Mật khẩu mạnh là một cách để bảo vệ quyền riêng tư của bạn khi trực tuyến. Đây là cách tạo mật khẩu hoặc cụm mật khẩu mạnh mà bạn sẽ nhớ và không ai khác có thể đoán được.
Mật khẩu mạnh là gì?
Mật khẩu mạnh cho các tài khoản trực tuyến của bạn phải là:
- Thực sự ngẫu nhiên
- Không ngắn hơn 17 ký tự
- Khác nhau cho từng tài khoản trực tuyến
- Thay đổi 90 ngày một lần
Có một số thực hành về mật khẩu mà bạn nên tránh:
- Không sử dụng định dạng "từ + số" thông thường.
- Không bao gồm thông tin cá nhân có sẵn công khai, chẳng hạn như ngày sinh của bạn.
- Không sử dụng cách viết tắt và thay thế thông thường (chẳng hạn như sử dụng "@" cho chữ cái "a").
Cụm mật khẩu là gì?
Trong khi hầu hết các mật khẩu là sự kết hợp của số, chữ cái và ký hiệu, thì một cụm mật khẩu bao gồm các từ được kết hợp ngẫu nhiên. Ví dụ:
StingrayCobaltLyingStimulusLiquid
Passphrases are both easier to remember and more challenging to guess than standard passwords. Just try to memorize the first letter of each word, or turn it into a song in your head. To defend against dictionary attacks, you should use at least five words, which should be truly random. You don't want the phrase to sound like a sentence.
Passphrase and Password Generators
To make sure the words you pick are genuinely random, use a free passphrase generator like Diceware or Secure Passphrase Generator. For an assortment of random letters and numbers, use Norton Password Generator or the Avast Random Password Generator. Many online accounts have specific password requirements, so you may need to add numbers, special characters, or a mix of uppercase and lowercase letters.
How to Memorize Passwords
Using easy-to-remember information like your birthday or the year you graduated from high school is highly discouraged. If you have trouble remembering passphrases, another strategy is to create an acronym out of a sentence. For example, "A gallon of milk used to cost 32 cents back in 1950" can translate into:
Agomutc$.32bi1950
It's generally not a good idea to write down your passwords; however, you can write down the phrase as a reminder, and no one will know what it means if they find it.
Set Up a Password Manager
As tempting as it may be, you shouldn't use the same username and password combination for all of your online accounts. Each account should have its own unique, complex password. Fortunately, you don't have to remember them all individually.
If you have multiple online accounts, you should use a password manager to keep track of your login credentials.
That way, you can log in to any account by entering the primary password for a password manager. Some of the best password managers programs also come with built-in password generators.
If you want to know how strong your password is, use a password checker like Password Meter.
Multi-factor Authentication
Regardless of your password strength, it's always a good idea to protect your online accounts with two-factor authentication (2FA) when possible. When you turn on 2FA for Gmail and other services, you'll receive a verification code via text message or email each time you log in. Most banking services and social media websites support some form of 2FA.
In addition to your online accounts, you also need strong passwords for all of your devices, especially if you carry them with you in public. In addition to passwords, most operating systems support some form of biometric verification. For example, Windows Hello uses facial recognition technology, and Apple Touch ID uses a fingerprint scanner to identify who is trying to access your account.
Why Are Strong Passwords Important?
Passwords safeguard your online accounts from other people who use the same computer. More importantly, they protect you against hackers who want to steal your personal information. For example, if someone knows your email password, they can find out a lot about you, including where you bank, where you work, and where you live. Hackers often sell stolen passwords on the black market for nefarious purposes.
Hackers use several methods to steal passwords, including:
- Brute force attacks: A brute force attack uses automated software to guess passwords using randomized combinations of characters.
- Dictionary attacks: Similar to brute force attacks, random word combinations are used to guess passwords.
- Phishing: Hackers solicit private information using phishing emails, robocalls, or misleading links to obtain passwords from users.
- Credential recycling: If a hacker has your username and password for one account, they will likely try using the same credentials on your other accounts.
What to Do If Someone Else Gets Your Passwords
If you suspect one of your passwords has been compromised:
- Create a new, stronger password.
- Change the passwords of any associated accounts.
- Update your account recovery information.
- Keep an eye on your bank account for unauthorized purchases.
How Do I Find out if My Password Was Compromised?
Your usernames and passwords could be compromised through no fault of your own. Several high-profile companies, like Facebook and Sony, have been victims of data breaches that exposed users' login credentials. You can visit the Avast Hack Check website and enter your email address to see if your privacy has been compromised. If so, you should change the passwords for all accounts associated with that email.
Set up security questions and account recovery information when possible to further protect your accounts.