Adept at avoiding phishing, but scared of getting hacked through brute-force attacks? It doesn’t even matter who you are, since you can still become a target nonetheless. Hackers can sell your data to other companies, legal or not, allowing them to serve targeted ads. They can also use your account to spam, phish, scam, or even commit a crime, getting you banned or in trouble. Even worse, they might sell your information on the dark web, letting shady people do unimaginable things with your credentials. All of this makes it urgent to learn how to create a strong password. Let’s begin.
Quick Answer to Create a Strong Password
You can create a strong password by making it at least 12 characters, and include a combination of numbers, letters (both upper and lower case), and special symbols. It’s better if it’s not a common word or easy-to-guess personal information. Also, be sure to use a unique password for each account you have to prevent a breach in one area from affecting all your accounts.
How does a strong password help you?
A strong password is defined by the difficulty it takes to guess or crack it through brute force attacks. As such, it is the minimum you should use if you are serious about your online safety. A strong password is the need of the hour. You can imagine its significance based on the simple fact that last year alone, almost 24 billion passwords were hacked.
In fact, a weak password can even make things easier for hackers, as a study by LastPass shows that almost 80% of all attacks are related to the use of stolen, weak, or reused passwords. Sadly, the reality is that we do not care when creating a password, especially for social media or entertainment service sites. However, hackers still target them for your data. Why? Because even if you deem the data shared inconspicuous, it can still be used against you.
We all make some common mistakes when it comes to passwords, as depicted in the video below. After that, we have pointed out why and how a strong password will aid you.
A strong password helps you in the following ways:
1. Strong passwords prevent unauthorized access
A strong password is more than likely to prevent any unauthorized person from gaining access to anything digital you deem important. It can be a device, network, server, website, or anything else. The stronger the password, the safer you are from outside intrusion. And since the person can’t access the source, there is no risk of theft or any other similar cyberthreat.
2. Helps your financial security
Yes, by creating a strong password for your bank account, you can ensure much better security. Although banks and other financial institutions spend tons of money to make their online banking systems or any finance-related activity, as secure as they can be, there is always a chance of human error, which you can restrict simply by practicing safe password habits.
3. Your personal data is secured
A strong password will also help your personal life, especially if you are more active on multiple social media sites and similar websites. While most people do not heed the importance of password protection when it comes to online sites such as Netflix and so on, things have started to change, especially with Gen Z, who are more aware of their online privacy rights and the steps needed to protect them.
4. No unwanted transactions
You can also remain safe if you enable passwords for any monetary transaction, thus preventing any unwarranted money transfers. Many identity theft cases have resulted in credit card fraud, simply because there were no safeguards in place. If you protect your transactions with a strong password, you can prevent such things from happening.
5. Helps business operations
Finally, passwords can make business operations far easier by allowing different sectors or aspects to allow authorized action only. Thus, by creating passwords, businesses can not only protect their data but also segment operations by using authentication.
Guidelines to Create a Strong Password
Here are the best practices when creating a strong password:
1. Use different passwords for different accounts
Yes, this makes it harder to remember them all. On the other hand, should one be compromised, not all of your accounts are in danger. If you want to take the lazy way out, use variations of the same password, but make sure they look different and don’t follow the same pattern.
2. Don’t use passwords that can be guessed
Using only words, especially the ones in English, leaves you exposed to dictionary brute-force attacks. So, if they’re very common, you’re just inviting hackers in. Just like there are passwords you shouldn’t use for WiFi, these are passcodes you mustn’t use with user accounts:
Obvious words or numbers
Those include password, qwerty, your name, username, sequential numbers, or simple digit order such as 123456, 123123, 11111, etc.
Information related to you
We’re talking about you or your family and friends, a pet’s name, your or other people’s birthday, your job title, or anything related to the occupation or interests you have. Also, do not include your address – country, street name, town, house/apartment number, etc. It’s also important that you do not choose these as answers to security questions either. Hackers can abuse this security measure to circumvent not knowing your password.
