How to come up with a very complex password. How to create a password so strong and complex that hackers will cry trying to hack you. How to come up with a strong and complex password

Need to work immediately with several companies, which means you need to register with each and use a strong password. For social networks, for example, good protection also wouldn’t hurt... In general, the topic is more than relevant, so today we’ll talk about what the password will be quite complex for hackers, how to remember it, and also how to store many complex passwords convenient and in a safe place.

How hackers crack passwords

I immediately remember the series “Sherlock” (season 4 in January, hurray-hurray), where our brilliant detective was able to unravel a very non-trivial password on Irene Adler’s phone in just a few attempts:

If she had chosen any random combination of four letters and numbers, it’s unlikely that even Sherlock Holmes would have succeeded. In general, filmmakers love to insert such scenes (remember any other movie with password guessing), but the most interesting thing is that this kind of thing actually works in real life. This hacking method is called logical guessing— and is based on known information about the user.

If the attacker knows first name, last name and date of birth- in a few minutes he can go through possible combinations and crack a password that uses this information. Well, you probably use at least one of these? :)

By the way, do you know what passwords are found? more often? I found this sign online with examples of the most popular passwords:

As you can see, these are mostly simple combinations of numbers and letters. The frequency is not indicated here, but let’s say at least 1% of users use a primitive password 123456 — how many accounts can a hacker hack on a large service? What if we run through all known popular passwords? That's it...

By the way, there are special password dictionaries that can be downloaded from the Internet. Fortunately, popular sites have long required users to at least minimally complicate the input data - use upper and lowercase letters, at least a couple of numbers, and check that the password is not in the same dictionaries.

However, this may not be enough if the hacker has large resources and special programs. The so-called brute force method allows you to guess passwords by simply trying all possible combinations; modern computer capabilities completely allow this.

The more different characters are used (uppercase and lowercase letters, numbers, dots/dashes/commas, etc.) and the longer the password, the more time it will take the computer to check all possible options. How much? Let's say the password uses only lowercase English letters and numbers, then the situation is like this:

As you can see, a password of less than 7 characters can be cracked in one day, and a 7-character password can be broken in a week, and if the hacker is lucky, even faster. In general, this is what password complexity looks like for the brute force method; I think the conclusions are obvious.

However, even if you create a good, complex password, there are bypass ways to hack it. For example, a letter arrives in the mail with a phrase like “to withdraw money, send your password for verification”, of course you do this under no circumstances should! Administration of any website or service never will not ask for your password, they already have it in the database.

Another way to get a password is to somehow “snoop” it. As a child, when I went to a computer club, this was a real problem - there were a lot of people around and entering the password for your game account without anyone spying on it was not easy. There have been cases of theft of game currency and items :)

Attackers can also hijack your computer Trojan program, which records what you type on the keyboard. To protect against such an attack, of course, you need to use antivirus.

Well, now you know the easiest ways to hack your data. How to protect yourself from them and create a complex and reliable password?

How to create and remember a strong password

As we have already found out, the password must be at least 8 characters long, and it is highly desirable that it use different types of characters:

• lowercase letters - a,b,c…;
• capital letters - A, B, C…;
• numbers - 0,1,2…;
• punctuation marks - comma, dash, question mark, etc.;
• special characters — @, #, $, %, etc.

You can check the password complexity, for example, on the Kaspersky Lab website, it looks pretty lively:

You don’t have to create a password manually, there are a lot of sites where you can do this, just enter the query “password generator” in a search engine and you will get a large list. Of course, the question arises: does a particular site record entered passwords? Even if so, you still need to know the login, and it is not known where you will use the resulting combination.

To still calm your paranoia, you can generate a password on the site, and then change a few characters in it - the complexity will not change, and the risk of brute-force hacking will still be very low.

There is only one problem with generated passwords - it’s quite difficult to remember at least one, but ideally Each site needs a unique one. One of the best ways to make things easier for yourself is to use words in your native language in the English layout, diluting them with numbers and symbols.

Here is an example of an easy-to-remember, but very high-quality password. Let’s take the Russian noun “iron” and the logically unrelated verb “green”. As numbers, let’s say there will be the year of birth of the famous writer - Leo Tolstoy, 1828. Well, let’s spice it up with an exclamation point!

Let's mix it up a little and we get the following password: en.u18!ptktyttn28. I wrote down Russian words using the English layout, divided the year of birth into 2 parts and put an exclamation mark at the end of each word. It seems to be nothing complicated, but the password turns out to be of very high quality:

You can come up with other similar ways to create a password - they will all give excellent results. However, this still does not help to follow the rule 1 site - 1 password, it’s difficult to remember more than five combinations and not start using them several times. It turns out that you need a place to store important data.

