How to Create A Secure Password

Users with devices and strong password and secure password concept

With data breaches on the rise, creating a strong password is becoming more important than ever. The average person has tens of different accounts with all kinds of social networks and online services. One would think that there are also tens of different passwords to be remembered.

Unfortunately, many internet users are still far from understanding the situation. Having different passwords for different accounts is crucial if you want to have even the slightest control on how your personal information hits the web.

If you’re the type of internet user who changes passwords but doesn’t bother to make them more secure… You may not be as protected as you think either. Say you haven’t thought by now on which type of password would be considered secure? Here’s some food for your thought…

The minimum password length considered acceptable in terms of security is 12 to 14 characters! And the length is only one tiny part of the equation. So, keep reading if you want to learn how to make a strong password and, ideally, one that you won’t forget as soon as you have created it.

Think your devices and accounts are secure enough?

So, you might think your device is secure enough. And there’s no chance that hackers will get to your personal data. But even when you do your best to keep your password hidden, it might still leak if the website where you’re using it gets hacked.

From this perspective, it makes sense that you create different passwords with each account. Because with data breaches, once a hacker gets his hands on a set of login credentials, he will use it for trying to break your other websites as well. If you did use that password on another account, that one too will be just as easily hacked.

Consequently, you don’t just need to create different passwords. You have to make them hard to break. Not to mention you need to keep remembering them all. That’s why people have two common problems with their passwords: they choose weak passwords that are easily hacked or they forget the strong passwords they have chosen.

That’s what password managers are for – to create strong, secure passwords, without a visible pattern, and remembering it all in your name. Problem is, you still need to create the master password, for the manager. And you really don’t want to forget that one.

Say you know you need to fight? To know how to protect yourself, you must also know what you’re fighting against. How do cybercriminals hack your passwords? What do they do to steal your data and what can you do about it?

How hackers get their hands on your passwords…

Hacker Stealing Personal Password

First of all, there is a black market where login credentials and passwords are sold for hefty prices. Your personal information may already be available on the black market, especially if you haven’t changed your passwords in years.

If you’re usually careful with your passwords, perhaps they haven’t been compromised, yet. Though cybercriminals may be trying to crack them all the time. Here’s how they try:

Brute force attack

With brute force attacks, they make symbol combinations trying to guess your password. Of course, they try to make as many combinations as possible within the quickest possible timeframe.

Aside from random combinations, they might try using filters or masks, to find your passwords even easier. But when we say many combinations, we mean hundreds of billion combinations… per second! With such a brute force attack, passwords shorter than 12 or 9 characters are quite easy to crack.

Dictionary attack

Just like the name suggests, with this method, they use a dictionary to match the most common words against your potential password. Working with this prearranged list of words will help a hacker crack your password if you use simple, common, dictionary words.

Phishing

With phishing, they don’t need to crack anything. They actually make you tell them your password, by typing it on a website that isn’t what you think it is.

You might get an email with a notification that you need to reset your password on a particular website. Should you follow the link provided in that email to get to the website and edit your credentials, you might end up on a phony website.

That website will only resemble with the original, but the differences are so small that you might easily not notice it. Enter your password on that spoofed website and they have it.

Now, whether you will want to use a dedicated, strong password generator or create a strong password yourself, you need to know more.

The Dos and Don’ts of secure passwords

A solid password USUALLY:

  • Has a minimum of 12 to 14 characters;
  • Uses a mix of different types of characters – capital and lower-case letters, numbers and symbols;
  • Alternates the different types of characters rather than using two characters alike, next to each other;
  • Is unique to a particular account – even a complex password used on different accounts can turn into a vulnerability if it leaks from any of those accounts, at some point.

A strong password must NEVER:

  • Contain words from the dictionary – neither individual words nor a combination of dictionary words
    • Eg “home”, “homenetwork”
  • Rely on obvious substitutions
    • Eg “h0me”, “passw0rd4h0me”
  • Use sequential numbers or letters
    • Eg “home123” or “abcdefg”
  • Use memorable keyboard paths
    • Eg “qwerty”

As you can imagine, following these dos and don’ts, you’ll get passwords that are a pain to remember. If you have photographic memory, it might be easier. But are you willing to take your chance on it with your passwords?

