In my previous story How Artificial Intelligence Can Be Used For Password Guessing I have explained how AI can outperform password guessing tools. In this story I will talk about how to make a strong password, that is AI proof.
Just to reiterate the story
Since humans are predictable , we can see patterns in leaked passwords. Hackers can write rules for password generation using these patterns. Later, performing a dictionary attack will help in cracking the password. Group of researchers recently used neural networks to find these patterns and generate passwords. Hence made the process completely automated. They outperformed traditional password guessing tools.
So how do we make a password that cannot be guessed by AI ?
Don’t use first name, last name, interests, etc
Whenever you use social media, you leave a digital footprint. AI can analyse your public posts to find your interests. If you have used names of celebrity crushes or the cars , bikes you like etc. There is a good possibility that you are vulnerable.
Don’t use common phrases as passwords
Some people use bible verses or commonly spoken phrases as their passwords. This will be a part of the dictionary and can be cracked easily.
Avoid Leet Speak Passwords
People try to substitute letters in a word with numbers or symbols to avoid dictionary attack (like I10v3f0rd). But neural networks can generate such passwords studying leaked dictionaries.
Use a password generator/manager
I would suggest solutions like LastPass which can generate and store your passwords. Make sure you access such solutions with two-factor authentication.
Code a secret phrase
I would still suggest using a password generator. However, if you want to make a password that can be remembered, then use this technique. Write a memorable event of your life in two sentences (Make sure no one knows’s about it).
“The year 2013 was hard. Luckily, I was supported by my good friends Anand and Naresh.”
Now take the first letter of every word, keep numbers or symbols as it is. Combine them. Here is the password Ty2013whL,IwsbmgfAaN.
Check the strength of your password
Use password strength checker to find out how strong your password is. Make sure you do with tools that support offline mode like How Secure Is My Password.
Use different passwords for different accounts
The problem with using same passwords on multiple accounts is that. If one service gets hacked and the passwords are leaked. This would comprise your other account too.
Use two-factor authentication
Try using two-factor authentication as much as possible. So even if your password is compromised, the hacker won’t be able to log in. Though some suggest two-factor is insecure, this is still our best bet.