How to Create a Strong Password?
June 19, 2023, 9 min read
It’s understandable to feel overwhelmed by the prospect of creating unique, secure passwords for each of the many websites you frequent. No one would think about making and remembering a password like Wt4e-79P-B13qS.
As a result, you may be using the same password for all your accounts, although I understand this is a security risk. Using many passwords that are each just a single word or a random string of numbers with no real meaning to you will not make them more secure. Or, if you have made it difficult to remember your passwords (perhaps at the insistence of your employer or a website), you may keep a list of them next to your computer, even though this could compromise your security if someone else were to use it.
Why Password Strength Matters?
When you consider using a different password for each website you visit, it’s easy to see why creating secure passwords could seem daunting. Everyone would feel overwhelmed if they had to make and remember complex passwords such as Wt4e-79P-B13qS.
Because of this, you may be utilizing a single password across all your online accounts, although knowing this practice is insecure. If you use more than one password and they are all short, simple terms or contain numbers that are significant to you, they are still easily cracked. If you have a lot of passwords (maybe because your employer or a website requires them), you may keep a list of them near your computer. This is risky since anyone using your list could access your accounts.
Using Symbols, Numbers, and Upper and Lower Case Letters
Few systems offer one-time tokens (dynamic, one-time-use passwords). Thus everyone needs to know the best practices for creating secure passwords. A malicious user can impersonate you and access the system with your credentials if they can obtain or “crack” your password.
Passwords need to have three out of the following four character types:
- A-Z in capital letters
- A through Z in lowercase
- Numbers 0 to 9
- Symbols: “!@#$%&*()_-+=[]|”‘,>.?/
Avoid using any terms found in a dictionary, in any language, or any permutations of those words. Suppose you want to keep your account secure. In that case, you should avoid using famous words like “Western” and “Bronco,” as well as your name, account name, common names of persons or locations, technical jargon, repeating sequences, and keyboard shortcuts. It would be best to never use your account name or any other personal information, such as your birthdate, social security number, or the name of a pet or family member, as a password. Avoid the usage of abcdefg, qazxsw, qwerty, or zxcvbn and other meaningless computer phrases, names, instructions, websites, company names, and word or number patterns.
- Do not use the same password for the CS Department as you do for other parts of the university, other jobs, or other research facilities.
- Your password should never be shared with anybody.
- Never write down your password, store it in a file on your computer, or keep it in a notebook.
- Passwords can’t be easy to guess or be found in a dictionary
- Passwords should never contain any identifying information
Creating Memorable Yet Strong Passwords
Please create a secure, unique password, and easy to remember by focusing on making it memorable and challenging to guess simultaneously. If you take the time to master the fundamentals, you can easily create a password that is both secure and easy to remember. Moreover, they can be fun to develop, and increased security is invaluable.
Use A Weird Password Containing Symbols And Numbers
A practical method for laying the groundwork for a lengthy password is to create a passphrase of phrases that don’t often go together. In some areas, you can set up an event space. Add some symbols and numerals to make it even more solid.
Example: Consider the case of the 32 seagulls flying to Paris with bologna sandwiches.
Use A Phrase And Acronyms Or Shortcuts In It
Use meaningful words and trim them down with shortcuts; alternatively, build an acronym by utilizing the first digit of each term and filling in the rest with numbers and symbols.
Example of a Shortcut: 2BorNot2B_ThatisThe? Shakespeare: “To be or not to be, that is the question.”
The acronym I go bowling with eight pals every Friday night, for instance.
Make A Password Using Random Words
This method circumvents the standard advice to avoid using easily guessable words for passwords. Instead, link four or five unrelated words together to create a passphrase containing multiple phrases. The length and unpredictable nature of the passphrase is critical to its effectiveness.
Most importantly, the words should be chosen at random. For example, “cat in the hat” is a frequent expression; nonetheless, the combination of those two expressions would be terrible. However, “correct horse battery staple” is grammatically incorrect and makes no sense.
Avoiding Common Password Mistakes
Do Not Use the Same Password Across all Platforms
One of the most common mistakes people make when creating passwords is using the same one for everything. Since research shows that as many as 97% of people cannot distinguish a phishing email, they will essentially control the entire system if the attacker successfully obtains that password. Avoid using the same password for many accounts; use unique, strong passwords instead.
Do Not Use Different Passwords with Just One Character
The common mistake that many people make when asked to change their passwords is to change a “12” to a “13,” for instance. Password-guessing programs are savvy to this technique and can quickly spot it.
Adding the non-alphanumeric character “!” to the end of your current password is a simple way to mitigate the risks associated with this activity. Cybercriminals are familiar with this tried-and-true method. The password should not begin with or conclude with a letter or a number.
Do Not Include Personal Information in Passwords
Names of people close to you, celebrities, sports teams, animals, and other common keywords pose a security risk if used as passwords. Yoda123 and other similar program scans for the most frequent permutations and are used by criminals. Don’t assume you’ll be protected if you reveal details like your pet’s name or your high school’s mascot. Your benign social media posts could make it easy for crooks to steal your identity.
