In today’s digital world, the use of strong passwords is essential to ensuring the security of our online accounts and private information. But keeping track of the multiple unique usernames and passwords necessary to access dozens of online accounts has become a challenging task. Many of us end up recording passwords on post-it notes or using the same password for multiple online services. Unfortunately, the more places a password is used or written down, the more likely you are to get hacked.
Information theft is among the “fastest rising consequences of cybercrime to date,” according to the 2018 study commissioned by Accenture Security. You might wonder how it’s possible for threat actors to “guess” their way into your private account. The reality is, people are not doing the heavy lifting for hacking passwords and stealing our information, computers are. Computers automate the password hacking process and can produce thousands of guesses per second. This means the technique of replacing letters with symbols in one’s password may only take the computer a few extra seconds to crack, while making it significantly harder for the user to remember.
Our founder and CTO at Bitwarden, Kyle Spearrin, ran a series of example passwords through a password strength testing tool and monitored the time it would take for a computer program (like those used by modern threat actors) to crack each password. The results of this exercise might surprise you. Here’s a sample of the data:
First and foremost, your password should be completely random. The words, numbers, symbols you choose to include in your password must be unique, use enough unusual characters, and be long enough to ensure the necessary level of complexity.
Strong passwords can be randomly generated for free and automatically using the Bitwarden Strong Password Generator, now available for public use on our website. With this free tool, you can generate random passwords based on the guidelines you define for each of your online accounts. As pictured below, you can customize the password generator settings, then evaluate your password strength score and the estimated time it would take for a hacker to crack it.
Generate great passwords using the Bitwarden Password Generator.
Pro Tip: Randomly generated passphrases are equally as secure as your more standard password type — but they are often easier to remember. For example:
racoon_doorknob_spacecraft. If you use a password management solution like Bitwarden, we recommend using a passphrase for your master password.
For those interested in testing the strength of current passwords, you can do this safely and automatically using the free Bitwarden Password Strength Tester. Simply begin typing any existing or desired password into the open text field, and the Bitwarden password checker will display your password strength rating and automatically calculate and display in the ‘Evaluation’ section below.
Put your passwords to the test with the Bitwarden password strength tester.
It’s important to note that users of our free password security tools never have to worry about the privacy of their information. The data processed through the Bitwarden Password Generator and the Bitwarden Password Strength Tester is never transmitted to our servers and is only processed locally in your device's web browser window.
Once you generate a password and confirm it passes the strength test, how do you safely store your password information and retrieve it later, or share it with family members or coworkers? This is where password managers come in. A password manager, like Bitwarden, stores your passwords in an encrypted vault that can only be accessed by you using your master password (and two-factor authentication if you have that enabled, which is a good idea). Once you’ve set up a password management account, accessing and sharing your information with people in your family, team, or organization becomes easy and secure.
The password management solution you choose should be able to operate across multiple browsers, extensions, operating systems, and devices, and have the flexibility to be self-hosted or deployed in the cloud. At Bitwarden, we also value the power of being open source. Being open source offers a variety of benefits, such as our ability to leverage public expertise to help us monitor the ongoing quality and security of our product code.
When Kyle Spearrin founded Bitwarden in 2016, his goal was to create a free, open, and secure way for anyone to store, access, and share information online. Today, we continue to believe everyone should have access to free online security resources. So, in honor of World Password Day, we encourage all internet users to take control of their own password security using the tools available now on our website (no registration required):
To learn more about how you can take control of your sensitive information online, be sure to visit our blog where we publish fresh content regularly, or join the conversation happening now in our online Bitwarden Community Forum.
Editor's Note: This article was originally written on May 7th, 2020 and was updated on July 23rd, 2022.