Password Security Basics — Create Strong Passwords and Use a Password Manager
In this tutorial, you'll learn about Password Security Basics. We cover key concepts, practical examples, and best practices.
Learn password security basics: create strong passwords, use a password manager, enable two-factor authentication, and protect your online accounts.
What You'll Learn
By the end of this tutorial, you will know how to create strong passwords that are hard to crack, how to use a password manager to store them safely, and how to enable two-factor authentication for extra protection.
Why It Matters
Weak passwords are the number one cause of account breaches. A single compromised password can lead to identity theft, financial loss, and leaked personal data.
Real-World Use
Durga Antivirus Pro includes a password health checker. It scans your saved passwords and flags weak, reused, or compromised ones. Understanding password security helps you use such tools effectively.
Your Learning Path
flowchart LR
A[Backup Strategies] --> B[Password Security]
B --> C[Online Safety]
C --> D[Email Basics]
D --> E[Career Paths in Tech]
B --> F{You Are Here}
style F fill:#f90,color:#fff
What Makes a Password Strong
A strong password has three qualities:
| Quality | Why It Matters |
|---|---|
| Long (12+ characters) | Every extra character makes guessing exponentially harder |
| Random | No dictionary words, names, or common patterns |
| Unique | If one site is breached, other accounts stay safe |
Weak vs Strong Examples
| Password | Strength | Why |
|---|---|---|
password123 |
Very weak | Common word, simple number pattern |
FluffyCat2024! |
Weak | Dictionary words with simple substitutions |
J8k#mP2$xL9@qR5 |
Strong | Random, long, mixed characters |
How Hackers Crack Passwords
flowchart LR A[Hacker steals password database] --> B[Offline cracking begins] B --> C[Brute force: try every combination] B --> D[Dictionary attack: try common words] B --> E[Rainbow table: precomputed hashes] C --> F[Password cracked or not] D --> F E --> F
A 12-character random password would take millions of years to brute force. A 6-character lowercase word takes seconds.
Password Strength Calculator
import math
def password_entropy(length, charset_size):
entropy = length * math.log2(charset_size)
return entropy
# Lowercase only: 26 characters
weak_entropy = password_entropy(6, 26)
print(f"6-char lowercase entropy: {weak_entropy:.0f} bits")
# All characters: 94 characters
strong_entropy = password_entropy(16, 94)
print(f"16-char random entropy: {strong_entropy:.0f} bits")
Expected output:
6-char lowercase entropy: 28 bits
16-char random entropy: 105 bits
Each bit doubles the time to crack. A 105-bit password is billions of times stronger than a 28-bit one.
Using a Password Manager
A password manager stores all your passwords in one encrypted vault. You only need to remember one master password.
| Password Manager | Free Tier | Platforms |
|---|---|---|
| Bitwarden | Yes | Windows, macOS, Linux, iOS, Android |
| 1Password | No | All major platforms |
| KeePassXC | Yes, open source | Desktop only |
| Apple iCloud Keychain | Free with Apple devices | Apple ecosystem only |
How to Start
1. Download Bitwarden or KeePassXC
2. Create a master password (make it very strong)
3. Start adding your accounts
4. Install the browser extension for auto-fill
5. Use the built-in password generator for new accounts
Two-Factor Authentication (2FA)
2FA adds a second check beyond your password. Even if someone steals your password, they cannot log in without the second factor.
| Type | Example | Security Level |
|---|---|---|
| SMS code | Text message code | Medium (SIM swap risk) |
| Authenticator app | Google Authenticator, Authy | High |
| Hardware key | YubiKey | Very high |
Enable 2FA on Your Accounts
1. Go to account settings
2. Look for "Security" or "Two-Factor Authentication"
3. Scan the QR code with your authenticator app
4. Enter the code shown in the app
5. Save the backup codes somewhere safe
Checking for Breaches
Websites get hacked and passwords leak. Check if your accounts have been compromised:
# Check if your email appears in known breaches
# Visit: https://haveibeenpwned.com
# Or use the API:
curl -s "https://haveibeenpwned.com/api/v3/breachedaccount/your-email@example.com"
Creating Memorable Passwords (Diceware Method)
Instead of random characters, use random words:
correct-horse-battery-staple-bicycle
This is easier to remember and very strong. Four random words from a 7776-word list has 52 bits of entropy. Five words have 65 bits.
# The password above has high entropy because:
# - Each word is randomly chosen from a large list
# - The words have no logical connection
# - There are at least 5 words
words = ["correct", "horse", "battery", "staple", "bicycle"]
entropy = len(words) * math.log2(7776)
print(f"Five-word passphrase entropy: {entropy:.0f} bits")
Expected output:
Five-word passphrase entropy: 65 bits
Common Mistakes Beginners Make
1. Reusing Passwords Across Sites
If one site gets breached, hackers try the same email and password on other popular sites. Use a unique password everywhere.
2. Using Personal Information
Birthdays, pet names, and street names are easy to guess from social media. Never use personal information in passwords.
3. Writing Passwords on Sticky Notes
Sticky notes are visible to anyone who walks past your desk. Use a password manager instead.
4. Sharing Passwords via Email or Text
Email and text messages are not encrypted end-to-end by default. Use a secure sharing method if you must share.
5. Ignoring Breach Notifications
If a service tells you your password was compromised, change it immediately. Do not wait.
6. Not Using 2FA When Available
2FA blocks 99.9% of account takeover attacks. Enable it on every service that offers it.
7. Using Password Hints That Give Away the Answer
"What is my favorite color?" answered with "Blue" is not a hint. It is the password itself. Use hints that only make sense to you.
Practice Questions
1. What makes a password strong? Length (12+ characters), randomness (no words or patterns), and uniqueness (not used on other sites).
2. How does a password manager help you? It generates, stores, and auto-fills strong random passwords so you only need to remember one master password.
3. What is two-factor authentication? An extra layer of security that requires a second verification method (like a code from an app) in addition to your password.
4. What should you do if a service notifies you of a breach? Change your password on that service immediately. If you reused that password elsewhere, change it there too.
5. Challenge: Use a password manager's built-in generator to create a 16-character random password. Save it in your vault. Then enable 2FA on your email account using an authenticator app.
Try It Yourself
Download a password manager (Bitwarden is free and open source). Install the browser extension. Generate a strong password for a new account or update an existing account. Then enable two-factor authentication on at least one account. Write down the date you set this up and test logging in with 2FA to confirm it works.
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro