Our approach is quite simple and straightforward:
Root password + Tool to be used
It consists in the use of a root password (for all your passwords) and a specific word for the tool or service you will use.
With this approach we will have a unique password per service, easy to remember (same root) and strong enough
to protect us with a minimum of guarantees (more than 16 characters with numbers, symbols, uppercase and lowercase).
Thanks to this approach we will keep all our passwords safe even if one of them is compromised, and it will help us to easily identify possible leaks we may have (for example, in the case of receiving an extortion email with our password included
To have an even stronger password structure, you can also use a root password per category (for example: one for social networks, another for streaming services, another one for financial services...), such as:
- Base password for financial services
- Final password for a paypal account
- FInal password for a bank account
You can easily check how strong are these passwords (click over the passwords to copy them) with tools like "How secure is my password?"
or this artificial neural network developed by Carnegie Mellon University
- Spoiler: it would take a contemporary computer hundreds of generations to crack this kind of passwords
What about Password Managers?
They are pretty easy and safe to use, but you still need one master password to access them.
You have to rely on that third party software and assume it is operative at any time.
Many of the most popular ones could potentially leak unencrypted credentials and passwords (check this Independent Security Evaluators (ISE)'s research
What about Password Generators?
Many of them will give you very strong passwords, but almost impossible to memorise.
Many of them will give you memorable passwords according to them, but those passwords are based on their own library of words without letting you select the base to build your real memorable password.
Do not use the same password for multiple accounts
If available, always use a two-factor authentication (F2A)
Nothing is 100% secure --> you are the ultimate firewall to ensure security for you and those around you
Regularly check if your personal data has been compromised with tools like "Have I Been Pwned?"
Be even more secure by turning airplane mode on --> this website is a progressive web app (pwa), therefore this app works without internet connection
This app is open source and free software under the license GNU GPLv3 --> just have a look at the source code and play around
None of the tools/pages linked above are related to onPASSWORD One in any way --> they have been linked to provide context and information