Key Takeaways
- Strong passwords are the first line of online defense. They protect our online existence and keep our data safe.
- Hackers are constantly trying to breach passwords and compromise your data.
- Surveys have found that over 90% of accounts use passwords that can be cracked in minutes.
- By utilizing techniques like acronyms, passphrases, and personalized encryption, you can halt any hacker’s advances.
- While a strong password does not guarantee protection, it drastically reduces the risk of being compromised.
- Spending an hour thinking up strong password ideas can keep you safe for years to come.
Passwords are the keys to the digital age. They hide behind them untold secrets and sensitive information. Strong password ideas are a requirement these days if you want to stay safe on the internet. Everything from our money to our medical records is behind password walls now. And unlike the walls to our homes, malicious actors can whittle away our online walls at their leisure.
This article will go over the basics of online password safety. We will discuss good and bad passwords and introduce some tried and tested password-creation techniques. A strong password takes effort to create, and may feel annoying to type in. But what is a slight annoyance compared to the massive headache a data breach induces?
Table of Contents
- Key Takeaways
- What Makes a Password Good?
- What is Considered a Weak Password?
- How Dictionary Attacks Compromise Passwords
- Useful Guidelines for Strong Password Ideas
- Techniques to Generate Strong Password Ideas
- How to Improve Existing Passwords
- What Not to Do When Creating a Password
- Are Password Generators Effective?
- Conclusion
- FAQs
What Makes a Password Good?
Image Credit: Freepik
A good password is difficult to describe, as everyone has a different measurement stick for this sort of thing. The best password keeps hackers out of a computer system while remaining accessible for the system owner to remember. As long as the password is sufficient to outlast brute-force and social engineering attacks, It’s a good password.
What is Considered a Weak Password?
Image Credit: Freepik
A weak password is typically any password that can easily be guessed or brute-forced. Passwords that include your name or common phrases are ripe for exploitation. Personal information like your parent’s name, pet’s name, or high school are examples of bad passwords. This data is available publicly and will take hackers no time to crack in a targeted attack.
An example of a weak password would include movie and book names, famous actors and musicians, sports teams, and brand names.
How Dictionary Attacks Compromise Passwords
Image Credit: Freepik
Before we get into generating strong password ideas, it is vital to understand how password breaches work. You can only protect yourself when you know how the enemy is attacking.
Dictionary attacks are basically hackers throwing the dictionary at the wall and hoping something sticks. Many people use common phrases and numbers in their passwords, which are easy to remember but also very easy to guess. Hackers are not sitting there manually typing in passwords; they are using programs to try out millions of common word and number combinations every minute.
In a 2013 test conducted by Ars Technica, three hackers were given 16000 hashed passwords to crack. The results were a massive shock, with 90% of passwords cracked by a single hacker in an hour. All they did was set up their computer to start processing millions of possible password combinations, and it compromised almost every password.
This test was an entire decade ago, and technology has come a long way since then. Password cracking algorithms are far superior today, while password creation practices have not progressed much. This discussion addresses this lopsided situation and raises awareness about the importance of strong passwords.
Learn more about data breaches and the methods used by cybercriminals in our recent publication: What is a Data Breach And How to Deal With it?
Useful Guidelines for Strong Password Ideas
Image Credit: Freepik
Password creation is nothing short of an art these days. Passwords must be long, random, and hard to guess while remaining easy enough for a person to remember. Striking that delicate balance is not easy, and you must put some thought and effort into producing strong password ideas.
If you can strike that balance, however, you could create a password that would theoretically take millions of years to brute-force through. While there is no one method of creating a strong password, there are a couple of generally accepted guidelines that can give you an outline to work with:
Randomness
Strong password ideas are built around the foundation of randomness. The only way to outsmart password-cracking algorithms is to introduce enough randomness that it’s impossible to crack in a feasible timespan. By randomness, we do not mean gibberish.
