Internet privacy and security course
Aa font
AA font size
20
About translation
Previous Next

Chapter 22

Creating a secure password

A weak password can negate all your further efforts to ensure the protection of your private data. For this reason, you find this chapter at the beginning of this course as its importance can’t be overestimated.

First, take this test to check how strong your current password is.

Tests widget: Check the strength of your password.

Using secure passwords is not as simple as it may appear on the surface. And though most users know the basics of creating a strong password, when it comes to using them on a day-to-day basis, they forget about them preferring a common and easy-to-remember password over a secure one.

In the chapter showing the mistakes that hackers make which can cause their downfall, I told you about one of FBI’s most wanted hackers Jeremy Hammond was caught because of a ridiculously weak password to his encrypted hard drive. Ross Ulbricht, the founder of the drugs marketplace Silk Road, got himself arrested by the FBI agents when they grabbed his computer when it was on, totally unencrypted with a notepad file full of all his passwords. In this chapter, you will find out how to create secure passwords and ensure their safe storing.

I assume all passwords can be categorized into two groups by how important they are: passwords with a high level of importance and regular level of importance.

Where would you use passwords of high importance? For websites that you consider especially important, encrypted file-hosted volumes or applications. I use four high-importance passwords. The first three are the passwords used for decrypting the hard drive and the information on it as well as for decrypting the data on encrypted external hard drives (the third password provides access to the “secret compartment”). The fourth password is the password to the rest of the passwords in the password manager KeePass we are going to talk about in this chapter.

Passwords of high importance should be kept only in your mind and be as difficult as possible. Passwords with a high level of importance shouldn’t be written down anywhere.

Don’t feel confused about some terms you haven’t yet grasped: if you have never encrypted your hard drives, if you don’t understand what an encrypted file-hosted volume’s “hidden compartment” is and you don’t use a password manager. As you walk through this course, you will learn how to do it all and keep your data safe and secure.

Tip

The most important passwords should be as secure as possible and kept only in your head.

Passwords with a regular level of importance refer to all the rest passwords you use, for instance, passwords to social network accounts, email, websites, instant messaging clients. However, you are the one who determines the importance of a password for yourself. Perhaps you are discussing a political coup in your country by email and your country happens to be North Korea where people are executed for this by getting blown up with an explosive up their rectum.

passwords

Now let’s look at the right ways to work with your passwords. All the information on your computer should be encrypted and to decipher it, you need to enter a password. This is a password of high importance, therefore you are keeping in only in your head.

You’ve decrypted your hard drive, all your passwords of regular importance are stored in an encrypted file of the password manager’s keys. To decrypt this file, also use a password with a high level of importance.

I have to mention a practically unbreakable password. I used “practically” since in theory it is possible to crack any password sooner or later, but it may take at least a thousand years.

The requirements for a strong password are as follows:

  • Avoid words or phrases. The password atxi1387_1 is always more secure than taxi1387_1.
  • Avoid dates, especially those of personal or historical significance.
  • Your password should be at least 20 characters. This is not such a long password as it may appear. For instance, the word “uncharacteristically” has 20 characters.  
  • Your password should have uppercase and lowcase letters, more than one number, symbols.
  • Your password shouldn’t contain the information related to you, home address, pets’ names, date of birth, phone number, your favorite soccer team’s name.

To make a strong password that would conform to all the requirements above, yet would be as simple for remembering as possible is a tough task. So take a pen and paper, read my story of creating a password and then try making a few strong passwords.

How I came up with a