In modern life, we always need to protect the information on the website through passwords, but for some reason, we always encounter situations where the account is stolen and the password is cracked. The small ones use their identities to make some remarks; the big ones steal important information or money , causing great losses. What kind of password is easy to crack, and how to set a safe password?
What kind of password is easy to crack
The password needs to be used frequently, so it has to be set as an easy-to-remember character string. Therefore, hackers will first use this psychology to list the most likely passwords to try, for example: student number, birthday, phone number, continuous keys on the keyboard, website name, etc. People who are more cautious will add more different character types according to the password rules, such as: numbers, symbols, uppercase and lowercase English, etc. But this will increase the difficulty of remembering, and usually only the length can be sacrificed to remember this type of password. The Wall Street Journal interviewed scholars who designed complex passwords in the first place. He now advises not to stick to overly complex passwords and instead try to increase the length of passwords to make them more difficult to crack. In summary, we should avoid the following ways of creating passwords:
- A password composed of personal information, such as: phone number, birthday, etc.
- Easy to remember but very common passwords, for example: 123123, qwert, password, etc.
- A password with insufficient length due to complexity, for example: Tr0ub4dor&3, etc.
Convert input method to get garbled string
In non-English-speaking countries, you usually need to switch to the corresponding input method when using a keyboard to type, and have different keyboard configurations. Taking the phonetic input method as an example, "ㄑ" corresponds to the position of "f" on the keyboard. We can just use the method of converting the input method to obtain some garbled strings.
First switch the input method to English, and then type in specific words through the keyboard configuration of Zhuyin input. For example: if you want to input "frog", you will get the garbled string of "fu/j8". Next we will use this technique to assist in creating passwords.
Create a memorable and secure password
A secure password requires length, complexity, and randomness, which are usually the opposite of easy to remember. Here is a simple step to help you create memorable and secure passwords:
- Find a random article, it could be from a physical book, online news, or a product brochure.
- Choose three to four words that appear in them, which can be selected from the first chapter of the novel Dream of Red Mansions: Mid-Autumn Festival, Immortals, Nuwa, Stone.
- Through some association methods, these four words are connected together for easy memory. For example: during the "Mid-Autumn Festival", "Nvwa", who is a "fairy", holds "stones" to mend the sky.
- Then use the above method of converting the input method to input the garbled character string of these four words, and you can get a sufficiently long and complex password like 5j/fu.gp6vu0sm3j8g6w.7.
After generating the password
When we have generated a set of easy-to-remember and secure passwords, what should we do next? After all, based on security considerations, the two rules of "every website should use a different password" and "the password needs to be updated at a fixed time" must still be followed. Even if it is easy to remember, there is no way to remember the passwords of all websites. At this time, it is recommended to use a product such as a password manager.
A password manager is a tool that eliminates the need to remember other website passwords as long as you remember a set of passwords (master key). Therefore, we can generate a group of passwords as the master key through the above method, and then let the passwords of other websites be generated with random random numbers and stored in the password manager.
How often should the master key be updated? Password managers are divided into two types: "cloud service" and "physical device". If it is a cloud service, hackers from all over the world may try to crack your master key every day. It is recommended to update the master key every two months key; if it is a physical device, because there is no attack on the Internet, it only needs to see whether someone around has touched the physical device to determine whether to update the master key.
