Why Having A Strong Password Is Important
A strong password is the main barrier keeping most of your online accounts from being hacked. Without up to date practices, you might be using passwords that cyber-frauds can easily guess within hours. Exposing yourself to identity theft and extortion is a risk you should never take. You will need to create passwords that can fight modern password theft methods.
Weaknesses in your account credentials can be a cybercriminal’s dream. But their success is your nightmare, so you’ll need to take steps to avoid being a victim of password hacking.
Password Security Threats
Compromised passwords give cybercriminals an open door into your most personal accounts. So, of course, you'll want to build a password that hackers are unlikely to discover.
The average user will create passwords to fool human hackers. This used to be a smart way to fight data theft. A criminal would use any information they could find about you and use common patterns in passwords to guess yours. You used to be able to just switch up the characters in your passwords and “Tr1Ck” your way into security. But hackers took notice.
Cybercriminals use sophisticated technology to get your passwords nowadays. This is important since many people try to make passwords hard for people to guess, but do not consider efficient algorithms. Software is designed to account for crafty user behavior as it guesses your passwords.
Here are some methods hackers use to get into your accounts:
Dictionary-based hacks use an automated program to combine dictionary words in common ways. Users make passwords easy to remember, so these hacks try to mimic obvious patterns.
Social media and publicly shared personal info are used to target you personally. Users commonly include names, birthdays, and even favorite sports team names in their passwords. Much of this info can be revealed just by spending a bit of time browsing your social media.
Brute force attacks use an automated program to recreate every possible combination of characters until it finds your password. Unlike dictionary hacks, brute force doesn’t handle long passwords well. However, short passwords can easily be discovered within hours in some cases.
Phishing involves a scammer pressuring you to give the hacker your money or valuable info. They pretend to be credible, usually as a trusted organization or someone you may know. Phishing scammers may call, text, email, or message you on social media. But they can also use fraudulent apps, websites, and social media profiles. If you believe you need protection against phishing attacks, we recommend using Kaspersky Internet Security.
Existing data breaches have exposed many passwords and other sensitive data already. Companies have been getting hacked more frequently, and hackers take all the data to expose it online for a profit. This can be especially threatening if you've reused old passwords since outdated accounts are likely to be compromised.
How to Create a Strong Password
To protect yourself against the newest hacking methods, you'll need powerful passwords. If you're wondering. "how strong is my password?" here are some tips to help you create a strong password:
- Is it long? Try for over 10-12 characters minimum but aim to make it longer if possible.
- Is it hard to guess? You should avoid sequences (“12345” “qwerty”) because these can be brute force hacked in seconds. Also, avoid common words (“password1”) for the same reason.
- Does it use varied character types? Lowercase, uppercase, symbols, and numbers can all have a home in your password. Variety can increase how unpredictable your password is.
- Does it avoid apparent character substitutes? For example, you might use the number zero “0” in place of the letter “O.” Hackers code these into their software nowadays, so avoid this.
- Does it use any uncommon word combinations? Passphrases might be more secure when using unexpected words. Even if you are using common words, you can arrange them in an odd order and make sure they are unrelated. Both methods can throw off dictionary hacking.
- Will you remember it? Use something that makes sense to you but will be hard for computers to guess. Even random passwords can be remembered by muscle memory and being semi-readable. But passwords that lock you out of your account won't help much.
- Have you used it before? Reusing passwords compromises multiple accounts. Make it original every time.
- Does it use a rule that’s hard for computers to guess? An example might be a passphrase of three 4-letter words, where you are replacing the first two letters of each word with numbers and symbols. This might look like: “?4ee#2ge?6ng” in place of “treecagesing”
Secure Password Examples
Generally, there are two main approaches to making strong passwords:
Passphrases are based on a combination of multiple real words. Uncommon words with character-swapping and random characters mixed in have been used in the past, like “Tr1Ck” for “trick” or “84sk37b4LL” for “basketball”. Algorithm hacks know this method now, so better passphrases are usually a mix of common unrelated words in a nonsensical order. Sometimes, there may be a sentence that has been chopped and swapped with a pattern only the user knows.
A passphrase example might be, “coW!burN#movE?pianOh” (using the words cow, burn, move, and piano.)
Passphrases work because they are:
- Easy to remember.
- Trick dictionary and brute force hacks.
Random character strings are purely random, using a mix of all character types. These passwords include uppercase, lowercase, symbols, and numbers in a spontaneous order. Since there is no method to how the characters are arranged, guessing is incredibly tricky. Even hacking software can take trillions of years to figure out these passwords.
A random character string example might be, “f2a_+Vm3cV*j” (which might be remembered using the mnemonic, fruit 2 apple _ + VISA music 3 coffee VISA * jack)
Random character strings work because they are:
- Nearly impossible to guess.
- Very difficult to hack.
- Can be remembered by muscle memory and mnemonics.
Strong Password Examples
When creating your password, examples can help you through the process.
Here are some tips on how to create a strong password:
Example 1: IwiCcR!fOdIiNkE?
Why it is considered strong:
- It starts with a passphrase, “I want ice cream! for dinner in Kentucky?”
- Uses a rule to keep the first 2 letters of every word and capitalize every second letter.
- Long at 14 characters.
- Uses special characters: “!” and “?”
- Includes uppercase and lowercase letters.
How to make it better:
- Add characters to make it longer.
- Add numbers.
- Example: IwiCcR!7fOdIiNkE?6
Example 2: !HMnrsQ4VaGnJ-kK
Why it is considered strong:
- Randomly generated using a password generator.
- Long at 16 characters.
- Uses special characters: “!” and “-“
- Uses uppercase and lowercase letters.
How to make it better:
- Use a mnemonic to remember it.
- Example: “! HULU MUSIC nut rope skype QUEEN 4 VISA apple GOLF nut JACK - korean KOREAN”
Example 3: rageducksimplemoon
Why it is considered strong:
- Based on a passphrase, using multiple common, unrelated words.
- Long at 18 characters.
How to make it better:
- Use varied characters — uppercase, lowercase, symbols, numbers.
- Replace some characters with other types.
- Example: !Age#Uck?Imple3Oon (Using this rule: uppercase second letter of each word and replace every first letter with a character.)
How to Use and Remember Passwords
With so many unique passwords to keep up with, you’ll need to be careful about how you store them.
To stay safe, don’t do the following:
- Write down passwords on paper.
- Save passwords in your phone’s notes app.
- Save in your browser’s autofill password saver.
However, you will want to use the following methods:
Activate two-factor authentication on all your most valuable accounts. This is an additional security check following a successful password entry. It uses methods only you have access to, such as email, text, biometrics (ex: fingerprint, face ID), or a USB security key. 2FA keeps crooks and prying eyes out of your account, even if your password has been stolen.
Update your most essential passwords often. When you decide to update, be sure to take action and change them. It is a hazardous practice to keep your password and only change a few characters. You'll want to update your passwords in regular timeframes like every month. Even if you don't update every password, be sure to change them for the following accounts at least:
- Online banking
- Bill payment
- Password manager master password
- Social media
- Phone provider
Ultimately, remember that if your password is convenient for you, it’s probably convenient for hackers too. Complex passwords are the best way for you to protect yourself.
Use a password manager like Kaspersky Password Manager. The main benefits of using a password manager include being encrypted and being accessible anywhere you have internet. Some products have a password generator and password strength checker built in.
Related articles: