Which is true as far as it goes, but evil continues to learn and the world isn't that safe....
This will tell you everything, and is worth a read IMO
www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/
tl:dr your password can become known.
I'd add two other possibilities to consider;
- Some websites, though less these days, are run incompetently and may hold passwords in the clear.
- Sometimes websites offering some attractive but easy to do service are set up solely to gather username/password combinations.
In the end the advice is fairly simple;'
Use long complex passwords (Longer is better than complex, both is best)
- 12 - 15 characters
- use upper/lower case, numbers and special characters
- Don't bunch up the special characters (all at beginning or end) or rely on substitution (3/e o/0 etc.)
Never use the same password on two sites/accounts
- because maybe one site you use it on is a weak, insecure, site and the other is your bank.
I use unique 20-something character, randomly generated passwords for every account that matters. And I have a 12 character junk password that I duplicate across every account I don't care about.
I find that the best/easiest way to do that is to use a password manager. I use Lastpass and Bitwarden, but there are others.
Last edited by: No FM2R on Fri 21 May 21 at 15:26
|
Password Security new