The Importance of a Good Password
We use passwords for everything these days: from important things, like Exodus ;), our banks and our email to seemingly trivial things like an obscure blog.
Our passwords give us access to a lot of information—online and offline. And yet, sometimes, we don't pay much attention to how secure they are when we create them. We may use symbols and numbers and mixed capitalization here and there, but is that enough?
How do I create good passwords?
A strong password isn't necessarily a good password. More important than its strength is its uniqueness. This means that a good password must be different than any other password you use and ideally different than what anyone else uses.
The best password is a random password. And the best way to create those is by using a dedicated password manager app, like 1Password, LastPass or KeePass. These apps can create random passwords up to 64 characters long. The app remembers your passwords and fills out automatically. And because they are designed with security in mind, you can feel pretty confident your passwords are safe.
If you decide against using a password manager (not recommended) or trying to think of a good master password for it, here are some tips for human-created passwords:
- Don't use any information that is available to anyone, like birthdays, names or things like that.
- The best passwords, being both easy to remember and hard to crack, are random words. This may sound counterintuitive but it's true; even four, randomly selected words are stronger than the passwords we usually create. However, randomness is the key factor here, which is why we bolded it three times. Have a look here for the famous "correct horse battery staple" example: https://xkcd.com/936/
- If you have to (or want to) use symbols and mixed capitalization avoid using the expected ones:
- Don't capitalize the first letter, capitalize a random one.
- Don't append a number at the end, add one within.
- Don't use the usual letter symbol substitutions, like a = @ and s = $.
- Make it long—at least 16 characters long.
- Use a non-Latin alphabet and non-English words if you can.
But remember: Creating a great password and then using variations of it on different sites undoes the whole effort!
Why should my Exodus password be different than any other password?
Actually, all your passwords should be different, as we discussed, but for now let's focus on your Exodus password.
Your Exodus password protects your wealth by preventing anyone with access to your computer from opening Exodus and sending out your money. This is extremely important if you live or work in a place where other people may access your desk while you are not paying attention.
For those with earlier version of Exodus who created an encrypted email backup link, your password is the decryption key. This means that whoever has access to your backup link and your password can restore your wallet on any computer and access your funds.
Note: The email backup link is only applicable to wallets downloaded before version 19.2.1
This makes it clear why your Exodus password needs to be unique. If your password is the same as your email or Facebook password, then whoever knows that can simply open Exodus and send your money to themselves. And remember: Blockchain transactions are irreversible.
Additionally, the email backup link is worthless on its own, only the password enables the link to grant access to your funds. Unfortunately, though, online services get hacked all the time and login information stored on their servers, like emails and passwords, falls into the hands of the hackers.
Exodus does not store any of your private information, which is why we can't recover your password. If our servers were to get hacked, the hackers would find nothing.
The Chrome password manager conundrum
If your password falls into the wrong hands AND is the same or even similar to your Gmail password AND you don't have 2FA enabled, it's likely the hackers will be able to reveal all your passwords!
Google Chrome has a feature that asks if you want to save your login credentials for the various sites you visit to automatically fill them in. It works like a password manager, but not as secure. Because whoever has access to your Google account can see all your passwords stored by Chrome plain as day! If your Gmail account is compromised and you're saving all your passwords with Google Chrome then all your online accounts are at risk.
Want to learn more about how to secure your wealth? Have a look at our comprehensive security guide: https://support.exodus.io/article/767-how-do-i-keep-my-money-safe