In order to prevent your password from being cracked by social information, brute force or dictionary attack, and to protect the security of your online account, you should pay attention to:

1. Don't use the same password, security questions and answers for multiple important accounts.

2. Use a password containing at least 16 characters, at least one number, one uppercase letter, one lowercase letter and one special symbol.

3. Don't use the names of family, friends or pets in your password. For example, in some cases, you have more than 100 bitcoins, and you should not let anyone know your password, even your parents are not reliable enough.

4. Don't use postal code, house number, telephone number, date of birth, ID number, social security number, etc. in your password.

5. Don't use any dictionary words in your password. Examples of strong passwords: epyhc ~ ds *) 8 $+v-',qzrtc {6 rxn3n rgl, zbfumzpe 6` fc%) SZ. Examples of weak passwords: qwert 12345, gbt3fc79zmmefufj, 1234567890, 987654321, Norton password.

6. Don't use two or more similar passwords with the same majority of characters, such as ilovefreshflowersMac and ilovefresh flowersDrop Box, because if one password is stolen, it means that all these passwords are stolen.

7. Don't use anything that can be cloned (but not changed) as a password, such as fingerprints.

8. Don't let your web browser (FireFox, Chrome, Safari, Opera, IE, Microsoft Edge) store your password, because all passwords stored in the web browser are easy to be leaked.

9. Don't log in to important accounts on other people's computers, and don't log in when connecting to public Wi-Fi hotspots, Tor, free VPN or network agents.

10. Don't send sensitive information online through unencrypted connections (such as HTTP or FTP), because messages in these connections can be sniffed easily. You should use HTTPS, SFTP, FTPS, SMTPS, IPSec and other encrypted connections whenever possible.

11. When traveling, you can encrypt the Internet connection before it leaves your laptop, tablet, mobile phone or router. For example, you can set up a private VPN with WireGuard (or IKEv2, OpenVPN, SSTP, L2TP over IPSec) on your own server (home computer, private server or VPS) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your computer and your own server, and configure Chrome or FireFox to use socks proxy. Then, even if someone uses a packet sniffer to capture your data while transferring it between your device (such as laptop, iPhone, iPad) and the server, they can't steal your data and password from the encrypted streaming data.

12. How secure is my password? Maybe you think your password is strong and difficult to crack. However, if a hacker steals the MD5 hash value of your username and password from the company server, and the hacker's rainbow table contains this MD5 hash value, your password will be cracked soon.

　　　　　To check the strength of passwords and know whether they are in the popular rainbow table, you can convert passwords into MD5 hashes on the MD5 hash generator, and then decrypt passwords by submitting these hashes to the online MD5 decryption service. For example, if your password is "0123456789A", it may take nearly one year for the computer to crack your password by brute force, but if you submit the MD5 hash (C8E7279CD035B 23BB9C0F1F954DFF5B3) to the MD5 decryption website to decrypt it, how long will it take to crack it? You can test it yourself.

13. It is recommended to change the password every 10 weeks.

14. It is recommended that you remember some master passwords, store other passwords in a plain text file, and encrypt this file with disk encryption software such as 7-Zip, GPG or BitLocker, or use password management software to manage your passwords.

15. Encrypt the password and back it up to a different location, and then if you lose access to your computer or account, you can get it back quickly.

16. Turn on two-step authentication as much as possible.

17. Don't store key passwords in the cloud disk.

18. visit important websites (such as Paypal, SNS.show) directly from bookmarks, otherwise, please carefully check their domain names. It is best to use Alexa toolbar to check the popularity of the website before entering the password to ensure that it is not a phishing website.

19. Use firewall and antivirus software to protect your computer, and block all incoming connections and all unnecessary outgoing connections through the firewall. Download the software only from reputable websites, and verify the MD5/SHA1/SHA256 checksum or GPG signature of the installation package as much as possible.

20. By installing the latest security updates, keep the operating systems (such as Windows 7, Windows 10, Mac OS X, iOS, Linux) and Web browsers (such as FireFox, Chrome, IE, Microsoft Edge) of your devices (such as Windows PC, Mac PC, iPhone, iPad and Android tablet) up to date.

21. If there are important files on your computer and others can access them, please check whether there are hardware keyloggers (such as wireless keyboard sniffers), software keyloggers and hidden cameras when necessary.