Programs for storing passwords

Separately, I would like to say that writing it down on a piece of paper and sticking it to the monitor is a so-so idea :)

You can, for example, write down passwords in a notebook, but this is not very convenient - you need to enter the password manually every time and also carry it with you everywhere. And anyone who sees you looking at a notebook and entering something on the computer will quickly understand what’s what and may try to steal it.

Still, it is more practical, in my opinion, to use a specialized program for storing passwords. Firstly, they can be stored directly in the browser— after the first introduction you are asked whether you need to save or not:

This is quite convenient, and accessing the storage is not so easy - the main thing is to update the browser on time, vulnerabilities are constantly being eliminated. Of course, there are also disadvantages - if someone else uses the computer, he can easily use the saved passwords.

It is quite possible to store not particularly important data in the browser - from some accounts on forums or free services, hacking of which will not cause you much harm.

More valuable data should be stored with at least additional security measures. There is a special extension for browsers LastPass, which does roughly the same thing as the browser itself, but better. The vault itself can be locked with a password; you will need to come up with just one using the “green iron” method and remember it.

The disadvantage of LastPass is that your passwords are still on third-party servers, and if they are hacked (and stories of hacking of major corporations indicate that no one is safe), the data will leak to the attackers.

I had a more inspiring experience working with a regular Windows password storage program - KeepPass. It is free and based on open source, which means that many programmers have checked it and have not found any hidden tricks that would allow data to be stolen.

It is English-speaking, perhaps this is the only negative that I have found so far. The meaning is this - all passwords are in a database, which is protected by a separate password and a key file:

The Master Password should be very complex, but since there is only one, it is easier to remember. The password database looks like this:

I have several groups of passwords - Mail, Forex, Social Networks, etc., each of them stores different entries. In principle, everything is quite simple, especially if you know English.

You would probably like detailed instructions on how to use KeePass. Let's do this - if at least 5 different people in the comments ask to write an article or ask something about a program for storing passwords, I will assume that the audience is interested and will do it next week :)

And that's all! So you found out basics of creating and storing strong passwords. Let's check how things are going with Webinvest readers :) We need a site that everyone can use... I think social networks will do. So, I ask you to use the poll to tell us how complex the password you use for your favorite social network is:

I hope that after my article the situation will improve. Especially if you help spread the article among your friends and colleagues:

Friends, in general, do you take passwords responsibly? Or do you think that you shouldn’t worry too much about it, the hassles aren’t worth it and you can get by with fairly simple ones? Leave your opinions in the comments.

See you in new articles from Webinvest! Winter is coming... please don't get sick.

(add as a friend

12345 - we need to change the password. How to come up with a complex password and remember it forever

Internet scammers steal millions of passwords from mailboxes and user accounts every day. But don't despair - we'll give you some very simple but effective tips that will protect you from losing control over your resources.

For those who prefer to watch, we have prepared a video version of this article:

1. Use strong passwords

You guessed it, right? Sorry for the banality, but this is the main advice - which most users still neglect. No wonder passwords like qwerty remain among the top most popular to this day.

Do not use the names of your favorite characters, the name of a football club, or the name of a pet as a password, as this information can easily be found on your social networks. A complex password must consist of a random combination of various characters and symbols.

2. Use uppercase and lowercase letters, numbers and symbols

, users do not like long passwords - they are easy to forget and too lazy to type. An 8-character password was considered secure only in the early days of computers; Today, an eight-digit combination is mechanically selected in a couple of hours.

However, even a short password (up to 8 characters) can be made relatively secure if you use numbers and letters in different cases. It will take 2-3 days to select such a password.

Maximum security is achieved by simply increasing the password length and using different characters ($, %, &, '', #) in those services where this is possible.

3. Use acronyms

Choose a phrase that you know you won't forget and use a combination of the first letters of each word as your password. For example, the poem of 1828 “At Lukomorye there is a green oak, a golden chain on the oak tree...” turns into ULdzzcndt1828.




4. Use with keyword

Pick a keyword and mix it with the name of each site you have an account on. For example, for the keyword “antivirus” the password on the site will look like this: c a l n u t b i e v s i e r t u n s od32. The benefit of this trick is that you will have a strong password for each site.

As suggested in the comments, this method may fail if the site address changes - however, in this case it is enough to use automatic password recovery.

5. Don't use the same password for different accounts

Like a true artist, be original. Remember that different sites have different levels of security. For example, most services send passwords via email through a password recovery process. Having obtained a password from an unsecure service, hackers can try to use it for your email or social networks - the same password will become the key to all your resources.

Risks can only be reduced by using unique, complex passwords for all accounts.

