After an infinity of repetition on the topic of password strength, it would seem people still use passwords like “12345678” or “qwerty.” Even more appallingly, many go with “password” and that’s that.
But what exactly is a strong password and how do you manage these strong passwords over your multiple accounts? This guide will tell you all of the above and more.
Here’s why most passwords are easy to crack
According to studies, 73% of users online use the same password on many different accounts? The problem here is not so hard to figure out: your email address is your username most of the time nowadays, so if a data breach happens at, say, your local clinic, the hackers behind the breach will be able to try your login credentials on other popular websites: Facebook, Google, etc. Using the same password on all means a breach on one site can mean a breach of all your accounts.
Taking it a step further, think how many accounts you log into via Facebook or Google and imagine how exposed that makes you if you reuse passwords.
This is one of the main mistakes in cybersecurity – it has led to escalated cases of security breaches in both personal and corporate accounts. And if it happens that you’re hacked, you need to change all your passwords.
Strengthening your password
One of the most frequently asked questions on Google is: “What is a strong password?”.
The answer is not as straightforward as we often think, and it depends on whether you have to remember it. For ages, we had been taught to use passwords that are, in the words of xkcd, “hard for humans to remember, but easy for computers to guess” – passwords like “C0d3w0rd$1.”
In reality, something like a 4-5 random-word phrase without caps or strange symbols can often be better for your security.
With that said, in reality, password strength is a balancing act between length and symbol set size. If you don’t have to remember the password, it is a lot better to have a completely random 20-character string, including lowercase and uppercase letters, punctuation, and numbers. If you have a password manager to remember these phrases for you – those are the sorts of passwords you should use.
How to secure your account
Here are some other tips and tools you can use to strengthen your passwords and otherwise increase the security of your accounts.
#1 Use multifactor authentication (MFA)
Multifactor authentication is a cybersecurity technique that involves multiple user verification methods at the same time to get into an account. It is also often used to confirm money transfers and other high-risk interactions on the internet. If implemented properly, these extra layers can protect your resources even when a hacker has obtained your password. It is an effective method of minimizing cyber theft and phishing through email.
#2 Use a password manager
As mentioned, password managers are a great way to make sure you’re using difficult passwords that are different for each account.
One of the best password management apps in the industry is 1Password. It can help you create much stronger passwords with a click of a button. In addition to storing them in an encrypted database, 1Password also tells you how safe your combination of characters is. Moreover, it will alert you if a hacker ever tries to invade your system and whether your data has been compromised.
#3 A longer phrase is more secure
Did you know that the length of your password is at least as important as its complexity? If you have a 12 to 15-character long password, any hacker will find it incredibly hard to crack it or guess it. However, don’t fall into the trap of combining pop culture references or simple patterns simply for length.
Passphrases are a great idea for boosting your password length. Ideally, your password should transform from a word to a sentence, for example “I don’t feel like working.” One caution though – avoid commonplace phrases. Be creative and come up with a phrase that is nonsensical yet memorable, like “Amethyst Clownriders Jingled In The Rain.”
#4 Use padding to strengthen your passwords
Padding your password is not about changing what you already have but instead making it stronger by adding extra modifications. Just start with a simple code like ‘my dog is Tommy’ and add extra characters at the end. Through padding, you can come up with something like “MydogisTommy54*B>>”. Keep in mind that you can use a space too if you feel like it. While the password hasn’t become overly complex to remember, you have increased the length by 6 characters making it more difficult for hackers to crack.
#5 Formulas can help you create strong passwords
Formulas are a good way to increase the complexity, length, and separation of your password. It involves coming up with you own individual set of rules to create code phrases that are both memorable and hard to guess. The complexity can be as high as you’d like it to be.
For example, “Ccmfrcc2pir” seems like total nonsense and it would be hard to crack. But it is a contracted formula – Circumference of a circle = 2*pi*r, also making it very easy to recall when you need to enter it.
By including a few characters to the above password, you can easily remember it e.g. Ccmfrcc=2Pi*r. That gives you a stronger passcode with letters in uppercase and lowercase, symbols, and numbers which are easy to remember. If you want to make the password specific to a certain website, say fashionista.com, a good idea would be to incorporate the site’s name into the core phrase e.g. Ccmfrcc=2Pi*rfashion. This way, you can create unique passwords with the same formula.
#6 Stop changing your passwords
The notion that passwords must be changed every three months is a myth. As long as you have a strong password, you don’t really need to change anything. The last thing you want is to forget your password. Keep in mind that the more often you change it, the less likely you are to remember. If you keep changing patterns at the end of your password, you will be just making things easier for hackers.
With that said, sometimes you can be unaware that your account got exposed due to some data breach on the internet, thus it’s a good idea to periodically check your email address against this helpful database of leaked credentials. If you got exposed – change your password immediately.
Strong passwords are your best bet against hacks and leaks. Even if a database containing your password does get into the wrong hands, normally it will be stored in an encrypted form. The stronger the password – the more difficult it will be to crack this encryption.
You must not share your password with anybody, even close friends. It might happen that they might accidentally pass it to others or simply become your ex-friend and abuse that knowledge.
Also, refrain from using the same password or passphrase in multiple sites as this would make it easier for someone to break into all your accounts at once to steal valuable information, potentially by using a site with lower security standards to get the password and then use it in even the safest sites.