How to Create Secure Passwords That Cannot Be Entered
How do I create a strong password ? Easy: You press your keyboard for a few seconds until you get a 50-character piece of gibberish, then copy and paste it into your password manager so you don’t have to remember what it is.
There are other tricks for creating strong passwords , but there are only two rules you really need to remember: make them long and make them difficult to guess (or brute-force). “Mycatiscute” is an invalid password . “Sj12 # 8) 23&$k51*as.x*3rffalwo@74d*23” is probably a good password (please don’t steal it.)
The problem with generating these ultra-strong passwords filled with crazy characters and the dreaded “capital I or lowercase L” problem is that it is very difficult to enter them when you are trying to use your credentials to login to a third system. -party service.
For example, if you’re trying to connect your Nintendo Switch to Facebook to find friends to play with, you’ll have to sit and carefully enter your super-secure 64-digit password – and hope you got it all right. It’s even worse if you connect your Smart TV to an online account and have to manually navigate one of those terrible onscreen keyboards with your remote.
Good passwords shouldn’t annoy you
The two best password management apps you can (and should) use are LastPass and 1Password , both of which make it easy to generate random passwords for any site or service. However, there are a few small features you can use to ensure that your password is both strong and easy to enter if you ever have to go in and find it when you sign in to a service on your device.
You don’t need to create insanely long passwords
When you use the auto-generating capabilities of any of the services, you don’t need to go crazy. Of course, a 30-character password will be much more secure than a 16-character password, but beyond the point at which it matters. As security architect Dameon “PhoneBoy” Welch-Abernathy notes, a 16-character password, consisting of only upper and lower case letters, even without the wacky characters, will be difficult to guess.
“The bottom line is that when you really look at math, you don’t need a password as long as you think. Assuming the limit is at least 12 characters and all special characters are supported, you can create a password that is strong enough to mitigate most brute-force attacks enough. Even a 16-character password with only mixed-case letters has a fair amount of search space if your passwords have enough entropy. “
Avoid symbols or other strange character traps
In both LastPass and 1Password, you have the option to set options when automatically generating passwords. Yes, it will make your passwords a little less secure. This will also make them much easier to print. If your application does a good job of randomizing characters, it will still be nearly impossible to guess by brute force (as noted earlier).
If you are using 1Password to create a new password, make sure you uncheck the “Allow Characters” checkbox. It should be okay to keep using numbers, since numbers aren’t as hard to get to as weird characters that will likely require you to switch between different keyboard screens as you manually enter them into your device. While you’re here, also make sure your “Allow Ambiguous Characters” is unchecked, because it’s annoying to accidentally type “I” when you mean “l”, or “O” when you mean “0”, and etc.
LastPass gives you a little extra customization. You can set the length of the automatically generated password (of course), but you can also specify if the password should use the following characters: Az (required), az (required), 0-9 (required), or wacky characters (pass). You can set the required minimum number of digits to make your passwords as varied as possible, and you can also choose to avoid ambiguous characters, which we recommend.
What about passphrases?
In theory, it’s much easier for you to memorize a lyric line from one of your favorite songs – say, an 84-character password – than 84 characters of gibberish. A strong passphrase must be incredibly difficult to brute-force , and is a much better solution than simply trying to disguise a short password in some silly way, such as “P @ $$ w0rd123” instead of “Password123”.
There are only two problems with using a huge passphrase: first, your device (or service) might have some silly limitation that prevents you from entering a huge password. Maybe you’re just limited to a maximum of 16 characters – still great if you use all 16, but not as good as typing in a 32+ character quote you like.
Second, you still have to type a lot on the screen if you use your favorite Shakespearean quote as your password. It is very easy to retrieve a passphrase from a password management application; to manually enter “itwasthebestoftimesitwastheblurst oftimesitwastheageofwisdom …” multiple times on your PlayStation 4 because you made a spelling mistake somewhere in the middle won’t be much fun. That said, you’ll probably make fewer mistakes with an overall long phrase than with a shorter chain of gibberish, so it’s definitely worth considering a strong passphrase.
If you don’t have funny phrases in your head, 1Password can help you create passphrases from random words. When generating your password automatically, choose “words” instead of characters and assign your favorite word separator, such as period or hyphen, to separate words. LastPass has the ability to create “pronounceable” passwords, but that won’t turn your gibberish into words. I’ll have to come up with my own smart phrase.