Chapter 2 – Strong Passwords & Managers¶
Weak passwords are the root cause of most successful attacks. This chapter shows you how to create strong, unique credentials and manage them without frustration.
Password Strength Checker¶
Try it yourself – how strong is your password?
Enter any sample password below and see how long it would take an attacker to crack it.
All calculations run locally in your browser; nothing you type is stored or sent anywhere.
2.1 Why Passwords Still Matter¶
Passwords remain the most common method of authentication and they’re still the weakest link if not handled correctly.
Most breaches don’t start with hacking
They start with leaked or reused passwords from previous incidents.
2.2 What Makes a Password Secure?¶
A strong password is:
- Long – at least 12 characters
- Unpredictable – avoid dictionary words or common substitutions
- Unique – never reused across sites
- Not personal – no names, birthdays, pets, or hobbies
Examples:
7u4$F!q9vB*m2p
Summer2024!
Password123
Use passphrases for memorability
Something like: reflected-send-decorator-engine – long, hard to guess, easier to remember.
2.3 The Problem with Reusing Passwords¶
If you reuse passwords:
- One data breach compromises all reused logins
- Attackers use automated tools (credential stuffing) to try leaked combos
- Even services like Have I Been Pwned only reveal known breaches — there's no guarantee your reused password isn't already exposed elsewhere
Reused = Exposed
Once your password is out, it’s sold and reused across hundreds of services.
2.4 Introducing Password Managers¶
A password manager stores and generates strong passwords so you don't have to remember them all.
| Feature | Benefit |
|---|---|
| Encrypted vault | Keeps all your logins safe |
| Autofill functionality | Speeds up secure login |
| Cross-device sync | Access passwords on all your devices |
| Breach warnings | Alerts you if a saved site is hacked |
Popular tools:
- Bitwarden – Free, open source – can also be self-hosted.
A step-by-step guide for setting up a private Bitwarden instance will be provided soon. - 1Password – Paid, user-friendly with extras
- KeePass – Local only, ideal for offline use
A good manager is safer than your memory
You only need to remember one strong master password.
2.5 Getting Started with a Password Manager¶
- Choose a trusted password manager
- Create a strong master password (this is the only one you must remember)
- Import or manually add your existing logins
- Replace weak/reused passwords over time
- Enable 2FA for your password manager account
2.6 Self-Check: Your Password Hygiene¶
- I use unique passwords for every account
- My master password is strong and memorable only to me
- I have enabled 2FA for my password manager
Start with your email account
It controls access to most of your other logins. Secure it first.
- If all boxes are checked: Great! You're building a strong foundation.
- If not: No worries — this guide will help you fix each one step by step.