22. If you have a WIFI router at home, you can know the password you entered (in your neighbor's house) by detecting the gestures of your fingers and hands, because when you move your fingers and hands, the WIFI signals they receive will change. In this case, you can use the on-screen keyboard to type the password, which will be safer if this virtual keyboard (or soft keyboard) changes the layout every time.

23. Please lock the computer and mobile phone when you leave it.

24. Before putting important files on the hard disk, use VeraCrypt, FileVault, LUKS or similar tools to encrypt the whole hard disk, and physically destroy the hard disk of the old equipment when necessary.

25. Visit important Websites in private or anonymous mode, or use one web browser to visit important websites and another browser to visit other websites. Or visit unimportant websites and install new software in virtual machines created with VMware, VirtualBox or Parallels.

26. Use at least three different email addresses, use the first address to receive emails from important websites and applications, such as Paypal,Amazon,SNS.show, use the second address to receive emails from unimportant websites and apps, and use the third address (from different email providers, such as Outlook and GMail) to receive password reset emails when the first address (such as Yahoo Mail) is hacked.

27. Use at least two different phone numbers, and don't tell others the phone number you used to receive the verification code message.

28. Don't click on links in emails or text messages, and don't reset your password by clicking on it, unless you know that these messages are not false.

29. Don't tell anyone your password in email.

30. A software or application you downloaded or updated may have been modified by a hacker. You can avoid this problem by not installing this software or application at the first time, unless it is released to fix security vulnerabilities. You can use web-based applications, which are safer and more portable.

31. Be careful when using online paste tools and screen capture tools, and don't let them upload your password to the cloud.

32. If you are a webmaster, don't store user passwords, security questions and answers in the database in plain text, but store the hashed values of these strings (Sha1, SHA256 or SHA512). It is recommended to generate a unique random salt string for each user. In addition, it is best to record the user's device information (such as operating system version, screen resolution, etc.) and then, when he/she tries to log in with the correct password, but his/her device information does not match the previously saved password, let the user verify his/her identity by entering another verification code sent by SMS or email.

33. If you are a software developer, you should use GnuPG to publish an update package signed with a private key and verify its signature with the previously published public key.

34. In order to ensure the safety of your online business, you should register your own domain name and set up an email account with this domain name, so that you won't lose your email account and all your contacts, because you can host your email server anywhere and your email account can't be disabled by the email provider.

35. If an online shopping website only allows payment by credit card, then you should use virtual credit card.

36. Turn off the web browser when you leave the computer, otherwise cookies can be easily intercepted by small USB devices, so you can bypass the two-step verification and log in to your account with stolen cookies on other computers.

37. Do not trust and delete the wrong SSL certificates from your Web browser, otherwise you will not be able to ensure the confidentiality and integrity of HTTPS connections using these certificates.

38. Encrypt the whole system partition, otherwise please disable the page file and hibernation function, because your important documents can be found in pagefile.sys and hiberfil.sys files.

39. In order to prevent violent login attacks on your dedicated server, VPS server or cloud server, you can install intrusion detection and defense software, such as LFD (login failure daemon) or Fail2Ban.

40. If possible, use cloud-based software instead of installing software on local devices, because more and more supply chain attacks will install malicious applications or updates on your devices to steal your passwords and access top-secret data.

41. It is best to generate MD5 or SHA1 checksums of all files on the computer (using software such as MD5Summer) and save the results, and then check the integrity of the files (and find the Trojan files or programs injected into the back door) by comparing the checksums with the previously saved results every day.

42. Every big company should implement and apply intrusion detection system based on artificial intelligence (including network behavior anomaly detection tools).

43. Only IP addresses in the white list are allowed to connect or log in to important servers and computers.

44. Did you know that you can hide one or more files in another file? For example, in Linux, you can use this command "cat file1.mp4 file2hide.gpg > file2.mp4" to append the file file2hide.gpg to the end of the file file1.mp4 and generate a new file named file2.mp4. The new file (file2.mp4) can still be played in all media players (such as VLC). If you choose to hide it in a PDF file or FLAC file, the output file can also be opened in any PDF viewer or music player without any problem. To split the output file, you can use the "tail" command and the "split" command, or you can write a small code to do this.