be-a-password.ninja

You too can learn to be a password ninja!

A strong password need not be complicated, time consuming, or hard to remember.

Click here to learn more about keeping yourself safe online, using strong and secure passwords
A starwars storm trooper toy standing guard over a computer

About this site

This site was created by a software developer based in Bristol, UK. To make it easy for anyone with any level of IT knowledge to understand how to stay safe online by using strong and secure passwords.

Passwords are not a complicated thing, and knowing how to use them correctly shouldn't have to be either. There are many websites on the internet that will give you different advice on how to pick a good password, much of that advice is outdated and wrong.

The purpose of be-a-password.ninja is to provide clear and simple advice on how to pick and use a password, written using language that any English speaker can understand. If you have any thoughts on the content of this site please reach out to the creator on twitter.

A photo of a british passport

Why do we need passwords?

You can use a username or an email address to identify yourself to a remote system such as facebook or twitter, however as a username is public information it does not verify your identity (anyone could type it in).

A password however is something secret that you and the remote system agree in advance to confirm your identity, using both the username and the password you and a remote system can agree on your identity.

If you ask any security expert they will likely be happy to tell you that passwords are flawed, they are however the default and currently most accessable form of identity verification we have. This is why it is so important that you pick a strong and unique password for each service (social media, email, bank, etc) that you use.

Read about strong passwords!
A cup of black coffee with 'Be Strong' written on it

Strength with numbers!

A simple rule is the longer a password is the stronger it is; the more types of character in the password the larger the set of potential passwords becomes. The more possible passwords, the longer it will take for someone to guess or crack your password.

Password strength is based on entropy; the more types of character you use the higher the entropy. A single digit gives 10 options, a letter gives 26, upper and lower is 26x26=52, and symbols give 33. Taking an eight character password as an example:

  • Lowercase Letters only: 26 options over 8 spaces give 217,180,147,158 possible passwords.
  • Lower & Upper: 52 options over 8 spaces gives 54,507,958,502,660 possible passwords.
  • Lower, upper, and symbols: 85 options over 8 spaces gives 2,757,344,598,609,560 possible passwords!

Read how to choose a strong password

Choosing a strong password

With the advent of social media (and everyone's habit of oversharing) it has become even easier to find out specifics about a person; who their parents are, where their first school was, their dogs name, or what their date of birth is. This means that you should never use personal information as part of your password, you should also keep this in mind when picking the answers to "secret questions" for password recovery or account management.

The easy way to come up with a good password is to pick a few words and form a sentence, by using proper punctuation you add in symbols (spaces, commas, full stops, etc) that increase the strength of your password. Sentences are also easier to remember than random strings of letters and numbers. You can also use this tactic to create custom passwords for each site, choosing sentences that remind you of the website (just don't use these!):

  •   Facebook: "Picture face on the wall!"
  •  Twitter: "The little blue bird sings!"
  •  Email: "Read messages inbox full!"

Choosing passwords which are made up of sentances increases both the strengh of your password but also your ability to remember a string password, the sentances above are a lot easier to remember than a random string of characters.

Take the next step towards awesome!

Awesome Passwords

An awesome password is the one that even you can't remember! It seems silly to pick a password that you can't remember, but that is the only way to pick a truly strong password.

Picking a random 30 character password with all the character types gives you a total of 216,922, 155,048,713,498,504,350, 916,418,738,969,077,524, 590,365,430,142,017,120 possible passwords, no one is going to guess or crack that any time soon! The only way that you are going to remember any passwords this strong is to use a password manager; a system which keeps track of all your passwords in a way that only you can access them.

Password managers act like a digital safe keeping a record of every password you use and on which site you use it; this way you only have to remember one password and you can make it a strong one. The password to your password manager should be a long sentence with several words and additional digits/symbols such as:

What is a password manager?

A password manager stores all your login information (usernames and passwords) for each website that you use; you can use the most complex password a website will allow without having to remember it. The credentials you store in a password manager are generally secured with an extra strong password, the last password you need to remember! Along with the master password, you will often require an additional encryption value to access the password manager for the first time on a new system.

Most password managers also come with a browser, mobile, and desktop applications to ensure you always have access to your stored credentials. Some are free and some come with a monthly fee attached, but for the price of a cup of coffee, you can drastically increase your online security. Along with credential storage, some offerings come with extra features such as the 1Password Watch Tower which checks your accounts against Have I Been Pwned dataset.

Which password manager?

The logo for the 'one password' password manager

There are a number of password managers available (1password.com, lastpass, dashlane, etc) all of which have, as with any software, their benefits and drawbacks. Personally (@jamesakadamingo) I use 1Password.com; I selected it after a lot of research and on the advice of some notable security professionals (Troy Hunt and Scott Helme to name two). You can read all about 1password.com over on their website.

Be The Ninja!
A photograph of a ninja

What to do next to become a Password Ninja!

  1. Start using a password manager
  2. Update your passwords accross all your services to secure passwords generated via your password manager
  3. Where possible enable Multi-Factor Authentication (read more).
  4. Subscribe to Have I Been Pwned to find out if you ever appear in a data-breach.
  5. Be the Ninja
A wooden stop sign

What not to do next!

The advice used to be 'passwords are like pants, keep them private and change them reguarly', unfortunatly changing passwords at set intervals encourages bad habits. People end up appending the year or month to their chosen password, or following some other predictable path.

Never write your password down, might not be such great advice! The best password is one that you can't remember, a password manager deals with this for you but not everyone is suited to a password management application. For an elderly person who only uses their computer at home a password book might not be such a bad idea (just make sure it is kept hidden away from the computer).