If not, the bigger problem isn’t about setting up something hard to break. It’s about remembering it…

How to make a secure password – strong password examples

Security and strong password concept

The traditional passphrase method, with a twist:

  • You can think of a simple phrase that helps you build a mental image.
    • Or even two simple sentences that are representative to your life.
  • Then, come up with a rule on how to generate a password out of that phrase.
    • You might use historical names, local business names, words in foreign languages, whatever works for you.

For instance, you could choose the phrase: Don Quijote said “Hasta la vista, windmills!“.

Then, you could use the first two letters of each word and add the punctuation marks as well. You’ll get an 18-digit password: DoQuSa”HaLaVa,Wi!”

Using just the traditional passphrase could have meant DonQuijoteHastaLaVistaWindmills. Using just a couple of letters from each word adds a twist that can make the difference between saving or breaking your password in case of a dictionary attack.

Here’s another example, of two sentences with meaning to you, like: The first city break I’ve been to was in London. I paid $520 for the package and spent 360£ on souvenirs.

With this one, you can use the first letter of each word and you’ll get an even stronger, 31-digit password: TfcbI’vbtwiL.Ip$520ftpas360£os.

The nonsense word combo:

  • You pick four words that have no connection whatsoever with each other.
  • And then, you put them together in a password.
  • You might also choose to use capitalization at the beginning of each word.
  • And if you happen to include both a noun and a verb, at least make sure you’re not using them in the grammatically correct order.

For instance, BushesCrayonMixedAcoustic is definitely better than MarryHadALittleLamb.

Now, if you don’t have inspiration for a combination like that, use an online word generator.

You can go the extra mile and choose 6 words instead of only 4. Just alternate very short with very long words. And consider including a pattern that only you know. Like removing all the vowels from the combination and capitalizing every second letter of the remaining combination.

The muscle memory method:

It works for some people, though not for many. With this strategy, it’s more about how you remember it than about how you choose it. Of course, it would have to be a memorable string of symbols. But you’ll plan on “learning” it by typing it for so many times that you’ll actually learn how to move your fingers on the keyboard to type it rather than learning the symbols you’re typing.

This one works pretty much like learning how to type with all your fingers, without looking at the keyboard. When you do that, you type automatically, processing what you type in your head, at a very fast pace. If you stop and try to think it through, anticipating the position of each key on the keyboard, you’ll stumble. It’s because your muscles have memorized the positions of the keys and you’ve now internalized this process, holding the keys that you type in your muscle memory.

How do you remember the secure passwords that you create?

We’ve said it before, finding the right password is just one part of the equation. Making sure you won’t forget it is where the real challenge begins. For this reason, it might help a lot to…

  • Come up with your own rule to create passwords;
  • Try to connect that rule to the account you’re using it on – like always including some clues about the website/service’s name or URL when composing the password (all vowels within the URL, each one doubled by capitalized consonants used in alphabetic order);
  • Find a place in open sight where you can hide an important password – like adding the letters of a password, one by one, at the beginning of the first contact entries of your phone agenda. That way, a glance at your phone app will show you the letters you need to use, in a discrete manner.
  • Use a strong password generator and a password manager – Dashlane, LastPass, KeePass are some of the most popular options currently on the market.
  • Better yet, use an antivirus that includes a password manager. Avast and Avira offer it for free. One of the best (of course, paid) antivirus software with password manager comes from Kaspersky. Whereas one of the easiest and most intuitive to use (again, paid) seems to be the one from Bitdefender.

How to make a secure password stay like that?

What you need to remember is that you’re not protecting yourself from an actual person, the hacker. You’re protecting yourself from a program that can run through mind-blowing databases with common passwords and random character combinations. And so, the rule of thumb is that the longer (and less intuitive) your password is, the smaller the odds for the program to crack it. Other than that, try to:

  • Make it very, very long.
  • Don’t write it down as it is, anywhere.
  • Don’t share it with anyone via email or another messenger channel.
  • Test your password to see how secure it is.
  • Change it frequently, even if it is secure.
  • Don’t reuse your password.
  • Don’t store your passwords in the web browser.
  • Use two-factor authentication, at least for your most important accounts.

As a final piece of advice, use fake answers for your security questions and make sure you memorize those as well! Some like to call the security questions “insecurity questions”. If you think of it, these days, hackers can easily google information about you and find the answers to questions related to your mother’s maiden name or your first pet’s name.

Now that you know how to create a secure password and you’ve seen specific examples of which type of password would be considered secure, it’s time to do some cleanup among your old passwords. Don’t forget that using the same password for a very long time is also bad practice when it comes to keeping your account secure!