3. Use a combination of letters, numbers, and symbols
This is probably the most important piece of advice. Using only numbers leaves you exposed to effortless brute-force attacks, and so do words, as explained above. Using only symbols might be impossible on the majority of websites. For that reason, it’s best if you combine all 3 of them in some order, random or not. Keep in mind that the so-called “leetspeak“ is no longer valid, so never replace letters with numbers such as “p455w0rd“ instead of “password“.
3. Keep your passwords safe
It is absolutely important that you keep your passwords safe. No matter how strong your password is, if you are being careless and sharing it with everyone, it is no longer secure.
4. Make your passwords long
We don’t recommend going under 15 characters. Every character over that number makes your password stronger.
Methods to Create Strong Passwords
Here are 3 methods to create a strong password:
Method 1. Create a strong password with a generator tool
You have 2 options to choose from with this method:
1. Generate strong passwords alone
You can generate a password for every one of your accounts, and then keep it safe. However, it’s hard to memorize and keep away from prying eyes. On the other hand, it’s as secure as it gets, especially if you follow all guidelines. Although you can use any website, we particularly love PasswordGenerator.net and Avast’s Random Password Generator. They allow you to add or remove elements we talked about above.
2. Generate a strong password with a password manager
Password managers allow ease of use without compromising security. In essence, you sign up for an account and choose one master password using the tips we’ll give below. Then, by installing a browser extension or desktop/mobile software, the manager will generate a complex password for every website or service on the fly, and then save it into the vault.
The next time you need to log in, it will auto-fill the password and sign you in. Besides convenience, this method also renders keyloggers powerless, since you’re not typing. The two leading password manager services seem to be Dashlane and LastPass. Of course, you’re free to pick any service you like that fits your budget. My personal choice is Bitwarden, which is an open-source tool.
Method 2. The passphrase method
Unless you use a password manager, it’s hard to remember a complex password. This forces you to keep it handy, on your computer, or written near your desk, which beats the purpose of keeping it safe. To fix that, here’s a method that involves coming up with a long passphrase made up of bizarre words. You can do this in one of 2 ways:
1. Manual way
The words in the passphrase should be easy for you to remember, but still unrelated. Dig deep for inspiration – character or business names, historical figures, captivating words you’ve heard in your or foreign language, etc. Afterward, add a few numbers or symbols for good measure, and consider mixing lowercase and uppercase letters. We’ve come up with “Deasil1^quirE#5Xertz“.
4. Using outside help
If you are out of ideas, might we suggest Diceware? It’s an online tool that allows you to roll a die a few times to get a number, and then find a corresponding word. Do that 3-4 times for each word, combine them, and voila. You can also use online dictionaries or Word of the Day apps/websites/social media accounts.
Method 3. The sentence method
While reasonably secure and requiring a long time to crack with a brute-force attack, the words above are still found in a dictionary. It would be best if you could make a password look like it was generated, yet have an easy way to remember it. That is possible with this method, which requires you to think of a long sentence. Then, make up a rule.
For example, take the first letter of each word, add a number after 3 letters, and a symbol after 5. If you lack inspiration, feel free to use a tool known as a gobbledygook generator. Using “hackers have nothing on us, we have a very strong password and fear no one“ we’ve come up with “hhn3ou^w5hav7s&pa9fno1#“.
Weak Password Related Cyberthreats
Strong passwords are certainly helpful for our digital safety. They can prevent different types of cyberattacks. The following is a table that explores the various threats to a password and their severity.
| Cyberattack | Description | Severity |
|---|---|---|
| Brute force attacks | It targets the password by trying all the possible combinations. | Low and highly dependent on the security level of the system it tries to gain access to. |
| Dictionary attacks | It tries to guess the password by using common words or phrases. | Very low, as more and more people have started becoming aware of safe password practices. |
| Phishing | The act of tricking the person into revealing his password, using fake login pages or similar elements. | High, since the person is tricked into voluntarily providing the correct password, it can be pretty effective. |
| Keylogging | A program that records all the keystrokes made during a session. | High, although combing through all the data can be a chore, it is certain that one will find the password with time. |
| MITM | Intercepting any data traveling from point A to point B. | Very High, since it not only intercepts but also manipulates data in transit, it can be used to harm more systems. |
| Credential Stuffing | Using usernames and passwords stolen from one website to gain access to a different site. | High, as many people use the same username and passwords for multiple websites. |