entropy is your friend (this time)
entropy is a measure of how unpredictable your password is, usually measured in bits
for nerds:
e = log2(r^l) where e = entropy, r = pool of unique characters, l = length of password
this is assuming the characters in the password are picked truly randomly from the pool
to be v conservative while illustrating the effect of adding more characters to the length
we will assume that the pool of unique characters only includes characters actually used
@l@y90D3 = ~22.46, NtU1AtfWMe%wb%17 = ~59.21, w6r5gpewwai%ER4cLJtQxmqP8A3KX%W& = ~155.46
broadly, entropy increases linearly as password length increases
importantly, for each additional bit of entropy, the difficulty of guessing doubles
that means, if we compare our 8 character password to the 32 character password
the 32 character password is ~10000000000000000000000000000000000000000x stronger
password crackers are clever
‘ah’, you say, ‘i can make a long password’: thisismypasswordlookhowlongitis
how clever, how droll - unfortunately dictionary attacks exist and foil this approach
(they make, speaking /v/ overly simply, adding ‘canada’ the same as adding ‘c’)
don’t think doing substitutions like ‘p4ssw@rd’ is unaccounted for either
‘oh? i need a special character and a capital letter?’: Password!
how often is the special character at the end or the start, do you think?
how often do you think the capital is the start of a word?
anything predictable like these examples /dramatically/ weakens your password
the solution
memorize /one/ v strong password & set it as your password for a password manager
actually use your password manager for everything and default to 32 length randomized passwords
also, you should use 2fa for all your important accounts & set up 2fa for your password manager
that’s it, really
i strongly recommend bitwarden and also strongly recommend paying the $1 a month for premium
people used to remember multiple phone numbers; remembering one +16 character string is doable
if you genuinely don’t feel you have the ability (or the time at the moment) then..
remember the first two characters and write the rest down somewhere nearby which you judge safe
two is enough to be a pain for a normal person who might want to snoop who finds your note
you should try to focus on remembering a little more of your password each time you use it
eventually you won’t need your note
make sure that if where you have it written burns up in a house fire you aren’t out of luck
(consider using bitwarden’s ’emergency access’ feature mentioned below)
either way, once you have it memorized, don’t forget to get rid of your note
you can read about other security best practices, beyond passwords and 2fa, here
extra perks of bitwarden/a password manager
if you pay the $10 for a year of bitwarden, you can use ’emergency access’
with this, you can set someone else with bitwarden as an emergency contact
if you lose access to your account for whatever reason, your contact can request access
if you don’t stop them by rejecting their emailed request for access, they can let you in
you can choose the amount of time you will have to reject requests on a person by person basis
(make sure you and your contact have both confirmed the connection in the app and it is active)
this is a /great/ feature which effectively removes the ability to get permanently locked out
i really can’t recommend this enough
i would highly recommend getting the browser extension for your password manager
an added benefit of this is that it can help warn you that you are on a fake copy of a webpage
if a url doesn’t match the url of the site you made the password for, it won’t suggest it
meaning: if you think you are on your bank’s page and your manager doesn’t have suggestions..
you aren’t really on your bank’s page and someone is trying to trick you & steal your password
this can prevent a shocking percentage of scam attempts or mistakes made due to inattention