Password generator

It is recommended to have a password of at least 12 to 15 characters containing lowercase letters, uppercase letters, numbers and symbols. Having a password as such helps prevent being compromised by bruteforce and dictionary attacks. It is also very important never to divulge your password and not to reuse it on several different sites.

Bruteforce attacks

A bruteforce attack is a hacking technique that attempts to crack a password by testing all possible combinations of the word, one by one, through trial and error. It's a simple technique for attackers, but it loses its effectiveness against long passwords, as they have many more possible combinations.

When creating a password, it is recommended to use letters, numbers and symbols, here is why:

- There are 10 digits (0 to 9)

- There are 52 letters (26 lowercase and 26 uppercase)

- There are 32 special characters

Example #1: 'anti12' (36 possible characters (26 lowercase letters and 10 numbers)) => 36^6 = 2,176,782,336 possible combinations

Example #2: 'Anti12!' (94 possible characters (52 letters, 10 numbers and 32 special characters)) => 94^7 = 64,847,759,419,264 possible combinations

By simply adding a capital letter and a special character, 64,845,582,636,928 new combinations were added to the password.

Dictionary attacks

A dictionary attack is another type of bruteforce attack. The main difference from the previous method is that instead of testing all possible combinations, an attacker uses a list of commonly used words, phrases, or numbers.

Passphrases

A passphrase (or passphrase) is a password with a significant number of characters. These are very effective in preventing brute-force attacks. Passphrases usually contain a string of words that resemble a sentence to make them easier to remember, unlike traditional passwords. However, they can also be a string of nonsense words, which makes them stronger (e.g., ThisIsASuperComputerInTheJungle - 31 characters).

Single Sign-On

Some websites allow you to log in with single sign-on (also known as SSO). SSO offers several advantages. For example, there's no need to remember multiple passwords since only one set of credentials is required. Additionally, when used in a business environment, employees don't have to log in to multiple locations with multiple credentials.

Two-factor authentication (also known as 2FA) is an additional protection against password theft. Two-factor authentication is typically implemented on a mobile device. Therefore, if one of your passwords is stolen, the attacker still can't access your account without your approval on the mobile device. Therefore, they can't change the account password to steal it.

Bitwarden

Bitwarden is a password manager developed by Bitwarden Inc. that stores sensitive information (e.g., passwords) in an encrypted digital vault. This information is protected by a single password, the master password, which you must set to protect your other information. Bitwarden makes it easier to remember passwords and also helps generate strong passwords without having to memorize them by heart.

Additionally, Bitwarden is open-source (source code available to the general public) and freemium (basic features offered for free, but with paid plans for better services).

Bitwarden is available on multiple operating systems (Windows, Linux, MacOS), browser extensions (Chrome, Safari, etc.) as well as mobile apps (e.g. Android, iOS).

1Password

1Password, developed by AgileBits Inc., serves the same purpose as Bitwarden: securely storing passwords in one place. Unlike Bitwarden, 1Password is paid, but a 14-day trial version is available.

This manager is also available on several platforms such as Windows, Linux, Android or iOS.