To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, and keep your online accounts safe, you should notice that:
1. Do not use the same password, security question and answer for multiple important accounts.
2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.
3. Do not use the names of your families, friends or pets in your passwords.
4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.
5. Do not use any dictionary word in your passwords. Examples of strong passwords: ePYHc~dS*)8$+V-‘ , qzRtC{6rXN3N\RgL , zbfUMZPE6`FC%)sZ. Examples of weak passwords: qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword.
6. Do not use two or more similar passwords which most of their characters are same, for example, ilovefreshflowersMac, ilovefreshflowersDropBox, since if one of these passwords is stolen, then it means that all of these passwords are stolen.
7. Do not use something that can be cloned( but you can’t change ) as your passwords, such as your fingerprints.
8. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) to store your passwords, since all passwords saved in Web browsers can be revealed easily.
9. Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.
10. Do not send sensitive information online via unencrypted( e.g. HTTP or FTP ) connections, because messages in these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS, SFTP, FTPS, SMTPS, IPSec whenever possible.
11. When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a private VPN( with MS-CHAP v2 or stronger protocols ) on your own server( home computer, dedicated server or VPS ) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer( or a remote server of your own ) with PuTTY and connect your programs( e.g. FireFox ) to PuTTY. Then even if somebody captures your data as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer, they’ll won’t be able to steal your data and passwords from the encrypted streaming data.
12. How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company’s server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.
To check the strength of your passwords and know whether they’re inside the popular rainbow tables, you can convert your passwords to MD5 hashes on a MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is “0123456789A”, using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it? You can perform the test yourself.