Heartbleed aftermath: Here’s how to make sure your password is hard to crack

Too often we think our passwords are safe just because we use an alphanumeric combination and trust web encryption to keep it safe. But the shocking **Heartbleed incident** has highlighted how easy it is for anyone to gain access to our passwords on compromised websites. It highlighted the vulnerability of the SSL encryption even when used by the likes of Google, Yahoo and Amazon.   But since you are now forced to change many of your passwords, at least you would do well to steer away from some of **the worst known passwords** and instead choose a strong one.  A study by popular anti-virus maker BitDefender shows an alarmingly high percentile of users (75%) are using the same password for their email as well as social media account. No wonder then, once a hacker cracks your password for one account, accessing other related accounts will be as easy as a whistle.   So how does one create a password that’s hard to crack, but easy enough for you to remember? Try a combination of these methods.   Make use of the length criteria There is a reason why many websites require you to create a minimum 8-character password. They want it to make difficult for outsiders to gain access and the more the number of letters, the more the permutations and combinations possible, making it hard for anyone to guess your password. The next tip shows how you can use this criterion to your advantage.   Forget passwords, use a passphrase Here is where you can make that password length criterion count. Instead of using a meaningful word or a combination of them, try creating a random word that only you can figure out. For example instead of using a password like John@123, try and think of a sentence and take the first alphabet of each word from this sentence. For the sake of this article, we have chosen the example ‘John never gets angry with kids’ but it could be any sentence that you want.   With our example, the basic password is ‘jngawk’. However, we have to make it more complex, seeing as how ‘gawk’ contained within it is a regular word. Most brute force attacks to determine your password will have a reference dictionary and a common word such as ‘gawk’ will be found within minutes. Then it’s just a matter of determining the other two characters. So what can one do? Simple; make use of your keyboard. [caption id=“attachment_221607” align=“alignnone” width=“640”]  Don’t use simple words; that’s just criminal[/caption]   Add special characters and numbers Now throw in some numbers and a special character or two and place them in between these alphabets. So for our password jngawk we will add a number and a special character, say 3 and #. Now the password becomes jn3g#awk. Now we can see it gets just a little more complex. But the hard work is not done yet.   Use punctuations Punctuations can really crank up the complexity level of your password, though not all websites allow all special characters and punctuation marks. But for the sake of explanation, we add an underscore punctuation within our password. It now becomes j_n3g#awk   Use upper and lower case effectively You can make any alphabet from your password an upper case or a lower case. This makes it harder for anyone using brute force attacks to ‘guess’ your password. Here, we will make it more complex by making alternate letters  upper case, though. So our j_n3g#a password now becomes J_n3G#aWk and a lot more complex than when we started out.   So there you have it; a simple way of creating a complicated password, but it’s not wise to use the same password again on different websites. So you can try a few tricks with your existing password, such as reversing or mirroring it, or you could use different rules for capitalisation on different websites.   Invert the password Another trick you can use to make your password harder to crack is by inverting the already created password. So in our case the password now becomes J_n3G#aWkkWa#G3n_J. A 15-character or higher password is significantly harder to crack using brute force attacks and certainly not when the collection of characters is random.   It needn’t be said any more but it doesn’t hurt to say it once again: Change your password regularly. It is one of the best ways to ensure that you are a step ahead of hackers. And in case you have stumbled upon what you think is a truly genius password, you may want to check how long a regular PC will take to crack the password with this tool here.   And as many people have said, the strongest password is the one you can’t remember. Many password managers are capable of generating a strong password such as the one above for you. RoboForm is one such free cross-platform utility and browser extension that makes it easy to login to sites without you having to remember the password. It can log you into websites with a single click, as it stores all passwords in a secure database and then retrieves them when needed. So it can create a random 16-character string to act as a password, making it all the more easy for you to login and harder for others to crack your password.   Thankfully, the weekend should provide you with ample time to experiment and come up with a password that’s hard to crack.