Imagine a password with a combination of letters, numbers, punctuation marks, and symbols. By introducing so many different variables, password algorithms will take years, if not decades, before they guess the right combination. Even just putting some symbols and numbers in your full name can drastically improve its password strength.
Password Length
Password length is a straightforward measure of password strength. The longer a password is, the more combinations an algorithm must go through before it reaches it. Algorithms do not know how long your password is and simply try every combination under the sun one by one. This means an eight-character password will be guessed much faster than a 15-character password.
Below is a table utilizing Bitwarden’s password strength tester to demonstrate how a randomly generated password’s strength increases with length and added randomness.
Techniques to Generate Strong Password Ideas
Several different techniques have popped up over the years that try to build on the foundation of randomness and lengthiness. Let’s review some notable techniques and tricks people have devised to fuel strong password ideas.
Custom Acronyms
A fun way to devise an almost impossible-to-crack password is by making your own acronym. In this technique, you convert a memorable phrase into an acronym. For example: “My Dog Ben is 12 Years Old and Has 3 Puppies” can be made into the acronym “MDBi12YOaH3P”. By converting the phrase into an acronym, we naturally integrated numbers and different case letters into the password.
The acronym method can lead to some solid password ideas that are organically difficult while remaining easy to remember. Avoiding commonly used expressions and phrases in your acronym is advised. Center the password around a phrase that means something just to you. Perhaps an inside joke with your family or friends or a cherished memory that isn’t your birthday or anniversary.
Personal information like birthdays and anniversaries are easy to guess for hackers targeting you. While these may help avoid general password breach attempts, they will be caught by targeted attackers who can access this information through your social media. So long as you avoid this pitfall, the acronym method should net you some excellent strong password ideas.
Create Your Own Code
Image Credit: Freepik
Creating your own personal encryption code is an effective way to develop strong password ideas. Put simply, you assign a different symbol or character to every letter on the keyboard. Then, you think of an easy to remember phrase and substitute the letters with your assigned characters.
In this way, you have created your very own version of encryption. You have taken an easy phrase and effectively converted it into random, long gibberish that only you can decode. Some popular coding methods take the keyboard into account.
For example, you could rule that every letter will be assigned to the keyboard key above it. So, the letter V will be assigned to the F key. A simple phrase like ILoveBasketball then ends up looking like 8O9f3Gqwi35gqoo. Gibberish, that means nothing to anyone but you.
Also Read: Types of Database Encryption: Best Practices for Securing Your Data
Word Shortening
Word shortening is a password-creation technique that involves deliberately omitting parts of a word to make it hard to guess. Practically speaking, you would want to use a phrase and shorten every word in the phrase according to a predetermined rule. The rule could be omitting the first or last three letters. It could be omitting the third through fifth letters.
The point is to chop a memorable phrase up to make it hard to crack. For example, consider the phrase PeterParkerisSpiderMan. Now, implement a shortening rule that omits the last two letters of each word. Your password will then come out as “PetParSpidm.”
This method helps you turn seemingly easy phrases into complex passwords that algorithms will have trouble with. It should be noted, however, that hackers are well aware of such methods. Newer password-breaking tools can even account for such deviations.
It’s best to use word shortening alongside other techniques to make a hybrid password that is not as easy to crack.
Strategic Phrase Usage
Standalone phrases are not a bad option for people who dislike complex passwords. A suitably long and personal phrase can be a very robust password. Using just a phrase is a slippery slope, given that brute-force attacks can easily guess commonly spoken sentences. A good passphrase is one that can avoid commonality and focus on uniqueness.
When developing a password phrase, precautions need to be taken. Do not include phrases from public events, such as your wedding vows or graduation speech. Try to devise a phrase that sticks in your mind but is relatively unimportant to everyone else. Avoid using quotes from famous people or books, and especially avoid song lyrics.
An example of a strong password phrase would be something like: “I really hate the burgers served at the work cafeteria.”
