Strangecode Password Guide

Hackers (and their bots) target accounts with weak passwords and accounts with passwords exposed in a data breaches. A person (or bot) with unauthorized access to your account can read your email, spam your address book, corrupt your files, delete or modify important information, and consume server resources.

To keep your account safe:

Use a different password for every account

If you reuse passwords, multiple online accounts could be at risk if the password is exposed.

Beware of social engineering

Don’t share your password with anyone who asks for it. No Strangecode technician will ever ask you for your password.

Beware of phishing attempts

Don’t click links in suspicious emails. An attacker may display a fake log-in form in an attempt to steal your password. Navigate to log-in forms directly rather than clicking untrusted links in emails.

Use a password manager

Generate long, unique password and store them in an encrypted database with a master password. Good options:

• Bitwarden (open source; cloud + multi-platform).
• 1Password (commercial; multi-platform)
• KeePassXC (open source; multi-platform). Getting started with KeePassXC.
• Keepassium (KeePass client for iOS)
• Keepass2Android (KeePass client for Android)
• pass (command-line only; *nix platforms).

Enable two-factor authentication

If your service supports 2FA, this will keep your account safe even if your password is exposed.

What is a strong password?

• Extremely hard to guess, but easy to remember.
• Contains more than 12 characters with mixed-case letters, numbers and punctuation (e.g., 2kHq%bAA@12j).
• Contains more than 20 characters if using a pass-phrase (e.g., dentist donkey window clap).
• Does not use any character patterns (poor choices: 123abc or xoxoxo) or keyboard patterns (bad: qwerty or asdfasdf) or a word combined with a pattern (bad: awesome411).
• Does not contain any personal information, such as: birth dates, account numbers, pet names, old phone numbers, addresses, zip codes, or the sports team you played in college.

Two methods for generating passwords:

• Use a password manager to generate a long, truly random password (e.g., Vbe@6Z#QA2cP2-K0jf+!Im2H\tt83&hjj**-K1fi). See recommendations above.
• If you store password in your head, don’t use passwords; use pass-phrases. Choose three-to-five random words, joined by spaces or punctuation (e.g., solar ugly cat lethargic or pop*bang*granola*OK). In terms of security, sheer length is superior to a shorter but random mix of characters. This method creates very strong but easily remembered passwords. For a visual explanation why see this popular XKCD comic.

Further reading

• Get notifications when your password is exposed in a data breach with the have i been pwned service.
• Further guidelines for strong passwords: Wikipedia and security evangelist Bruce Schneier.
• More on passwords versus pass-phrases: Wikipedia, Jeff Atwood, and Agile Bits on the math behind better passwords.
• A computer that can cycle through 350 billion password guesses per second can crack any eight-character password in 5.5 hours.

Still need help? Send us a message.

• About
• Consulting
• Hosting
• Contact

• Strangecode LLC
• Policies
• Make a payment
• Log in