There are different kind of passwords uses:

• the "my memory isn't that good" (also call the "I don't care anymore" method) with passwords like qwerty or 123456 or literally password
• the one that uses social information, ex: 199105Bob
• the good ones

Let's be real, the first two aren't secure at all, not even a little. But what about "the good ones"? Well, they are what we are talking about.

Maybe sometimes you wonder if your password is safe enough, and you hope that your account will not be taken by someone else by any way. First, we need to take a look at what attacks can be done to find your password.

Brute-force attack

This method is used to try every possibility in a way find your password. It's not used a lot because it requires massive amounts of time and power to be achieved, depending on the target's password length.

The longer a password is, the longer it will take to try every possibility.

Dictionary attack

While brute-force attack tries every possible characters, security researchers found a way to escape the useless trials and focus on commonly used passwords.

A dictionary attack use pre-defined passwords list instead of random characters. Rules can even be added to match the target's information and remove passwords that may not work, like its birthdate, its name, etc... That's social engineering.

To prevent this method, don't use obvious personnal information in your password and check if it's not already in a database.

Your web browser's saved passwords

Maybe that you use the "Remember my password" option while using the internet. While this option can be very comfortable to use, it's not secure at all.

Web browsers cipher your passwords, but they also decipher them to fill password inputs, to make this happen, they use a stored key. So why can't we decipher them too? Well, we can, tools like LaZagne are the proof, that's why you should never use this option.

Solutions

Now that I told you how your password can be hacked, I must tell you how to create strong passwords that are not a plague to use.

Password managers

Those are softwares that helps you to manage your passwords. The best use of them is to export your password with a file (that can be transferred in a secure way using WarShield or something else).

• Dashlane - Very popular and self-hosted
• Vault - Open-source one

You can find a lot of password managers on the internet, maybe you will find the one who match your needs.

Easy to remember strong passwords

A dream for your accounts, a nightmare for hackers, the sure thing is that you can remember sentences. What about using our brain's capacity in order to create passwords?

This method doesn't need a random sentence, just try to make logic. I will create John Lemmon, a man that live in London at 41 Abbey Street, his password will be MniJL@Il41ab&. I see you, behind your screen, with a face saying "wtf is that?", it can be really hard the first time you use a password like this but it's really easy to remember.

The sentence was My name is John Lemmon and I live at 41 Abbey Street, the ampersand (&) is a random character with no logic behind it.

Like you see, it's pretty easy to create a very strong password without breaking your mind every time you need to remember it.

Conclusion

Today, there is no excuse for not having a secure password.

I think that there should be computer security awareness in schools to teach children to protect their data in the digital world. In the next years, it will evolve, more and more peoples are learning security and the security war will never end.

Stay safe with your data.