This phrase is highly personalized to preference in food and is benign enough that nobody will look twice at it. Pet peeves like this example are an excellent way to discover unique phrases for strong password ideas.
Four Word Stringing
Like phrase usage, random word stringing is a technique for creating easy to remember passwords that are also robust. In this method, you string together four unrelated words to make a password.
An example would be something like “Park Office Walk Afternoon.” This password combines seemingly unrelated words to form an unguessable sentence. This can be remembered by turning it into a coherent sentence: There is a park near my office where I walk every afternoon.
This method is not as secure as something like acronyms but still makes the list of strong password ideas.
Weaponize Spelling Mistakes
You can turn the table on hackers by adding deliberate misspellings to your password. Putting an extra letter somewhere or removing a consonant boosts randomness without raising the difficulty in memorization.
Remember to be strategic about it. Do not use common spelling errors, such as the word tomorrow being written with two m’s. The misspelling must be irregular, as hackers account for common misspellings in their algorithms. Merriam-Webster has a helpful, detailed list of common misspellings for reference.
Deliberately messing up easy words is also a technique you can combine with the others listed for an added layer of security.
Math as a Password
A creative way to throw hackers off your trail is by using math symbols to create equations for passwords. Of course, this does not mean writing down some complex calculus problem or anything. Here are some password examples using math:
- Summer+Hawaii=Vacation
- Superman+Batman+Wonderwoman=JusticeLeague
- Kids-homework=happy
Making silly, memorable equations like these can result in incredibly strong password ideas. Introducing math symbols into the mix can cause many problems for algorithms. Equations are so unorthodox and variable that there is simply too much for a processor to break through reasonably.
Leveraging the Keyboard Hardware
Another exciting technique for strong password ideas is utilizing your physical hardware. For example, you can take your keyboard and draw the letter W as a pattern with the keys. All the keys that come under that pattern are now your password. Instead of remembering the password, you remember the pattern and press the keys accordingly.
While this is a novel way of creating a password, it also does cause problems. The biggest issue is that this method only works for your regular-use keyboard. Logging in to applications on a phone can prove very difficult due to layout changes. It can mess things up if you need to access an account on someone else’s device or even change your keyboard.
Also read, 9 Strategies for Generating Strong Password Ideas.
How to Improve Existing Passwords
Image Credit: Freepik
Despite many techniques available to create strong passwords, people are averse to using them out of comfort. As many as 29.4% of surveyed users admitted to rarely changing passwords. Many of these people have been using the same password for years without issue and see no point in changing things. “Why fix what is not broken?” is the common sentiment.
Fortunately, it does not take much effort to fortify an existing password. All you need to do is integrate some variation of the techniques we listed into your current password. Whether it be as simple as throwing in a couple of misspellings or turning the password into your very own code.
For an even more straightforward upgrade, you can add punctuation marks, numbers, and letters to your existing password to make things more secure. A longer password is the primary goal, with randomness secondary. A good password uses both length and randomness to keep you safe.
With all that said, it is highly advised to try and utilize some of these techniques in future passwords. Even if your passwords in current use are off-limits, new passwords should be a good test of whether these techniques are as inconvenient as made out to be.
Must Read: Introducing Confidential Computing: The Next Milestone in Data Security
What Not to Do When Creating a Password
Image Credit: Freepik
Here are some tips on what to avoid when looking for strong password ideas:
- Creating a password shorter than 12 characters.
- Using personal data like pet or high school names as a password.
- Only using one type of character.
- Using letters and numbers in sequence rather than randomly.
- Replacing letters with symbols commonly associated with them. Examples include replacing I with 1 or A with @.
- Solely use letters, symbols, or numbers.
These are some of the most common mistakes people make when creating passwords. Avoiding these pitfalls and following the guidelines will boost your chances of successfully thwarting hackers.
