The importance of a good password
We use passwords for everything these days: from important things, like Exodus, our bank and our email, to the most trivial, like an obscure blog we registered once only to never visit again. Our passwords give us access to all of our information online and offline, which is a testament to how important they are. And yet, we don't pay much attention to how secure they are when we create them. Yes, we make sure to use symbols and numbers and mixed capitalization here and there, but how good really are our passwords?
How do I create good passwords?
A strong password isn't necessarily a good password. More important than its strength is its uniqueness. This means that a good password must be different than any other password you use and ideally different than what anyone else uses. P@$$w0rd23 is a strong password, but it's definitely not good.
The best password is a random password. And the best way to create those is by using a dedicated password manager app, like 1Password, LastPass or KeePass. These apps can create random passwords up to 64 characters long that they remember for you and fill out automatically. And because they are designed with security in mind, you can feel pretty confident that your passwords are safe.
If you decide against using a password manager (not recommended) or trying to think of a good master password for it, here are some tips for human created passwords:
- Don't use any information that is available to anyone, like birthdays, names or things like that.
- The best passwords, being both easy to remember and hard to crack, are random words. This may sound counterintuitive but it's true; even four, randomly selected words are stronger than the passwords we usually create. However, randomness is the key factor here, which is why we bolded it three times. Have a look here for the famous "correct horse battery staple" example: https://xkcd.com/936/
- If you have to (or want to) use symbols and mixed capitalization avoid using the expected ones:
- Don't capitalize the first letter, capitalize a random one. Instead of Password, use passwoRd.
- Don't append a number at the end, ie. avoid password1; instead use pas4sword.
- Don't use the usual letter symbol substitutions, like a = @ and s = $. Instead of p@ssword, use passwo%*rd
- Make it long, at least 16 characters long
- Use a non-Latin alphabet and non-English words if you can.
But remember: Creating a good, random password and then use variations of it on different sites undoes the whole effort! For more on that, read on.
Why should my Exodus password be different than any other password?
Actually, all your passwords should be different between them, as we discussed, but for now let's focus on your Exodus password.
Your Exodus password protects your wealth by preventing anyone with access to your computer from opening Exodus and send out your money. This is extremely important if you live or work in a place where other people may access your desk while you not paying attention.
For those with earlier version of Exodus who crated an encrypted email backup link, your password is the decryption key. This means that whoever has access to your backup link and your password can restore your wallet on any computer and access your funds.
Note: The email backup link is only applicable to wallets downloaded before version 19.2.1
This makes it clear why your Exodus password needs to be unique. If your password is the same as your email or Facebook password, then whoever knows that can simply open Exodus and send your money to themselves. And remember: Blockchain transactions are irreversible.
Additionally, the email backup link is worthless on its own, only the password enables the link to grant access to your funds. Unfortunately, though, online services get hacked all the time and login information stored on their servers, like emails and passwords, falls into the hands of the hackers.
Exodus does not store any of your private information, which is why we can't recover your password, so if our servers were to get hacked the hackers would find nothing.
The Chrome password manager conundrum
If your password falls into the wrong hands and is the same or even similar to your Gmail password and you don't have 2FA enabled, then it's likely that the hackers willgot access to many more passwords.
Google Chrome has a feature that asks you if you want to save your login credentials for the various sites you visit and automatically fills them in every time after that. It works like a password manager, but not as good. Because the thing is that whoever has access to your Google account can see all these passwords stored by Chrome plain as day! So, if your Gmail account was to be compromised then the threat would become way bigger, not only to Exodus but to all your accounts.
If your passwords are all different from each other, however, then even if one account is compromised the rest remain safe and so does your wealth in Exodus.
Want to learn more about how to secure your wealth? Have a look at our comprehensive security guide: