One of the most important things in IT security is strong passwords. Around 80% of all hacking-related data leaks/breaches are due to stolen passwords, and cybercriminals are getting better at obtaining passwords. That's why strong passwords are one of the best ways to protect your data.
Cyber criminals often use software with basic features that automatically test up to hundreds of thousands of words per second, of both popular and random combinations. Sometimes, once they've tried enough random combinations, they can crack your password. It is therefore very important to use strong passwords.
How to get a strong password?
A strong password is characterised by being unique, long and complex.
Unique passwords mean that you need different passwords for your different accounts. Never duplicate passwords. If you reuse the password and that password is hacked, the cybercriminals can quickly access all the accounts linked to the password.
Also, don't make a new password that is similar to your last password or any of your other passwords.
Long passwords are longer than 12 characters. The longer the password, the stronger the password. All the usual advice on passwords says 8 characters, but today that's too few. More characters than 8 makes the password harder for hackers to guess. A simple password of, say, 7 characters takes only a few seconds to hack.
It is very important that your passwords are complex. This means that they must be complicated and contain numbers and characters. They should also contain both upper and lower case letters.
Your codes should contain a random combination of numbers, characters and letters that have no relation to your private life.
The combination of letters, symbols and numbers also means that the random characters and numbers can appear at the beginning, middle and end of your password. Secure passwords also alternate between lower case and upper case letters, so there shouldn't be just one capital letter at the start of the password.
Don't use personal information
Don't use personal information to form your passwords, as this makes them easier to guess. Cyber criminals often do research online when trying to steal passwords, and if you have private information on your social media accounts, for example, they can easily find it.
Don't use the following information in your passwords:
- Your nickname or initials
- The name of your child or pet
- Important birthdays or years
- The name of your road
- Numbers from your address
Do not use common words and patterns
Cyber criminals know the most common and used passwords, so don't use obvious words, phrases and patterns that are easy to guess in your passwords. Examples include:
- Most used passwords like "password" or "close mind"
- Sequences such as "abcd" or "1234"
- Keyboard patterns such as "qwerty" or "qazwsx" (formed by simply running your fingers against the keyboard)
How to remember your password
When you need to use different passwords for all your accounts, you need to make sure you create memorable passwords so that you can remember the passwords more easily.
You can try using some of the following approaches to create strong passwords:
- A quote from a movie or a speech
- A song lyric or part of a poem
- A line from a book
- A series of words that make sense to you
- An abbreviation - then the password with the first letter of each word in a sentence
Examples of strong passwords
For example, a memorable phrase that forms a strong password could start with each letter of a common name:
- S O P H I E - CuteOddersPasserHelstNotElephants (34 characters)
The six words form a common phrase that makes your password easier to remember. It's a longer password than necessary, but you'll be sure it's a strong one.
You can also create a memorable password by taking a word you can remember and changing it to create a strong password:
- Home cooking (single password) - Hu$m@nd$k0$t! (strong password)
In this type of password, there are lower case letters, upper case letters, many characters and it includes numbers.
There are some random password generators on the web that create passwords from random words and a range of random characters, but they are usually not optimal.
Methods to protect all your passwords
Many people only have to go through one step to log in to an account, which is to type in their password. To increase the security of your passwords, turn on two-step verification where possible.
Atwo-step verification works by requiring you to enter both your secure passwords and an SMS code sent to your mobile. So even if you get a code hacked, cyber criminals can't access your account as they need the SMS code.
Keep your passwords private
Your password is as private as your social security number, so only you should have it.
If you happen to share one or more of your passwords with someone or forget to log out from their computer or other device, they can see your password. It is therefore a good idea to change your password if this happens.
Use a password manager
Although the advice on remembering strong passwords is effective, for many people it can still be a hassle to remember all their multiple passwords as it almost requires a photographic memory. Therefore, it is recommended that you use a password manager to manage your passwords.
A password manager is a digital service that automatically generates strong passwords for you, while storing all your codes so you don't have to remember them. A password manager remembers and stores all your passwords, and the only password you need to remember is your master password for the password manager itself.
How password managers work
The way password managers work is that a randomised password generated by the password manager is assigned to an account. When you need to log in to that account, you access the website or app where the account is. Then your password manager will automatically fill in the login details for that account for you.
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.