Choosing a good password
The weakest point in any security for your online accounts is usually your password. At ArmBeep, we go to great lengths to make sure your content is secure, protected, and can’t be accessed by anyone other than you.
But if someone else is able to guess or retrieve your password, they will bypass almost every security measure we have because ArmBeep will see this person as you. They could then make any changes they wish including the deletion of your content.
To avoid this scenario, this guide will help you create strong passwords that are hard to guess or crack. Read through the following tips and double-check your own password. If you feel your password isn’t secure enough, we strongly recommend that you change it immediately.
Traditional Passwords Are No Longer Safe
Password-cracking techniques have matured quickly and significantly in the past few decades, but the way we create our passwords hasn’t kept pace. As a result, the most common advice you’ll hear about creating a strong password today is very outdated and impractical and involves using symbol replacements, mixing character cases, special characters and numbers.
A password created with that advice, like se$Tre#aZ%4k, is very easy for a computer to break and very difficult for a human to remember and extremely cumbersome to enter on a mobile device virtual keyboard.
Note that the latest and most effective types of password attacks can attempt up to hundreds of billion guesses per second, and that number will no doubt increase significantly over the next few years.
Creating a strong password today requires modern techniques, and we’ll show them to you in the next section.
Choose a Modern Method
There are many different approaches to generating a strong password, but password managers and passphrases are the best, especially when used together.
Use a Password Manager – A password manager is a software application on your computer or mobile device that stores (and can generate) strong passwords and puts them in a secure database. You use a single passphrase to access the database, and then the manager will automatically enter your username and password into a website’s login form for you. This is very practical, but has drawbacks when you use different mobile devices and computers other than your own. That’s why the second complementing method is useful. When selecting a password manager, consult your favourite web search and read up on features that might apply to you and definitely read comments from other users on usability, compatibility and privacy. Never use a password manager that stores your passwords “in the cloud”.
Create a Passphrase instead of a Password – A passphrase is similar to a password, except that it’s based on a random collection of words, rather than just one. For example, yellow water Plane $5 bright (typed without spaces, of course).
Because the length of a password is one of the primary factors in how strong it is, passphrases are much more secure than traditional passwords. At the same time, they are also much easier to remember and type, even on a mobile device.
They do not look as strong as the kinds of passwords generated by password managers, but they’re a very good option, especially if you just add additional elements such as capitalization, symbol and a number like in the example above. This will enable your passphrase to go through rudimentary checks of password strengh. At ArmBeep, we do require your passwords to be at least 8 characters in length (please make them at least 16, for your security), at least one number and at least one capitalization change.
Having trouble thinking of a passphrase?
Never use words that would be related to you in any way such as people or pet names, towns, cities, dates, any favourite colors, dishes, brands. The phrase also should not seem to make any sense when read out. Seems difficult? For assistance, check your password manager and get ideas from online passphrase generators, such as XKCD.
DO NOT REUSE YOUR PASSPHRASE!
Once you find a passphrase you are comfortable with, do not ever reuse it on any other web site or service. We make extra sure that we do not store your credentials in a recoverable form but other online services you might use the same username and password for may not, thus voiding our efforts. Consult haveibeenpwned.com to see if your email address and password have been harvested from any compromised site you used in the past.
KEEP YOUR EMAIL ACCOUNTS SAFE!
ArmBeep uses your email to confirm ArmBeep account activation, reset password link and for notification on any profile change. If someone gains access to your email account they can reset your ArmBeep account password and make any change to your account, including deleting your data. That is why we recommend you to keep two email accounts – a primary and a recovery email (both of which are used in a forgotten password scenario) and have unique and strong passwords for them.
Monitor your login history
If you are concerned about access to your ArmBeep information, you should regularly check Login History in the Account panel on the ArmBeep web portal to see whether you can identify all successful logins as your own. In case you suspect someone else logging in with your credentials, we suggest that you revoke all active sessions and change your account password immediately.