We've all experienced it. You go to a web site and try to sign up and create a password and it has yet another set of arbitrary rules for creating your password.
Those requirements are often created by developers who make arbitrary decisions that are not based upon current research.
MIT Technology Review magazine has exposed research which shows that longer passwords are stronger.
MIT Technology Review Magazine
MIT's Technology Review magazine reported back in October 2015 that research shows that longer passwords is what makes them stronger. The article goes on to explain that many web sites get password requirements wrong and require special characters and uppercase in a false belief that those elements make passwords stronger. You can read the original article at : https://www.technologyreview.com/s/542576/youve-been-misled-about-what-makes-a-good-password/Making Passwords Stronger
Making passwords stronger means making them longer. But everyone knows that human memory has limits. A great length for a password might be 64 characters. However, there are few people who are going to memorize a 64 character password for even one site. That's what C'YaPass is for. It generates long passwords (which are not based upon words) and will manage them for you.
Arbitrary Password Requirements
Even a federal student loan payment site (nelnet.com) that I've had to use recently enforces these false requirements. Here's what the requirements look like:
The alarming thing in these requirements is that a password is constrained to a maximum of fifteen characters. That's not good.
That's a very short password and makes it quite a bit easier for hackers to generate password possibilities.
Arbitrary Requirements Confuse Users
These requirements confuse users into believing this is how you create a strong password. But, as the MIT article mentioned, the hackers have changed their methods and using those extra symbols doesn't do much to increase the strength of a password.
Great Sites Understand That Password Length Is What Matters
Here are some example sites and companies that accept the C'YaPass default 64 character password:
- Microsoft
- Google
- LinkedIn.com
- Yahoo! mail - They changed this right after they were hacked. Previously they only allowed passwords up to 32 characters.
What About Apple?
My AppleId will only accept up to 32 characters and it forces an uppercase.
Password Strength Testers
We've all seen those Password Strength testers which supposedly determine how strong your password is, but they are of dubious value. That's because they simply check for things like the arbitrary requirements I showed you earlier in this article.
When I enter a 64 character hash value generated by C'YaPass, that is not based upon words into those things, they generally say the password is of medium strength. That's something that really needs to change.
Check Your Password Strength
Here's a utility that was created by the creators of DashLane, a popular password management system that stores your passwords in an encrypted file or out on the web on the Dashlane site.
https://howsecureismypassword.net/
That link will open in a new window and then you can check your password strength and how long it will take hackers to guess your password on average.
Test Easy Passwords
You don't have to type your real password, but just type in something like a word. For example I used the word super and it resulted in the following:
I then changed my test password to "supergood" and got the following result:
Finally, I changed my password test to one generated by C'YaPass :
8d9b0b2639a9bdf96c1066ad2fa488f33b1188fc0ab7c600df83cfe2851e9017
I obtained the following result:
Yes, sesvigintillion is a real number.That's a long, long time. See https://en.wikipedia.org/wiki/Names_of_large_numbers for more about sesvigintillion.
Make Your Passwords Stronger
Whether you decide to use Dashlane or C'YaPass is up to you, but definitely start using something to make your passwords stronger and your accounts more secure.
C'YaPass Availability
You can get C'YaPass for Windows here at this site for free: http://cyapass.com/page/get-c-yapass
You can get the Android version in the Google Play store for free: https://play.google.com/store/apps/details?id=us.raddev.cyapass
IOS Coming Very Soon
The iOS / iPhone/ iPad version is coming soon (by end of year 2016).