6. Change passwords more often

In the case of the theft of Mail.ru passwords, 99.982% of all passwords turned out to be irrelevant. This was largely due to the fact that most of the database of stolen accounts was compiled from a number of other databases.

However, in the case of 57 million addresses (that’s exactly how many records were in the leaked database), this is not enough - can you guarantee that your Mail.Ru mailbox is not compromised by attackers? Moreover, this is just one example of a leaked database - we don’t know how many millions of current addresses are in the hands of hackers today.

But we know for sure that there would be much fewer of them if users regularly changed their passwords.




7. Use a password manager

How not to forget the password for your VKontakte account, mailbox and Internet banking? Few people can remember dozens of complex passwords. This is fine.

Luckily, software developers have come up with a solution. Today, there are many tools that help users securely store an unlimited number of their most complex passwords. For example, you can use the most popular ones - LastPass or 1Password.

However, password managers have their weaknesses. The most important accounts that can access your banking information should not be trusted even by the most reliable programs.

8. Don't forget about the "secret question"

In tip #1, we recommended not using information that can be easily found out about you from social networks as a password. The same applies to “secret questions”, which many for some reason forget about or do not attach importance to them. In addition, attackers can easily select an answer from a database of popular options.

Try using the absurdist tactic when the answer has nothing to do with the security question. Mother's Maiden Name? Aspirin! Pet name? 1989!

9. Use two-factor authentication

To minimize the risk of credential leakage, use two-factor authentication wherever possible.

Most social networks, postal and banking services allow you to enable authorization confirmation via SMS. This way, scammers won't be able to access your account unless they have your mobile phone in their hands.

So, if you have an account on Yandex, we recommend using the two-factor authentication function Yandex.Key:

• Download the app for Android or iOS
• Enter your password or QR code
• Login to Yandex
• Profit!

10. Antivirus is our everything

Passwords don’t just get to hackers, they don’t float to them through the air (except for the usual fraud when users themselves tell criminals the passwords for their services).

Personal data is collected and sent to hackers by very specific malicious programs that, by hook or by crook, try to get onto your PC, laptop or smartphone.

Therefore, installing a reliable antivirus (and regularly updating the database) is one of the main ways to save your money, nerves and privacy.

Every day, hackers hack tens of thousands of accounts from a variety of services, including blogs, online stores, social networks and cloud storage. The main method of hacking, as always, is brute force (automatic selection of passwords).

It’s quite easy to protect yourself from hacking – just use a complex password. It would seem that this is a very simple task. But it is often complicated by the fact that complex passwords are difficult to remember. We will try to give some tips on how to come up with a complex, but easy to remember password.

How to come up with a strong and complex password?

First, you need to create unique passwords for each account. This is necessary for one simple reason. For example, you have a website that contains addresses for your profiles on social networks. It would be a big mistake to use the same password for them. This way, an attacker can take over all accounts at once.

In addition, it is not recommended to take passwords from dictionaries. The thing is that today the Internet is full of special programs that automatically substitute passwords from dictionaries one by one in order to gain access to the desired page of a website or profile on social networks. Also, you should not use your date of birth in your password, because it is easy to find in the same VKontakte or Odnoklassniki.

Secondly, it is necessary to use letters of different case (both uppercase and lowercase), as well as numbers and service symbols (for example, #, ?, –, etc.)

Next, you need to come up with a long password - this is the basic rule for its reliability. According to security experts, a long and strong password should not be meaningless. You should use an expression that is clear to you and easy to remember, with minor modifications that make it more difficult to brute force. For example, “2BeORnotTobe”. Agree that remembering a passphrase with its modifications is easier than a set of meaningless characters. The ideal option would be to come up with your own phrase for each account.

It should also be said about security questions to recover a forgotten password. Here you should not use template questions, but come up with your own, which will be understandable to you, but for third parties - complete nonsense.

Another example. Let you like the phrase “Silence is golden”. You can translate it into translit (for example, using the free online service https://translit.net/), highlighting the beginning of each word with a capital letter and adding a couple of numbers - “3Milchanie5Jeto7Zoloto”. There is nothing complicated here, but finding such a password will be quite difficult.

Use two-factor authentication

Also, to protect your pages from hacking, use two-factor authentication whenever possible. It provides access to your personal account only after entering a password and an additional factor. Most often the latter is SMS-message with code. In this case, if the password for the service ends up in the hands of attackers, they will not be able to access it, since the code will only be sent to your phone.

Where do you store your passwords?

Undoubtedly, finding a secure place to store passwords is quite difficult. A notepad can be lost, and a phone can be stolen. Therefore, all experts unanimously declare that the best option is the head.

