Editorials and informational articles

How to set up strong passwords and remember them

In this article we will tell you the necessary rules for setting up right and strong passwords.

The most important rules are the following:

  • Passwords must have minimum 12 characters.
  • Passwords must contain a mix of numbers, symbols, capital letters and lower-case letters.
  • Passwords must not be created by dictionary words
  • Passwords that replace letters with numbers in obvious words are still now good, despite the fact that they respect the rules.

While 39fkddf!#$32d is a very good password, respecting all the rules, it cannot be remembered easily, and a good password written on a sticky note or on the phone is even worst than a bad passwords that can be easily remembered.

The best way to create (and remember) a secured password is to think of a phrase you can easily remember and use only the first letters of each words, replacing some of them with numbers.

E.g: The ZeroViruses blog is written by two tech ninjas who love cats and beer. -> t0Vbiwb2TNwlc4&b3

Another method of setting such a strong password is to choose for words which are not unrelated to one another and mix them up with symbols and numbers: house summer beer ninja -> h0sUmb33rN!nj4!

Even passwords created by this methods are very difficult to remember, so here come the passwords managers. Basically, password managers provide a centralized vault for all your passwords and autofill them, in the right text boxes.

I introduce you LastPass:

LastPass is probably the most popular free, cross-platform password manager application. It can be used on both desktop (running Windows, Linux or Mac OS X) and mobile (running Android or iOS).

Among others, it autocompletes your passwords on websites and introduces your personal information you use to fill your forms. It is also capable of generating random strong passwords and it stores them automatically for you in the vault, alerting the users when they need to change the password or when they use the same more than once.

While it is free to use, if you want to sync your passwords between your phone and desktop, you need to pay a $1 fee per month.

You can download LastPass for free, from the official website.

Hackers and hacks

CloudBleed: Change all your passwords immediately

Due to a Cloudflare source code bug, a lot of sensitive user information may have been leaked on the internet. The biggest affected sites are Uber, Fitbit, 1Password and OkCupid, but it is estimated that over 4.2 million domains were using CloudFlare.

So, user passwords, sensitive information and crypto keys may have been out there in the wild. Google, Yahoo and Bing worked on scrubbing the data, in order to protect users against hackers, but tech guys still find samples of leaked data in search engine caches. According to Hector Martin, you can still find authentication cookies for sites affected by the bug and these cookies still work.

This was discovered by Google’s security researcher Tavis Ormandy, but the bug was there for at least 5 months. The GitHub user Pirate has compiled a full list of all the sites that use Cloudflare’s services and there is also the DoesItUseCloudflare tool that permits the users to insert the website’s domain and check if it uses Cloudflare services or not.

The best way to prevent data loss is to change all your passwords on sites that uses Cloudflare’s services and enable two step authentication methods where possible.