Having a weak password or using the same password for every website are both common mistakes while creating online profiles.
Simplicity and memorability often supercedes strength.
Obviously it’s easier to remember a short and simple password, but having all your accounts comprimised at once can have serious side effects.
Below are two ways to make your passwords a lot more secure with minimal effort.
Adding entropy to a password is the only real way to increase it’s strength.
The most memorable way to add entropy to a password is to simply add more characters.
If my chosen password was “sheepdog9”, adding entropy could be as simple as adding extra characters on the end. “sheepdog9!!!!!!!!!!!!”.
This may not seem any more difficult to a human, but because password brute-forcers don’t have any notable intelligence, this is just as secure as adding special characters and punctuation.
There is, currently, no way for password crackers to guess the next character in a string as the result from an incorrect password attempt is simply true or false.
Remembering how many fullstops or exlamation marks to add onto the end of a rememberable word is far easier than tracking passwords by including mixed case, alpha-numeric, and special characters.
There are many programs and browser plug-ins which can generate, store, and retrieve passwords making it easier to have different and secure passwords for each website you visit.
I have tried many different password programs over the past few years but one stood out as doing everything right.
Lastpass is a program with browser extension which will generate secure passwords, input them into the site and even auto-login, not to mention a host of other features. And it’s free!
Lastpass encrypts passwords before saving them on your computer and uploading the block of data to the Lastpass servers using your master password as a salt.
This is important as it means your data can’t be used even if was intercepted or your computer was stolen.
To sum up
Using either of these techniques will make it a lot harder for a hacker to get access to a website you have registered on.
GRC has created a script, if you want to check how long it may take a brute-forcer to crack your password, called Password Haystacks. The page also has links to a podcast and more information about this topic.