Today, we use our smartphones and the internet for nearly everything – whether through mobile banking, keeping in touch with friends through social media, or sending work-related emails.
And many of the apps and services we use to do so are protected by a password, a defense mechanism that has become increasingly easy for malicious actors to crack. That’s why it’s important to create a password that’s strong and complex, even if it makes it more difficult to remember.
The perfect password may not exist, Etay Maor, an executive security adviser at IBM Security, told Business Insider. But he said there was a technique you could use to create passwords that’d be tough for hackers to figure out but easy to keep top of mind. Maor suggests creating a “passphrase” instead of a password.
“Even if you choose a password, which is let’s say eight to 10 characters long and very complex … it’s still pretty easy for a computer to guess it pretty fast,” said Maor, who studies cybercriminal tactics on the dark web to teach clients how hackers work so they can better protect themselves.
The passphrase technique is exactly what it sounds like. It entails coming up with a memorable phrase you can use in place of a password, since the longer the password is, the more difficult it is for a machine to crack.
For example, you could choose a phrase like “I want to go to a Bon Jovi concert” and turn that into a password. “A computer will take, I don’t want to say an infinite amount of time, but a not realistic amount of time, to be able to guess it,” Maor said.
A common technique algorithms use to guess passwords is what is known as a “brute force” attack, which is when the intruder would keep guessing various character combinations until it finds a match. It’s a task that would be very time consuming for a human but relatively easy for a computer.
“For computers today, keep in mind how many [central processing units] are in a computer and the fact that you can use multiple computers, it actually doesn’t take long to be able to generate a list of all the possible combinations of letters and numbers,” Maor said.
But an even better strategy for making a secure password, Maor said, is letting a computer create one for you. He suggests using a password manager like LastPass or 1Password, which can generate complex, randomized passwords on your behalf and auto-fill them when you log in to services on the web.
This can help you avoid the critical mistake of using the same password for multiple websites. “Don’t take that task on yourself,” he said. “Have an algorithm do that for you.”