How to create strong, secure passwords

Create stronger, more secure passwords: We are nagged to do it all the time, but few of us actually make the effort. Meanwhile, passwords continue to be stolen, leaked, and cracked on a regular basis. So this time we’re hoping to get your attention by looking at it from the attacker’s side! We’ll show you how passwords are cracked and even how to do it yourself, so you can see exactly why a strong password matters.

As our brief foray with a cracking tool will show you, your only protection against a determined password-cracker is—you guessed it—a long, complex string of 10 or more characters. Anything shorter, let alone simpler, is too easy to crack. Know that, and suddenly using a password manager looks a lot easier than trying to create passwords all by yourself.

Read on to learn more about how passwords are hidden from crackers, and how crackers try to tease them out. 

Note: We tried cracking tools on our own passwords for this story. Using cracking tools to break into a website, service, or file that’s not yours is at best, unethical—and at worst, illegal. Take our advice and don’t even think about it.

How hashing protects your password

To deter crackers, a responsible website won’t store a password in its original form, in what’s known as plaintext. Instead, it will use what’s known as a hashing algorithm—common ones include MD5, SHA2, or SHA3, but there are many more—to take your password and turn it into a “hash,” a string of seemingly random numbers and letters. 

The site won’t advertise which hashing algorithm it uses, as that would only make life easier for crackers. It might even take that first hash and hash it again, or add what’s known as a “salt”—a series of additional characters that makes your password even harder to tease out. 

Creating an example hash is easy. For an MD5 hash, all you need to do is visit a site like and hash an example word. (We would recommend not hashing a password you actually plan to use, for security’s sake.) MD5 is an older algorithm that’s considered unsafe for a number of reasons, but it’s still useful for demonstrating how password hashing and cracking work.

md5 generator

In this case, we hashed the password fred. Just type the word to be hashed into the box, and click Generate.

Thus, the password maverick becomes 55f9c405bd87ba23896f34011ffce8da

Source link