Password strength is one thing that worries everyone when choosing a password for a new account. Most web-applications we see nowadays enforce strong password policies by advising their users to enter weird combinations of letters, numbers, and special characters. However, passwords made in this manner are safe only from prying eyes. Moreover, people still end up using the names of their girlfriend/son/daughter/wife/mother in their passwords, which makes them vulnerable to social hacking. So, how do we come up with a safe password?
An important part of answering that question is to know what you are protecting your password against. Is it against prying eyes, is it against social hacking or is it against automated attacks? The answer is all of them, and there is a way to protect yourself against all of these.
The Sneak Peek
I am a big fan of LastPass and it is an absolutely wonderful application. Using LastPass has many advantages. You never have to enter your password on every website you visit, except for a single master password, which signs you into LastPass. This can potentially reduce the risk from people who like to sneak up and look at your passwords. It also offloads the responsibility of remembering a huge load of passwords to LastPass. There is one more advantage of using LastPass, which is not much touted — it protects from phishing attacks as it works only on correct URLs of websites.
There is no technology that can prevent people from giving away all sorts of personal information about themselves, to someone who seems to be a friendly and harmless guy from a business where you have an account. This bit of safety can come from awareness and awareness alone. Do not give away any of your personal information to an unknown person, or even to a known person unless you are sure about the reasons why you need to give it. This includes safe behavior on social networks as well. Do not go around making Facebook friends out of people you have not met in real life, because your Facebook account is always spilling all sorts of personal information.
In addition, your mother’s maiden name is not the most exclusive information in the world, and it is a very bad choice for a security question.
If you are trying to protect against brute force or a directory attack, your safest bet is a long password. This XKCD says it all. However, entropy is more mathematical than practical; for instance, a 30 character long sequence of ‘a’s has a low entropy but is a strong password for any brute-force program.
So, what is the world’s strongest password? Perhaps you can tell me.
Further reading: StackExchange and more StackExchange