Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Why You Shouldn't Trust Password Meters

by Elizabeth Harper on August 19, 2016

When you're picking a new password for an account, you've probably noticed that most services tell you how strong your password is. This is meant to be a gauge of how tough it would be for a hacker to get into your account. If you're told your password is weak, you should definitely work on improving your password—but if you're told your password is good (or even okay) chances are you stick with that password instead of trying to remember one that's more complicated.

But do password strength meters really help us make strong passwords? Testing by anti-virus maker Sophos says no. The problem is that many common strength meters don't do a good job of measuring what makes a strong password. It's easy for a password meter to tell if your password is made up of dictionary words and has no special characters. That's just a measure of how hard a password would be to crack using brute force guessing. According to Sophos, this is not not the first method hackers use to try to crack passwords. They use methods that take into account the common ways people use to d!sguise comm0n words. So meters need to determine how guessable a password would be, which is more difficult to gauge. 

To judge how well password checkers do their jobs, Sophos picked the five most common password strength meters and ran five of the most commonly used—and therefore the least secure—passwords through them. None of these common meters saw all of these as the weak passwords they are, and one even thought three of the five were good.

Compounding this problem is the fact that many people are also pretty bad at telling what a strong password is. So it's easy to make a bad password without even realizing it.

Since you can't count on a password site to tell you whether you've made a strong password, what should you do? Here are some tips for making the best possible passwords:

  • Avoid using words out of the dictionary, which are easy for password cracking software to figure out. Phrases and acronyms are better.
  • Never use a password on the most used passwords list.
  • Use long passwords, at least 12 characters. To make it easier to remember, turn the password into a meaningful sentence. For example, "This little piggy went to market" turns into "tlpWENT2m." Notice that not only does this password use the letters from the sentence, but it uses both uppercase and lowercase characters and replaces “to” with “2.”
  • Add special characters and punctuation.
  • Don't include any personal information like your address or birth date, which can make your password easier to guess.
  • Never use the same password on more than one site—that means if one site gets hacked, all of your passwords are compromised! 
  • Use a password manager to keep track of all of your passwords. If they're just written down on a post-it stuck to your desk, they're not very secure!
  • Use two-factor authentication—where you have to enter a password and a code (usually texted to your phone)—on any site or service that supports it.

[Image credit: woman with credit card inputting password via Shutterstock]


Topics

Computer Safety & Support, News, Computers and Software, Blog


Discussion loading

gravatar

From Frank Verano on September 10, 2016 :: 12:06 pm


I have 69 passwords, all different. Each password has a pass phrase that will die when I die.  (I am 98 now.)  I use a cheat sheet posted near my computer so that I can refer to it when needed. No one can use the cheat sheet without the pass phrase which is only in my head. The cheat sheet is coded without the pass phrase. I keep my fingers crossed that I do not get any kind of dementia. I can recall many of the passwords from memory but on some I need a second guess, some on the third guess and on the rest I have to refer to my cheat sheet.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.