Whether it’s our bank details, private messages or intimate information about our personal lives, we’ve all got a lot of sensitive data stored on our online accounts that we want to keep secure. But unfortunately, cybercriminals are coming up with increasingly sophisticated methods of hacking into accounts.
So what can you do to safeguard your online data and make your accounts more secure? Well, creating a really strong password should do the job. But, as we all know, it’s a fine line between choosing a password that no one else will be able to guess and one that’s easy for you to remember.
Luckily, there are loads of ways to create strong passwords that you won’t forget. Here, we’ll walk you through our tips and tricks for choosing and setting up secure passwords for your online accounts. And we’ll share some of our favourite methods for keeping your passwords safe and ways of making sure you don’t have to hit the “Forgotten password” link ever again.
So read on for everything you need to know about creating a strong password.
What is a strong password?
A strong password is one you can’t guess or crack using a brute force attack. Hackers use computers to try various combinations of letters, numbers, and symbols in search of the right password. Modern computers can crack short passwords consisting of only letters and numbers in mere moments.
As such, strong passwords consist of a combination of uppercase and lowercase letters, numbers and special symbols, such as punctuation. They should be at least 12 characters long, although we’d recommend going for one that’s even longer.
When you’re setting up an online account, there’ll often be prompts reminding you to include numbers or a certain number of characters. Some may even prevent you from setting a “weak password”, which is usually one word or number combination that’s easy to guess.
But even if you don’t get reminded to set a strong password, it’s really important to do so whenever you’re setting up a new online account or changing passwords for any existing account.
A long password is a strong password
When it comes to password security, length really does matter. We recommend opting for a password that’s at least 12 characters long, even longer if you can.
Each additional symbol in a password exponentially increases the number of possible combinations. This makes passwords over a certain length essentially uncrackable, assuming you’re not using common phrases.
A strong password isn’t obvious
A good password needs to be something that’s really difficult for someone else to guess or crack, so don’t go for anything really generic, like “password” or “12345”. The latter two choices are still among the most popular in the world, and they’re also among the least useful.
Good passwords can’t contain memorable keyboard paths
Don’t use sequential keyboard paths, like “qwerty”, as hackers are likely to crack these. If you spent no effort in thinking of a good password, the chances are the hackers won’t need much effort to crack it.
Password strength isn’t personal
It’s really important that you don’t use anything personal to you, like a nickname, your date of birth or your pet’s name. This is information that’s really easy for a hacker to find out simply by looking at your social media, finding your online work profile or even just by listening in on a conversation you’re having with someone else.
A good password should be unique
Once you’ve created a strong password, you might well be tempted to use that password for all your online accounts. But, if you do that, it leaves you more vulnerable to multiple attacks.
After all, if a hacker manages to discover your password, they’ll then be able to login to every account you use that password for, which might include your emails, your social media and your work accounts.
A lot of people use the same password for everything because it’s easier to remember. But don’t worry because we’ve got loads of tips and tricks to help you manage multiple passwords a bit further down.
Avoid past passwords
It’s also really important to make sure you don’t recycle your passwords, particularly if they’ve been hacked before. This may seem obvious, but once you’ve used a password, you shouldn’t reuse it. Even if you haven’t used it for years, it’s best to come up with a new one. Especially if you’ve had issues with a password being hacked in the past.
Symbols you can use in passwords
Although using special characters in your passwords is a really good way of making them extra secure, not all online accounts allow you to use any symbol you like. But most will allow you to use the following:
Examples of good passwords
So to recap, a password must be at least 12 characters long (ideally, even 15 characters) and should consist of a seemingly random collection of uppercase and lowercase letters, numbers and special characters, like punctuation.
With that in mind, here are some good examples of strong passwords:
Tips for creating a good password
Luckily, there are loads of things you can do to create unique and strong passwords for each of your online accounts. Here are our top tips on how to setup a good password:
Choose a passphrase rather than a password
Passphrases are much more secure than passwords because they’re typically longer, making them more difficult to guess or brute force. So instead of choosing a word, pick a phrase and take the first letters, numbers and punctuation from that phrase to generate a seemingly random combination of characters. You can even substitute the first letter of a word with a number or symbol to make it even more secure. Or try swapping out words for punctuation like we used to back in the days of text slang, if you can remember back that far.
Here are some examples of how you can use the passphrase method to create strong passwords:
|I first went to Disneyland when I was 4 years old and it made me happy||I1stw2DLwIw8yrs&immJ|
|My friend Matt ate six doughnuts at the bakery café and it cost him £10||[email protected]&ich£10|
|For the first time ever, Manchester United lost 5:0 to Manchester City||4da1sttymevaMU5:02MC|
Note: don’t use common phrases, because these are vulnerable to dictionary attacks – random combinations are what you want.
