Password Generator: Strong, Secure & Random Password
To safeguard your passwords from hacking methods like social engineering, brute force, and dictionary attacks, and keep your online accounts secure, you should:
- Avoid using the same password, security question, and answer for multiple important accounts.
- Use a password that is at least 16 characters long and includes a combination of numbers, uppercase and lowercase letters, and special symbols.
- Avoid using personal information like the names of your family, friends, or pets in your passwords.
- Avoid using easily accessible information such as addresses, phone numbers, birthdates, ID card numbers, social security numbers, etc. in your passwords.
- Avoid using any dictionary words in your passwords. Strong passwords examples: ePYHc~dS*)8$+V-' , qzRtC{6rXN3N\RgL , zbfUMZPE6`FC%)sZ. Weak passwords examples: qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword.
- Avoid using similar passwords that have most characters in common, for example, ilovefreshflowersMac, ilovefreshflowersDropBox. If one of these passwords is stolen, it means all of them are compromised.
- Avoid using something that can't be changed such as fingerprints as passwords.
- Avoid letting your web browsers store your passwords, as they can easily be revealed.
- Avoid logging in to important accounts on other people's computers or when connected to public Wi-Fi, Tor, free VPN or web proxy.
- Use encrypted connections such as HTTPS, SFTP, FTPS, SMTPS, IPSec, etc. to send sensitive information online, as messages in unencrypted connections can be intercepted easily.
- To protect your Internet connections while traveling, you can encrypt them before they leave your device. This can be done by setting up a private VPN with protocols like WireGuard, IKEv2, OpenVPN, SSTP, L2TP over IPSec on your own server, or by creating an encrypted SSH tunnel between your device and your server, and configuring your browser to use a SOCKS proxy. This ensures that even if someone intercepts the data being transmitted between your device and server, they will not be able to steal your sensitive information and passwords from the encrypted data.
- To check the strength of your passwords and see if they are included in popular rainbow tables, you can convert them to MD5 hashes using a hash generator and then decrypt them by submitting the hashes to an online decryption service. For example, a password like "0123456789A" may take a computer almost a year to crack using a brute force method, but if its MD5 hash is submitted to a decryption website, it could be cracked in a matter of seconds.
- It is recommended to change your passwords every 10 weeks.
- It is recommended to remember a few master passwords and store the rest in an encrypted file using software like 7-Zip, GPG, or a disk encryption program. Alternatively, you can use a password management software to store your passwords.
- To ensure that you can retrieve your passwords in case of loss, it is important to encrypt and backup them in multiple locations.
- Whenever possible, turn on two-step authentication for added security.
- Avoid storing critical passwords in the cloud.
- To avoid phishing attempts, it is best to access important websites like PayPal directly from bookmarks, or by checking the domain name carefully. You can also use the Alexa toolbar to check the popularity of a website before entering your password.
- To protect your computer, use firewall and antivirus software, block all incoming and unnecessary outgoing connections, and only download software from reputable sources, verifying the MD5/SHA1/SHA256 checksum or GPG signature of the installation package if possible.
- Keep your operating systems and web browsers up-to-date by installing the latest security updates to ensure the security of your devices.
- To protect important files on your computer that may be accessed by others, it is important to check for hardware keyloggers such as wireless keyboard sniffers, software keyloggers and hidden cameras when necessary.
- If you have WiFi routers at home, it is possible for someone to detect the movements of your fingers and hands and deduce the passwords you type, especially if you have neighbors who are close by. In such cases, it is more secure to use an on-screen keyboard that changes layouts every time you use it.
- To prevent unauthorized access, always lock your computer and mobile phone when you are away from them.
- Before storing important files on your hard drive, encrypt the entire hard drive using tools like VeraCrypt, FileVault, LUKS or similar, and consider physically destroying the hard drive of old devices when necessary.
- To maintain privacy, access important websites in private or incognito mode, or use separate browsers for important and unimportant websites. Alternatively, access unimportant websites and install new software inside a virtual machine created using VMware, VirtualBox or Parallels.
- To minimize the risk of account compromise, use at least three different email addresses, one for important sites and apps like PayPal and Amazon, one for unimportant sites and apps, and a third from a different email provider, such as Outlook and Gmail, to receive password-reset emails in case the first one gets hacked.
- To safeguard your identity, use at least two different phone numbers and do not share the number you use to receive verification code text messages with others.
- To avoid phishing attempts, do not click links in emails or SMS messages, or reset passwords through them, unless you are certain they are legitimate.
- Never share your passwords via email with anyone.
- To protect against malware, avoid installing software or apps that have been modified by hackers, instead use web-based apps which are more secure and portable. Only install software or apps that are published to fix security holes.
- Be cautious when using online paste and screen capture tools, and ensure that they do not upload your passwords to the cloud.
- If you are a webmaster, do not store users' passwords, security questions, and answers as plain text in the database. Instead, store the salted (SHA1, SHA256, or SHA512) hash values of these strings and generate a unique random salt string for each user. Additionally, it is a good idea to log the user's device information (e.g. OS version, screen resolution) and save the salted hash values of them. If a user tries to log in with the correct password but their device information does not match the previous saved one, prompt them to verify their identity by entering another verification code sent via SMS or email.
- If you are a software developer, sign update packages with a private key using GnuPG and verify the signature using the public key published previously.
- To protect your online business, register your own domain name and set up an email account with that domain name. This way, you will not lose your email account or contacts, and your mail server can be hosted anywhere, making it impossible for the email provider to disable it.
- When making payments on an online shopping site that only accepts credit cards, use a virtual credit card instead.
- When leaving your computer, close your web browser to prevent cookies from being intercepted with a small USB device, which can be used to bypass two-step verification and log into your account on other computers.
- Disregard and remove bad SSL certificates from your web browser, as they will not ensure the confidentiality and integrity of HTTPS connections that use them.
- Encrypt the entire system partition or disable the pagefile and hibernation functions, as important documents can be found in the pagefile.sys and hiberfil.sys files.
- To prevent brute force login attacks on your dedicated servers, VPS servers, or cloud servers, install intrusion detection and prevention software such as LFD (Login Failure Daemon) or Fail2Ban.
- Whenever possible, use cloud-based software instead of installing it on your local device, as there are more and more supply-chain attacks that install malicious applications or updates on your device to steal your passwords and gain access to sensitive information.
- To ensure the integrity of your files and detect any Trojan files or programs with backdoors, it is recommended to generate the MD5 or SHA1 checksums of all files on your computer using software like MD5Summer, and save the results. Then, compare the checksums of the files with the saved results on a daily basis.
- To enhance security, large companies should implement and utilize an Artificial Intelligence-based intrusion detection system, including network behavior anomaly detection tools.
- To secure important servers and computers, only allow connections or logins from whitelisted IP addresses.