Also Read: 11 Ways Your WordPress Sites are Vulnerable (And What You Can Do About It?)
Are Password Generators Effective?
Any discussion on strong password ideas is incomplete without discussing password generation and storage services. These services automatically generate robust passwords and save them for every individual website. They free users from the trouble of remembering different passwords while also providing strong passwords at a button press.
But how safe are these password managers?
In December 2022, a massive incident involving the popular password manager LastPass shook the internet. A threat actor had scraped thousands of consumers’ stored personal credentials. While the company ensured users that their technology was robust enough to defend against brute-force attacks, it came with a caveat.
The caveat was that only the accounts following password best practices were truly secure. Anyone using easy-to-guess passwords as their master password was at risk of being compromised.
The lesson learned from this incident is that there is no perfect defense. Even highly advanced security infrastructure can come crumbling down. While the best password managers seem very dependable, they are not a substitute for strong passwords.
If you use a password management tool, you must develop incredibly strong password ideas to keep that vault safe. Your password manager is the single point of failure for your online existence. If that vault gets compromised, all your accounts are as good as gone.
Conclusion
Strong password ideas are necessary to protect yourself from the threats looming online. A reliable password wards off threats and gives you peace of mind. While spending a few minutes or hours thinking up a good password may seem inconvenient, the returns are worth the effort.
Dedicated server security is an essential fold of this conversation. While protecting business computers and accounts is important, server security is paramount. A compromised server puts a business and customers at risk. Investing in robust server data security is required, starting with secure password protection and access control.
With so much on the line, the bare minimum everybody needs to do is think of and implement strong password ideas. The best question isn’t if your password will be hacked, but how to make it as secure as possible. Do not let hackers and cybercriminals have the last laugh. Pick up a pen or open Notepad on your PC and start thinking of unique password ideas today.
FAQs
Q. What makes a password strong?
A strong password is one that typically includes at least 12 characters, a mix of uppercase and lowercase letters, numbers, and special characters. It should also avoid common words or quickly guessable information.
Q. How can I create a strong and unique password that’s easy to remember?
The easiest way to create a strong, easy-to-remember password is by using a phrase that is highly personal to you. “I love the smell of the ocean” is a strong passphrase, as it contains highly subjective information only you would know.
Q. Is it safe to use a password manager?
Password managers are secure and trusted for the most part, but they are not a substitute for good password habits. If you use a password manager like LastPass, make sure you take the time to create a strong password for accessing your password vault.
Q. How often should I change my passwords?
Individuals should update their passwords around every year or so, but it is not a strict requirement. Enterprises, however, need to frequently update their passwords, even on a 3-6 month basis. This is because employees come and go and take the business’ passwords with them. This is a security risk that needs to be patched up.
Q. Are randomly generated passwords more secure?
Randomly generated passwords are more secure but demand great memory or a password manager for practical use. A better idea is to use the ideas in this article to make random passwords that are also memorable.
Q. Should I use the same password for multiple accounts?
No, using the same password across multiple accounts increases the risk if one account is compromised. You should always use a unique password for each online account.
Q. What are some techniques to create a strong password?
Making a password longer and more random is the key to a strong password. Techniques like deliberate misspellings, personalized encryption, and word shortening are some easy ways to make your password much more robust.
Q. Are password phrases better than single words?
Yes, passphrases are generally more robust because they are longer and harder to guess. For example, “BatteryHorseStaple$123” is more potent than “Password123.”
Q. How can I make my passwords less predictable?
Leave personal information out of your passwords, and ensure you meet the basic requirements of 12+ characters, upper and lower case letters, numbers, and symbols. With so many variables at play, it drastically reduces predictability.
Q. Can spaces be used in passwords?
Using spaces to create strong and unique passwords is an excellent idea. You can make a strong password by randomly introducing spaces or using a long phrase with many spaces. While it will not be an uncrackable password, it will protect against forceful password hacking.