Randomness
What is randomness?
Randomness is the property of lacking structure or organization, or otherwise being unpredictable. In the context of digital security, randomness plays an important role in cryptography and encryption—often used to generate random strings of characters and numbers known as “keys.”
Why is randomness important in security?
Security fundamentally depends on secret information, such as passwords and encryption keys. These passwords and keys are used to protect access to data and systems, but they can only serve that purpose if they’re kept secret. To stay secret, they must be random enough to be unguessable even to hackers and sophisticated computer programs.
A password that isn’t random, like “LetMeIn2023”, can be easily guessed by someone trying to break into an account. A password that’s long and random, like “z5W!j%5FySnnHK”, will be impossible for a hacker to guess within a person’s lifetime, even if they could try thousands of passwords every second.
How do I create a good, random password?
The best practice is to use password manager software to generate long, random passwords, and to store them so you don’t have to remember them. You should always use a different password for every single account and service, and a password manager is great for generating these unique, unrelated passwords. Major browsers, including Brave, have password manager functionality built in. There are also standalone password manager apps, usually with accompanying browser extensions.
When you use a password manager, you’ll need to create a master password that’s long and random, but still memorable. There are many different techniques for doing this, but here is some general advice:
- It should be at least 14 characters long, and ideally longer.
- It should not be a common word, phrase, or name, or a simple variation of one of those things (like replacing the letter “S” with a “$”).
- If it does contain words, they should not follow a recognizable sequence, or even have a logical relationship to one another.
- It should contain at least a few numbers and special characters.
- It should have no connection to your personal information, such as your date of birth or a family member’s name.
- Only use it as your password manager’s master password; never anywhere else.