Adding a string of digits to the beginning or end of the password is not a safe practice.
Do not Reveal Your Password to Third Parties.
Share your password with someone whose email account is protected by the phrase “qwerty,” it won’t matter how strong it is. Passwords are susceptible and should be protected at all costs.
Keeper is a password manager that allows for the safe, limited sharing of passwords with other people.
The Pros and Cons of Using Password Management Tools
Cons of Managing Passwords
First, we’ll look at the potential drawbacks of using a password manager. There aren’t many valid reasons not to use these technologies in today’s climate of cyber threats, but some concerns remain.
- Device and Browser Support
Choosing a password manager that works with your computer’s hardware and operating system might be tricky because of many options. Some supervisors only work on particular web browsers, while others aren’t compatible with any mobile device. Aid may be seen as counterproductive now. However, if you use a reliable password manager, you won’t have to worry about this happening to you.
- A Single Point of Failure
Using a password manager requires you to create a single master password that can be used to access all of the accounts and services the program manages. Due to the critical nature of this master password, it represents a single point of failure. If users lose their master password or other identity, they may also lose access to their different passwords. Similarly, if your password manager’s master password were to fall into the wrong hands, an attacker would have access to your protected accounts.
- Some do not Function With all Websites.
It’s all about ensuring you’re using the right tool for the job again. Some password managers do not work correctly with certain websites. They may miss the requirement for logging in or forget to use the autofill feature. In such a case, the user must manually launch the password manager or enter their credentials.
Many attempts to keep people safe have the unintended side effect of making people feel unsafe. Once in a while, any one particular answer or method will be held up as the “holy grail” of security. Users may feel less of a need to keep tabs on their actions. If users have confidence in the safety of their accounts, for instance, they may stop taking precautions against phishing. Although password managers are a useful tool, it is important to remind customers and end users that they still need to take additional measures to protect their data—training in attentiveness and awareness.
The Pros of Password Administration for Users
- Performs a Simple but Crucial Duty Well
Most cybersecurity experts recommend using a password manager since it’s the only foolproof method of maintaining good password hygiene. In other words, password managers effectively increase password security as expected without adding any additional burden to the user. By immediately implementing the recommendations of cybersecurity professionals, end users can work together towards the common goal of risk minimization.
The real benefit of using a password manager is that it eliminates the need to remember a different, complex password for each online account. Second, it’s not hard to make and use lengthy, random, and complex passwords. The average user has to sign into dozens of reports (often even 100 or more), making it practically impossible to do so without “cheating” by writing down the passwords, saving them locally, or relying on browser-level autofill tools. Such options inherently pose security risks. A password manager can store these credentials securely and generate strong passwords that follow best practices.
- Auto-login and Form Fills
A password manager can save time by automatically filling up the user’s login information. It’s also easy to access the password manager and enter the appropriate password whenever you need it. However, the browser’s built-in password manager works differently and is more of a soft target. (Disable password saving in your browser if you use a password manager.)
- Stores Password Recovery Questions
Password recovery questions can be challenging to remember the answers to. Accurate solutions are discouraged by certain professionals. This makes it so hackers can’t use social network data to guess their passwords. Most password managers also can store recovery answers in their secure vaults, so users can establish recovery questions and answers with randomized characters to operate as an extra layer of passwords.
Two-Factor Authentication
Two-factor authentication is a subset of MFA that requires not one but two independent means to verify your identity before granting you access. Authentication requests may be verified using a combination of information you know (such as a username and password) and your knowledge (such as a smartphone app).
Two-factor authentication (2FA) protects your logins from unauthorized users who try to log in using compromised credentials, such as those obtained through phishing, social engineering, or brute-force password-guessing assaults.
How Often Should You Change Your Passwords?
Passwords should be changed at least every three months, advises cybersecurity professionals. If you suspect a hacker has accessed your account, you may wish to change your password immediately.
Knowing how to change your password is essential, but you should know that doing so is usually only necessary in exceptional circumstances. However, experts recommend rotating passwords every few months for maximum security.
There’s a simple rationale for this. It’s possible that your account’s compromised password won’t be discovered right away. However, if you regularly update your password, you can reduce the time a hacker spends in your account and, hopefully, the damage they can cause.
Conclusion
Having a solid password may make all the difference in protecting your account. Still, we know how tough it is to establish and remember different passwords for each website and application you use regularly. Our password complexity standards are outlined on this page, along with some helpful hints to get you started.
The accepted knowledge on how to establish a secure password hasn’t changed much over the years: make it longer if you can. Make it harder by using a mix of letters, numbers, and symbols. Don’t include any personal information, and don’t use terms that are commonly found in dictionaries. Even though security concerns are more profound than ever, an investigation has shown that everything is safe.