Opt for a more secure version of dictionary method
A popular method for choosing a password is to open a dictionary or book and choose a random word. But, as random as it may seem to you, a single word is actually quite easy for a hacker to guess.
So rather than opting for just one word from the dictionary, choose a few and string them together along with numbers and symbols to make it much trickier for someone to figure out.
Here are some examples of good password ideas created with this method:
|Words from the dictionary||Secure password|
|Jigsaw, quest, trait, fork||Jigsaw%Quest7trait/fork48|
|Glimpse, stuff, prize, koala||G1impse$tuff74Prize8Koala!|
|Trombone, fish, quick, upside||Tr0mb0ne&Fish?Qu1ck^side|
Play around with phrases and quotes
If you want a password that’s difficult for others to guess, but easy for you to remember, it can be a good idea to use a variation on a meaningful phrase or quote. Simply take a phrase you’ll remember and swap out some of the letters for numbers and symbols.
Here are some examples of strong password ideas generated with this method:
|Quote or phrase||Secure password|
|“One for all and all for one”: The Three Musketeers||14A&A413Mu$keteers!|
|“For the first time in forever”: Disney’s Frozen||4da1stTymein4eva-Frozen|
|“Twinkle twinkle little star, how I wonder what you are”: nursery rhyme||TW1nkle7ittle*how1??UR|
If you want to add symbols to your passwords without making them harder to remember, you can always use emoticons.
Although you won’t be able to add in emoji, you can use emoticons, which are the coded versions, usually made up of punctuation, letters and/or numbers.
Here are some emoticons that you can use in your passwords:
Use a password generator
If you don’t have time to come up with your own strong passwords, a password generator is a really quick and easy way to get a unique and strong password. Most generators will give you the option of selecting how many characters you want and whether or not you want special characters, although most will include them by default.
Some of our favourite password generators are:
Customise your passwords for specific accounts
Once you’ve come up with a strong password that you can remember, you’ll still have to create different passwords for each of your online accounts. But, rather than starting the whole process again, you could simply add a different code into your password for each online account.
So, for example, if your password was cHb1%pXAuFP8 and you wanted to make it unique for your eBay account, you could add £bay on the end so you know it’s different to your original password but still memorable.
Here’s how that could work:
|Online account||Password with added code|
Commit your password to muscle memory
If you want to remember your password, it can be a good idea to practise typing it several times over. Eventually, if you type it correctly enough times, you’ll develop a muscle memory that’ll mean it’s much easier for you to remember.
How to keep your passwords safe
Now that you’ve set up a strong password for each of your online accounts, the next step is to keep them safe and secure from hackers.
Here are some of our top tips on how to do that:
Choose a good password manager
Whether you’ve generated your own strong passwords or you’re looking for an online service to do it for you, we strongly recommend using a good password manager. A secure password manager generates, stores and manages all your passwords in one safe online account. This is really useful because it allows you to use as many unique passwords as you like without ever having to worry about memorising them.
All you need to do is save all your passwords for every online account you have on your password manager and then protect them with one “master password”. This means you only have to remember one strong password as opposed to every single one.
Once you’ve got your password manager set up, whenever you go to login to one of your online accounts, you simply type your master password into your password manager and it’ll auto-fill in your login details for this account. You don’t even need to remember which email address or username you used. A secure password manager will fill all this in for you.
If you’re looking to use a password manager, there are loads of great options to choose from. Here are some of the best password managers in 2020.
Use two-factor authentication
Even if someone does manage to steal your password, you can still prevent them from accessing your account by adding in an additional layer of security with two-factor authentication (2FA). This means that anyone trying to login to your account will have to enter a second piece of information after the correct password. This is usually a one-time code that’ll be sent directly to you.
Sometimes this will be sent to you via text message, although this isn’t necessarily the most secure way of receiving that code. After all, a hacker could steal your mobile number through SIM swap fraud and access your verification code.
We’ve found it’s much safer to use a two-factor authentication app instead, as they’re much trickier to intercept. Our favourites include:
- Google Authenticator
- Microsoft Authenticator
Don’t save your passwords on your phone, tablet or PC
This may sound obvious but you must avoid saving any of your passwords in a document, email, online note or anything else that could be hacked.
Check if your email has been leaked
Of course, it’s really important to keep on top of any data breaches that may have occurred, particularly with your email account.
But how do you know if your email has been leaked? Well, we have an online personal data leak checker, which will let you know if anything like this has happened to your email account. All you need to do is enter your email address and we’ll be able to tell you if anything has happened to it.
Don’t give out your password
Last but not least, it’s really important to keep your passwords private. Even if you completely trust the person you’re giving your password to, it’s risky to send a password via text message or email in case anyone intercepts it. Even if all you’re doing is reading it out over the phone or spelling it out to the person sat next to you, there could be someone listening in and making notes.