DHitMA: Password Security

Like a good set of keys, one's passwords should be strong and kept secret. This article delineates some techniques to doing so.

The below paragraphs contain links to outside websites and sources of data; we maintain that the individual must verify the links therein.

One's passwords should be different for every account, long (at least 20 characters) and containing no words; in short, one's passwords should be random collections of letters, numbers and symbols. It should be said, also, that the longer a password is, the more secure it is (for the general case). Ignoring efforts with dictionaries, brute-forcing (or guessing) a long password is more difficult than doing the same for a short password. The following may reinforce the importance of a long, random password for the reader: modern consumer computers can brute-force guess millions of passwords in a matter of seconds; enterprise or scientific computers can do this much faster.

Generating Good Passwords

In this section, the generation of good passwords is covered. Refer to the next section for methods on storing passwords. The first, and most simple, means of generating passwords is to do so manually. We do not recommend doing it this way, but it can be done well enough, if appropriate measures are followed.

The second means of generating passwords is to use a password generator. Applications exist to facilitate this process. It should be noted, however, that we absolutely do not recommend using any Internet pages to generate passwords. Many of these seemingly good sites possess a log/store of all passwords generated, and may be selling this information to nefarious third parties. Use a plain application, like KeePassXC. KeePassXC is also a password storage mechanism, which leads into the next section, below.

Storing Passwords

Storing long passwords can be a pain, since memorizing them is difficult. For normal Internet use, shorter passwords, with a bit more memorability (not including "password123" and other dictionary-attackable passwords), are fine. However, for anything sensitive, we define this law, which should be taken to heart and never forgotten:

This applies to passwords, operating systems, disk encryption, etc. One's most sensitive data should be protected behind very difficult to remember, produce and use passwords and hardware. Make it long and make it strong. Below are some methods for storing passwords.