Many people choose easy-to-remember passwords with personal significance, like: - `LakersForever123` - `Seattle1988!` These are easy for hackers to crack, especially if this personal info is publicly available on social media. *Are you a basketball fanatic from Washington born in 1988?* ## Security Risks Services might not store passwords securely. Here's two scenarios: 1. Worst: Passwords in plaintext - unprotected and readable by hackers. 2. Better: Securely hashed passwords but usernames/emails may still be exposed. ## Strong Passwords While more complex passwords (e.g., `LakERSJ0N4TH4N1988!`) are recommended, they're still vulnerable if tied to personal info. This complexity makes the password harder to crack using brute-force or **dictionary attacks** but tying it to personal info makes it more predictable. To learn more about how passwords get cracked, click here: [[How Passwords are Cracked]]. > [!tip]- Dictionary Attacks > A method in which attackers attempt to gain unauthorized access by systematically entering every word from a predefined list (often sourced from dictionaries) as a password or passphrase. Unlike brute-force attacks, which try all possible combinations, dictionary attacks target the human tendency to use common words or phrases. ## Best Practices **Length over complexity** is the best advice. Consider **passphrases** like: - `JonathanLovesLALakersEvenThoughHeIsFromSeattle` Or go for something entirely random: - `kZ5@M@Lt!Y9BzHjjQklO9#4% Regardless of what you do, consider a **Password Manager** for easy recall. There are many free and paid options on the market, like KeePassXc, Bitwarden, and 1Password. --- *Click here to learn more [[About Me]] and nickhacks.com*