Tips on user passwords

There are many tips that can be found in different blog articles and web pages, even in their registration forms.

Many of these web pages are generic or deal with issues other than Internet security, as is this page you are reading, but not because of its apparent lack of specialty and therefore of rigor we should despise all this advice.

However, we must keep in mind that we cannot feel completely secure with this information, as it is common to find incomplete advice on password security, either because of this lack of security knowledge or because it is relatively old information.

Security is advancing every day, so it is important to know what are the minimum methods to have a secure password at all times.

It is no use protecting yourself with passwords containing only letters and numbers these days, with simple brute force methods, and with the current increase in the power of personal computers or the possibility of renting computing networks in the cloud, an alphanumeric password can be cracked in a matter of seconds.

For this reason I am going to compile for you the passwords that experts require as a minimum to be sure that our password is not easy to guess.

We are going to do it in two blocks so that everyone can be guided by one of them, although the result is the same.

The first block is about what "What not to do to create user passwords".

What not to do to creating passwords

Do not use short passwords

The shorter the length of a password the less the number of possible combinations is reduced. So even if we somehow meet all the requirements of a secure password, it must be long enough to be difficult to guess by brute force.


Do not use dictionary words

A dictionary word is a word that exists, for example the word "cathedral" or the word "fortress" are words of poor strength.

A database with all words of all languages is a tool that all hackers have at their disposal and therefore make their password cracking programs or bots use.


Do not use perfect spelling

If even with the security tips for passwords that tell us not to use dictionary words you want to insist on using them, at least do it by introducing misspellings so that somehow it is no longer so easy to guess it.

As an example the misspelled word "fortrezz" where we have substituted the "ss" termination for an incorrect "zz" is somewhat safer than " fortress", since it will not be so common to find it in dictionaries of words.


Do not use only numbers

Although the use of numeric passwords in the past gave us a false security, for example, the 4-digit pin to access the cell phone or the bank card pin, this is nowadays a serious risk.

Guessing a four-character number only means that we will have to make a maximum of 10,000 attempts to guess it. Think that a computer is capable of generating hundreds of requests per second, so the worst case scenario would take about 100 seconds to find the 4-character numerical password.


Do not use only letters

It is obvious that it is not a good idea to use only letters, even if they do not correspond to a dictionary word, the combination of a letter is 24 possibilities per letter, since our alphabet is made up of 24 different letters.

What you need to do to get secure passwords

We come to the second block, to which we advise you what to do to have a secure password

Use passwords that you are not able to memorize

Yes, a password that you cannot memorize is a tremendously secure password. Of course, then maybe you should write it down, and writing down a password isn't exactly secure. But we have the solution in the following security tip.


Use passwords that use your own logic

This sounds especially strange and somewhat difficult to explain, surely you have certain habits and logical mechanics in your day to day, for example the time you usually go to bed, it would not be a bad idea to use part of this logic in your password. For example if your time is 11 o'clock and you are the youngest of 2 siblings, we could have a password like this: 112elevenTWO


Use passwords of at least 12 characters

12-character passwords represent millions of possible combinations, making it very difficult for them to be broken by brute force.


Use combinations of characters

The password must contain both uppercase and lowercase letters, and it is better if their order is not strictly natural and does not follow a specific frequency, for example: tYUiOLKopoRWq will be more secure than Tyuiolkoporwq or TYUIOLkoporrwq.


Use a online password checker

Evaluating your password with a password evaluator is a guarantee that you will know if it is secure enough or not.

Explained in another way, it would be to check the strength of your key with our key evaluator. Our system launches your key against a system that searches for that key in databases of hacked keys that have come to light, if it is found that the key has been previously hacked, we will warn you and you better do without it or at least, complicate it, adding special characters between its current characters.