NIST recommends that a password be eight characters long; if the password is generated randomly, it can be six characters long. I use Kee Web, a password manager. I store most of my passwords in Kee Web and use its features to create a randomly generated password.
When choosing a password, do not use a word in the dictionary, replace characters with letters. For example, replacing “a” with “@”. Hackers know this trick will probably try a combination of it.
Another good tip for creating a password is not to use your pet names, quotes from movies, or anything personal. Try choosing a passphrase; it might be easier to remember and harder for a hacker to crack or guess the passphrase.
Another little trick is to have a password like the following snippet.
"BpbJ4$4DTo remember the password think of “Buy peanut butter Jelly for 4 Dollars.
Another trick in creating a random password is to use Cryptocurrency seed to generate a random password. With this option there are a couple of different ways that you can create a password. The first step is using a site like this to generate a seed. For this example the seed is:
somewhere hubcaps nomad reunion greater tirade orphans bumper gown afoot river upright glass lush drunk hinder fibula stylishly phase pheasants gopher omission vats woozy stylishlyThe first option is to use the first letters of all the words to generate a password, for example the password would be “shnrgtobgarugldhfsppgovws”. This is a long password, but you could use the first 8 words.
The second option is to combine the words for example:
SomewhereHubcapsNomadThe last option is similar to the last method but between the words we add special characters for example:
Somewhere&Hubcaps&Nomad2Factor Authentication
While choosing a strong password is important it will not protect you from getting hacked. It is recommended to use 2-factor authentication or MFA. This means before letting you sign in, the site might send you an email or text of a code that after entering a correct password, the site requires you to enter the code. While this is an option, it is not safe. A hacker could SIM swap your phone, which means that the hackers call the phone carrier and trick them into activating a SIM card owned by the attackers, This means that the hacker will receive all the texts and calls that occur to your phone. Your phone will not have any service or be able to take calls. The hacker will now be able to intercept all calls and texts. including the code the site sends you to enter after entering the password. This means they could steal your cryptocurrency, money in your bank, or your email. But do not fear, there is another option. There is a device called YubiKey. Instead of receiving the code in your email or text, you have to enter the YubiKey in your computer, this will authorize you to log in.
Even if the hacker has access to your password, they will not be able to log into your account with the physical YubiKey. The YubiKey supports the following methods: FIDO2, U2F, Smart card, OTP, and OpenPGP 3. I use YubiKey to protect my accounts such as my GitHub, my password manager, and my emails. To determine what type of YubiKey you want, maybe check out this quiz. Some versions have NFC, built for Android, iPhone or one version uses your fingerprint. The quiz will help you determine what version is perfect for you.
Leave a Reply