What Makes a Strong Password
Internet and System security have been improved over past many years: HTTPS, Two Way Authentications, etc. But still, a weak password may compromise highly designed security process.
Here are the few points for creating a strong Password:
- Make your password length to be 15 chars to 20 chars;
Many create passwords less than 8 chars, easy to remember and to key in;
And, easy to break;
So keep it more than 15 chars;
- Include numbers, upper case, lower case, and punctuation;
One password with all these chars spread evenly, will make any password hacking tool impossible to create one correct combination;
Imagine the power of math with all the possible combination of the chars (selected randomly);
- Not using any existing words;
Many password hacking tool depends on dictionary to guess passwords;
Not even using any names;
- Do not use simple replacements;
for example, [email protected], seems to be complicated random password;
But, it is not. It will be a hit easily in many password guessing tool;
Avoid such simple replacements;
Hash Password with Salt
Applications will not store clear text password. This is known to any professional system developer.
Password stored are normally hashed, which is impossible to be decrypted.
Hash works by generating a text string for given text value, one way direction.
Means, if you give string value "googleYahooBing", the result will always be "b3f80137e981472e27170192617d55ac".
Thus, when you login into a system, the system will hash your inputs, and compare the hashed values. If hashed values match, means you password is correct, and proceed to login.
In this case, even someone managed to get the stored password value, the hashed value, they still cannot get the original password text.
But, is this safe?
NO. Answer is clear. Attackers can always create random passwords, and hash each generated password, then compare the hash value, if match, means they get your password correct. And using that password, they may be able to authenticate against other system (if you happen to use the same password, well, this is very common ... I won't create one password for each system I login into).
To avoid this kind of situation, the best way, it is to add "SALT" for each password before hashing them.
Say, still the same password, "googleYahooBing", for a system we build, we set the salt as "LyCoS" (this salt can be hard-coded, or to be random generated and stored in tables). Then before hashing, "googleYahooBingLyCoS" is the password. Now hash it, will get "73ac159e98b8338667437f7b1e748130".
Now, even if someone manages to crack this system, and get this password, that limits the exposure to this system only.
The passwords are generated at users PC end browsers.
All passwords are not transmitted to our servers or networks.
You use the passwords generated by this page at your own risk. We do not offer any support or warranty.