Avoid using just letters, or just numbers. A strong password must contain at least one special character, plus a mixture of uppercase and lowercase letters. Avoid placing commemorative dates, such as birth or marriage. Also avoid putting names. Ideally, it should be a string of random characters. Finally, do not use sequential letters or numbers, such as abcd or 1234.
That depends on the system and the company. But in professional systems, made by experts, the password is never stored! That's right. It sounds strange, but what must be stored is a hash (like a signature) of the password, the actual password is never stored, so only you know.
That's why it's not possible to recover your password, when you forget you have to create a new one, because the system doesn't have the password, only you had it. The system only saved the password hash. The most common thing is that these hashes are stored in databases on central computers (the famous servers).
Want an example? Suppose you have logged into a system and saved the password '123abc', the system will pass this password into a hashing algorithm (eg sha128), this algorithm will generate the hash '4be30d9814c6d4e9800e0d2ea9ec9fb00efa887b', and that hash will be saved in the database.
It's impossible to use the hash to guess your password, the most they can do is try and error (trillions of times), until they find a value that generates the same hash that your password generated.
On critical systems it is recommended that the password be changed at least every three months. Some systems automatically require you to change your password after a while. It is also important to change your password if you suspect it has been compromised, ie someone has discovered it.
There are a few ways to steal passwords. The three most common ways are:
1 - Installing a malicious program on your computer that will record everything you type on the keyboard and send it to the hacker. This program can be installed on your computer by carelessness, for example, when you download programs from suspicious websites and install them on your computer without doing an antivirus test first.
2 - The hacker managed to steal the website's database that kept the password hash. Now the hacker will use a good computer and a specialized program that will make trillions of attempts until breaking the hash and discovering your password, that is, until he finds a string that generates the same hash that your password generated. This string will be used as a password for him to access the systems pretending to be you.
3 - An employee has access to the database, he decided to steal the hashes to try to discover the passwords and commit frauds. Or he wants to sell the database on the internet to other people that want to commit frauds.
A password with ten numbers, an uppercase letter, a lowercase letter and a special character would take five months to be cracked by a good computer and with a specialized program, that is, it is a very secure password. If you add just two more letters, this time can go up to four thousand years, that is excellent.
A password using a common name, and sequential numbers, for example Eduardo123, is usually discovered in 16 seconds. That is, a hacker who steals the website's database (or a malicious employee who has access) can discover yours password in 16 seconds. Scary, isn't it? So be careful.
Some times trying to create one or many random passwords is pretty hard, and the outcome is never random enough. The ideia of this app is to give you a professional tool to create random passwords, easy and fast, with the click of a button.
Password generator, random password, strong password, special characteres password