As we’ve already noted, password manager apps are a great way to make sure your passwords are as robust as possible. But to use a password manager you need a single master password. And you need it to be very strong. Here’s how to create an excellent master password.
Most people think that the best way to make a really secure password is to use lots of numbers, special symbols and so on. That’s what websites often require you to do.
It’s true that that makes the password very hard to crack. However, having lots of non-standard characters also makes it difficult for you to remember a password. If you find yourself forgetting your master password — or, worse, having to write it down somewhere to remember it — you’re defeating the purpose of having a password in the first place.
It’s also good practice to change your master password every month or so. That’s another reason why it is hard to rely on a very random master password. You might be able to memorize one long string of random characters, but it will be tough to learn a new one each time you change your password.
Instead of making an overly complex password that you are likely to forget, base your password on a sentence that will be easy to remember, then add just a few random characters. For example, a master password based on the sentence “put another dime in the jukebox baby” could be:
It doesn’t matter much which sentence you base your password one, or how exactly you vary it up. The only essential considerations are to be sure your password is:
- Longer than about twelve characters. This makes it essentially impossible to brute force (which means having a computer try all possible permutations of characters until it hits the one that matches your password) because brute forcing takes a very long time passwords longer than about twelve characters, even on modern computer hardware. Provided you have a reasonably long password and change it on a regular basis, you’ll be immune to brute-force attacks.
- Not a word or phrase that is likely to appear verbatim on a list of known terms. That’s because the other way to crack passwords, besides brute forcing, is match hashes against lists of terms. Unless there is an exact match between a term on the list and your password, cracking software won’t find it. (Terms that are close but not exactly the same aren’t a problem — which is why making just a few unpredictable changes to your sentence is enough to keep your master password secure.)
Combined with a password manager, a strong master password based on these techniques will keep your personal information very secure.