- The longer the password, the better. Based on the Terahash example above, a 10-character or longer password appears safe, for now.
- The more complex the password, the better. Random passwords are the strongest option, but at the least, ensure that you have at least one lower-case character, an upper-case character, a number, and a special character like an &, #, or ]. The more, the better.
- Password managers are probably the best solution for password management.
It bears repeating: A password manager—we’ve reviewed the best paid password managers, and we’ve also looked at the best free password managers—is the strongest and the most convenient solution. Why wrestle with coming up with a list of long, complex passwords if a service will do it for you?
That’s what makes password cracking so fascinating. It’s both trivially easy to crack a password—and next to impossible. The difference between the two depends on the choices you make.
Thanks to Carlos Suarez and his Hashcat YouTube tutorial for supplying the command-line interface to apply hashcat to an MD5 hash.