Strong Random Password Generator

Passwords are the keys to your online accounts. If a hacker gets your password, they can access your bank accounts, email, social media, and more. Here are some tips on how to prevent your passwords from being hacked:

1. Use different passwords for each account. This is the most important tip. If you use the same password for multiple accounts, and one of those accounts is hacked, then all of your accounts are at risk.

2. Make your passwords strong. A strong password is at least 16 characters long and includes a mix of uppercase and lowercase letters, numbers, and symbols.

3. Don't use dictionary words or personal information in your passwords. Hackers can easily guess passwords that are made up of dictionary words or personal information.

4. Don't write down your passwords. If you need to write down a password, store it in a safe place.

5. Change your passwords regularly. Hackers can sometimes crack passwords that are reused over time.

6. Use a password manager. A password manager can help you to generate and store strong, unique passwords for all of your accounts.

7. Enable two-factor authentication. Two-factor authentication adds an extra layer of security to your accounts. When you enable two-factor authentication, you will need to enter a code from your phone in addition to your password when you log in.

8. Be careful about what links you click on. Hackers often send phishing emails that contain links that look like they lead to legitimate websites, but actually lead to fake websites that are designed to steal your passwords.

9. Keep your software up to date. Software updates often include security patches that can help to protect your accounts from hackers.

10. Be aware of the risks of public Wi-Fi. Public Wi-Fi networks are often not secure, so you should avoid using them to access sensitive information.

11. Use a password generator to create strong passwords that are easy for you to remember.

12. Use a different password for your email account than you use for your other accounts. This is because your email account is often the gateway to other accounts, so if a hacker gets your email password, they can easily access your other accounts.

13. Be careful about what information you share online. Don't share your passwords with anyone, even friends or family.

14. Keep an eye out for phishing emails. Phishing emails are emails that look like they come from a legitimate source, such as a bank or credit card company. They often contain links that, when clicked, will take you to a fake website that looks like the real website. If you receive an email that asks for your personal information, don't click on any links in the email. Instead, go directly to the website of the company that the email claims to be from and log in there.

15. Use a VPN when connecting to public Wi-Fi. A VPN encrypts your traffic, making it more difficult for hackers to steal your data.

16. Back up your passwords. This way, if you lose your password, you can easily recover it.

17. Do not store your critical passwords in the cloud.

18. Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not a phishing site before entering your password.

19. Protect your computer with firewall and antivirus software, block all incoming connections and all unnecessary outgoing connections with the firewall. Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.

20. Keep the operating systems( e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux ) and Web browsers( e.g. FireFox, Chrome, IE, Microsoft Edge ) of your devices( e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet ) up-to-date by installing the latest security update.

21. If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when you feel it's necessary.

22. If there are WIFI routers in your home, then it's possible to know the passwords you typed( in your neighbor's house ) by detecting the gestures of your fingers and hands, since the WIFI signal they received will change when you move your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases, it would be more secure if this virtual keyboard( or soft keyboard ) changes layouts every time.

23. Lock your computer and mobile phone when you leave them.

24. Encrypt the entire hard drive with VeraCrypt, FileVault, LUKS or similar tools before putting important files on it, and destroy the hard drive of your old devices physically if it's necessary.

25. Access important websites in private or incognito mode, or use one Web browser to access important websites, use another one to access other sites. Or access unimportant websites and install new software inside a virtual machine created with VMware, VirtualBox or Parallels.

26. Use at least 3 different email addresses, use the first one to receive emails from important sites and Apps, such as Paypal and Amazon, use the second one to receive emails from unimportant sites and Apps, use the third one( from a different email provider, such as Outlook and GMail ) to receive your password-reset email when the first one( e.g. Yahoo Mail ) is hacked.

27. Use at least 2 differnet phone numbers, do NOT tell others the phone number which you use to receive text messages of the verification codes.

28. Do not click the link in an email or SMS message, do not reset your passwords by clicking them, except that you know these messages are not fake.

29. Do not tell your passwords to anybody in the email.

30. It's possible that one of the software or App you downloaded or updated has been modified by hackers, you can avoid this problem by not installing this software or App at the first time, except that it's published to fix security holes. You can use Web based apps instead, which are more secure and portable.

31. Be careful when using online paste tools and screen capture tools, do not let them to upload your passwords to the cloud.

32. If you're a webmaster, do not store the users passwords, security questions and answers as plain text in the database, you should store the salted ( SHA1, SHA256 or SHA512 )hash values of of these strings instead. It's recommended to generate a unique random salt string for each user. In addition, it's a good idea to log the user's device information( e.g. OS version, screen resolution, etc. ) and save the salted hash values of them, then when he/she try to login with the correct password but his/her device information does NOT match the previous saved one, let this user to verify his/her identity by entering another verification code sent via SMS or email.

33. If you are a software developer, you should publish the update package signed with a private key using GnuPG, and verify the signature of it with the public key published previously.

34. To keep your online business safe, you should register a domain name of your own, and set up an email account with this domain name, then you'll not lose your email account and all your contacts, since your can host your mail server anywhere, your email account can't be disabled by the email provider.

35. If an online shopping site only allows to make payment with credit cards, then you should use a virtual credit card instead.

36. Close your web browser when you leave your computer, otherwise the cookies can be intercepted with a small USB device easily, making it possible to bypass two-step verification and log into your account with stolen cookies on other computers.

37. Distrust and remove bad SSL certificates from your Web browser, otherwise you will NOT be able to ensure the confidentiality and integrity of the HTTPS connections which use these certificates.

38. Encrypt the entire system partition, otherwise please disable the pagefile and hibernation functions, since it's possible to find your important documents in the pagefile.sys and hiberfil.sys files.

39. To prevent brute force login attacks to your dedicated servers, VPS servers or cloud servers, you can install an intrusion detection and prevention software such as LFD( Login Failure Daemon ) or Fail2Ban.

40. If it's possible, use cloud based software instead of install the software on your local device, since there are more and more supply-chain attacks which will install malicious application or update on your device to steal your passwords and gain access to top secret data.

41. It's a good idea to generate the MD5 or SHA1 checksums of all files on your computer( with software like MD5Summer ) and save the result, then check the integrity of your files( and find trojan files or programs with backdoor injected ) every day by comparing their checksums with the result saved previously.

42. Each large company should implement and apply an Artificial Intelligence-based intrusion detection system( including network behavior anomaly detection tools ).

43. Allow only IP addresses that are whitelisted to connect to or log into the important servers and computers.