If you still decide to use your computer as a password storage, then it is recommended to disguise the password file as a picture. To do this, you just need to replace the file extension with jpg. operating system Windows will change its icon, and by placing the file in a folder with other pictures, you will hide it securely. Of course, you won't be able to double-click such a file because, according to the extension, it will be picked up by your image viewer, which will immediately display an error message or show a blank screen. You need to open it by right-clicking and selecting Open with, and specify any text editor.

You can also hide a file with passwords inside another file. To do this, first of all you need to pack the file into RAR-archive. Next comes any JPG-place the picture along with the archive in any folder. After that, launch a command line window (emulator) ( Start -> Run -> cmd), go to the folder with the files and type the following command to merge files:

Copy /b picture.jpg + archive.rar 12345.jpg

As a result, you will receive a file 12345.jpg, inside which your password file will be hidden. To view it, you need to use the program that was used to create the archive.

Useful online tools

There are many online services on the Internet that help you select and check the strength of passwords.

For example, a tool https://1informer.com/generator-passwords-online/ will allow you to generate a strong password based on the specified parameters.

You can see that you can set the password length, and also select which additional characters will be used in the password (upper and lower case letters, numbers, as well as the symbols #, ?, etc.)

Additionally, you can also check the strength of your password. There is a special service for this from Kaspersky Lab – https://password.kaspersky.com/ru/. For example, in a special form on the website, enter a simple password "admin". Here's what the system will say about him:

Only at first glance, impenetrable passwords do not contain a logical structure and look like gobbledygook. Complex passwords are such only for those who do not know the recipe for creating them. You don't have to remember letter cases, numbers, special characters and their order. All you have to do is choose a memorable one and follow simple tips for creating strong passwords.

Nursery rhymes

We take any children's rhyme or counting rhyme as the basis for the password. It is advisable that it be found only in your area and not be generally known. And better than your own composition! Although any children's rhymes will do, the main thing is that the lines are firmly stuck in your head from a young age.

The password will consist of the first letters of each word. Moreover, the letter will be written in uppercase if it is the first in the sentence. We replace some letters with numbers similar in spelling (for example, “h” with “4”, “o” with “0”, “z” with “3”). If you don’t want to get too confused with replacing letters with numbers, look for a counting rhyme that already contains numbers. Don't forget about punctuation marks that separate words and sentences - they will come in handy.

Example:

The turtle has its tail between its legs

And she ran after the hare.

Got ahead

Who doesn't believe it - come out!

We replace the letters “h”, “z” and “o” with similar numbers. The second, third and fourth lines begin with capital letters and are therefore written in uppercase. Include four punctuation marks. Of course, we write in Russian letters, but on the English keyboard layout.

The 17-character password is ready! It may not be perfect because it contains repeated characters and consecutive lowercase letters and numbers. But it would certainly be hard to call it simple.

Favorite sayings

The scheme is similar to children's counting rhymes. Only as a basis you take your favorite and very memorable phrases of thinkers, celebrities or movie characters. You can complicate your life somewhat by replacing the letter “h” not with “4”, but with “5”, for example. There are never too many confusing maneuvers!

Example:

I found out that I have

There is a huge family:

River, field and forest,

In the field - every spikelet...

Replace the letter “h” with “8”, do not forget about upper case and punctuation marks.

Ze,8evTjc^H,g,bk,Dg-rr…

Jargon and terminology

This implies the use of professional jargon that is understandable to an extremely narrow number of people. These words are much more distant from the average person than the criminal sayings that are widely covered on television and the streets of any city.

For example, you can use a hospital discharge or a tricky medical definition.

Example:

Cyclopentaneperhydrophenanthrene is a 28-letter term. It turns out to be a bit long, so I propose to throw out the vowels and dilute the remaining consonants with upper case.

Memorable dates

Of course, your birthday or the day you start your married life is not the best basis for a password. The event should be of exceptional importance, and only you should know about it. For example, this could be the day you ate gum for the first time, ran away from class, or broke your heel. Since the password will be based on numbers, it would be a good idea to mix them with letters.

Example:

10/22/1983 and 06/16/2011

Replace the dots separating the day, month and year with any letter, for example the small English “l”, which is very similar to the quite often used separator “/”. Between dates we will put an underscore character “_”. Let's replace the zeros with the letters "o".

Visual Key

Use the smartphone unlocking technique on your keyboard as well. Think of any shape and “slide” your finger along its contours.

Don't forget to go through the numbers, change the horizontal and vertical direction of movement. And, unlike me, be imaginative!

Conclusion

The proposed methods for creating a password that is memorable, but at the same time quite difficult to understand, can be changed and combined at your discretion. It is enough to think about your super password once, and you can use it in the presence of a stranger without fear.

How do you choose your password?

>r"-BGS_zhv_MwvgA2)