer needs years to crack the password. You can test this on the password check page.
A high complexity is not the only thing that is important. Each account needs a unique password that is regularly replaced. This sounds unimportant, but these are two important parts for keeping your accounts safe. Imagine that each account has the same password, then only one service has to be leaked. If each service has a different password, then only that account is known. Regularly replacing your password has two functions. It ensures that someone has to start over with guessing your password every time. In addition, it ensures that if a securely stored version of your password still leaks you have a new password by the time the securely stored password is decrypted to a usable version.
Remembering a complex and unique password that you regularly replace is not a party either.
Fortunately, there are a lot of tools that can help you with this.
It is difficult to find out whether you have been hacked or not. Not only because hackers try to keep this data for themselves, but also because many companies prefer to keep secret that there is a leak in their software. Fortunately, there are a number of websites, such as haveibeenpwned.com . Collect this kind of websites
Technical joke, curious about the extensive explanation? Explain xkcd explains it.