Passwords: Best Practices
August 13, 2019

Passwords: Best Practices
Stop trying to remember them—you can’t, because you’re human. Every password you use (and let’s be real, we all have over 100 logins these days) should be different and truly random. Any clever trick, like reversing a word or swapping letters with symbols, is easily cracked by modern brute-force methods.
Don’ts
- Don’t use any recognizable word or anything spelled backward.
- Don’t just tack on “01” for the new version (“02” for the next...).
- Don’t assume a simple letter-to-symbol substitution (like
$
forS
or@
forA
) will fool anyone. - Don’t rely on your browser’s built-in password memory—especially not on a shared or easily compromised device.
How Computers Hack Your Accounts
-
Password Brute Force
Hackers can guess billions of possibilities per second if they have your account’s hashed password. If your password is under 8 characters, it can be cracked almost instantly. Even 14 characters might only buy you hours. At 20+ characters, you’re looking at years or millennia—assuming today’s hardware. But as computers get faster, you need to stay one step ahead. -
Password Hash Comparison
Once hackers have a list of hashed passwords (from a database breach, for example), they can quickly match them against known hash patterns. Unique, random passwords for each site help limit the damage if one set of credentials leaks. -
Keystroke Copiers
Keyloggers or malware on your device can record every password you type. This is why using unknown machines (like at an airport) is so risky.
The One Golden Rule
Use a password manager. Whether it’s LastPass, 1Password, Dashlane, or Keeper—pick one and stick with it. Let it generate 20+-character random passwords for every single account. You only remember one strong master password; the manager handles the rest.
Example Password (Don’t actually use this!)
*#84jdFH@)39fHDHfiu\egl{#lq4Ma435#|5
I personally started with LastPass and recently switched to 1Password after trust issues arose. Yes, it can feel like a pain, but it’s infinitely safer than reusing the same eight-character password. It’s your best bet to avoid a GPU-based brute force fiasco or a simple dictionary attack.
Accept the (Mild) Inconvenience
- I memorize my master password, my phone’s PIN, and my computer’s screensaver login.
- Everything else? Random strings that only my password manager knows.
Sure, there’s still risk—keyloggers, zero-days, or state-sponsored hacks exist. But at least you won’t get hammered by a simple brute force or guesswork attack. And if one site gets compromised, your other 152 logins remain safe behind their own unique walls. It’s all about making it harder for hackers, one step at a time.