Choosing a good password
By now, most internet users are aware that choosing a strong password is important. What, exactly, constitutes a strong password has changed quite a bit over the years: A decade ago, “34xyf4ds” was considered to be a solid password; now, a hacker armed with little more than a lowly laptop can slice through passwords such as this one like a knife through butter.
Today, a good password should be at least 12 characters long, preferably longer. It should contain numerals as well as lowercase and uppercase letters. It should not contain easily guessable personal information; if you’re called Michael and are born on September 12, 1967, then “Michael-09121967″ is not a good password. In fact, even though you can create a solid password by stringing together common words, as explained in this XKCD comic, I’d recommend making it far more random (and experts agree).
Never use the same password twice
Now that you’ve chosen a crazy-good password, you’re safe, right? Wrong. If you’re using the same password on multiple sites, you could still be in trouble. If only one of those sites get compromised — as LinkedIn did, when someone stole more than a hundred million usernames and passwords in 2012 — a hacker could try out your email address and the same password on other online services.
Sometimes, if a site has very shoddy security, hackers might obtain your password in plain text. Most often, the passwords will be encrypted or hashed, so the hacker will have to crack the passwords, which is where choosing a good password comes into play. But hackers today have access to very powerful computers and some smart cracking algorithms, meaning that — with time — even very strong passwords can get cracked.
The best way to avoid this is to have a separate password for every online service you use, especially those important to you (Facebook, Twitter) or ones that can actually cost you money (PayPal, eBay).
Remember, if the person who took control of Zuckerberg’s Twitter is telling the truth, Zuckerberg broke both these rules: He had a pitifully weak password (“dadada”) and he used it on several sites, including Twitter, Pinterest and LinkedIn.
Use a password manager
This is where things get problematic for most users. After a while, remembering strong passwords becomes a chore, or even impossible. This is where password managers, such as LastPass or Dashlane, come into play. These services “store” all your passwords, often automatically filling out your online credentials, but you can only unlock them with a master password, so that’s the one password you really need to remember.
A caveat to this method is the fact that if your master password gets stolen, you’re in trouble, as a hacker can gain access to all your passwords. This is why you must choose a very strong master password, never store it on your computer and never share it with anyone.
Note that even password managers are prone to vulnerabilities. You might choose not to use one and just keep your passwords in your head, or offline, on a piece of paper in a safe. That’s perfectly fine, just don’t lose the piece of paper.
Use two-factor authentication
Even if you’re really careful, mistakes will happen. An ancient service you forgot you’ve ever used could get compromised, come back and bite you from behind. Or you could connect to the wrong Wi-Fi network and become a victim of a stalker-hacker stealing every bit of info you sent out from your computer. (By the way, don’t connect to Wi-Fi you don’t trust. Ever.)
This is why it’s advisable to use an additional layer of protection, usually in the form of two-factor authentication. This method combines something you know (your password) with something you have (your phone), making sure that even if someone learns your password, they still can’t access your services without physically having control of your phone.
Today two-factor authentication is supported by many online services (though not all), including Gmail, Facebook, Twitter, Instagram, Amazon, Slack and others. Usually, it works as follows: You set it up by adding your phone number. Then, when you log in from a new device or location, you’ll receive an additional code on your phone, without which your password would be useless.
Even if you do everything right, you could still fall victim to a hacker attack, or lose control of one of your online accounts. But by following the steps described above, you’ll make it orders of magnitude less likely. And even if one of your accounts gets compromised, the damage won’t spill into other areas of your online life.
Originally Posted: mashable.com