How To Create Strong and Secure Passwords

Introduction

In today’s digital world, it’s hard to escape the need to create passwords. Every e-commerce website, every software platform, every technological device, and every account you own, or access needs a password to get in. But not just any old passwords will do. Since they help prevent fraud and identity theft by protecting our personal information from hackers and other cybercriminals, they need to be strong and secure.

You know that scene in almost every modern movie where someone trying to access a locked computer or server room attempts to guess the password by typing in all kinds of normal words? They try the spouse’s name, kids’ names, pet’s name, items around the office, favorite drinks … and eventually (after maybe five tries), they get in.

While this clichéd scene creates suspense and reveals something about the computer owner and the amateur hacker (usually the protagonist, who usually almost gets caught) … how realistic is it? Do people ever actually use the names of loved ones or favorite snacks as their passwords — and just the letters, with no numbers or special characters? Considering today’s standard password requirements, it’s getting less likely. But it’s still way more common than you might think.

Password Security Awareness

Experts used to recommend changing all your passwords several times a year, but that practice is no longer considered the best strategy. It stemmed from the early days of the internet when people would often use one single password for all their accounts. The problem was that if someone hacked one of your accounts, they could then break into all your accounts using the same password.

If you think about this issue for a minute, it becomes clear that the better solution is to have unique passwords for each account. That means never using the same password for more than one. Not ever. It doesn’t matter how clever or memorable you think it is … you only use it for one login.

One problem with frequent password changes is that people tend to choose weaker passwords — like the cat’s name — or use predictable patterns, like adding a number at the end that increases each year. These practices, along with using birthdays, anniversaries and other guessable dates, don’t create secure passwords.

That’s not to say that you shouldn’t ever change your password. If there has been a data breach or someone hacked your account, you should absolutely change it. But there are more effective things you can do to keep your information safe on a day-to-day basis.

Strong Password Tips

If you want to create strong, secure passwords that nobody’s ever going to guess — and of course, you do — follow these tips:

Be Unique

It’s worth repeating this again right off the jump: don’t reuse passwords. Not sequentially, and not between different accounts.

Using the same password for multiple accounts is like using the same key for all your locks — if someone picks up your key, they can break into your house, your car, and everything else. Likewise, if a hacker gains access to one of your accounts and you have the same password on all of them, they can easily access your other accounts. So use different passwords for different accounts to protect your online security.

Be Creative

Never use common or easily guessable passwords unless you want a hacker to figure out your password as quickly as possible (which you don’t).

It’s a running joke — also commonly seen in movies and TV shows — that less tech-savvy people will use “password” as their password. But this is no laughing matter, because people actually do that. Other common passwords that are 100% not recommended include “123456” and “qwerty” — and choosing these is like leaving your front door unlocked.

Hackers use sophisticated software to guess passwords, and these are the first ones run through the system. Next is easily guessable information like names or dates. So instead of taking the easy route, always create a unique combination of uppercase and lowercase letters, numbers, and symbols.

Be Thorough

Creative use of both uppercase and lowercase letters, combined with numbers and special characters, is a great start. But to make this strategy even stronger and more effective, use a lengthy combination of these elements — the longer the better.

The more characters you use in your password, the harder it is to crack. Regardless of the site’s minimum requirements, aim for at least 12 characters in each password, and preferably closer to 20. And while your password should never be a name or common word on its own, you can use meaningful words with some letters replaced by numbers and symbols — like 3 instead of e, 1 instead of i, and @ instead of a. For example, your Chihuahua named Gidget could become G1dg3t*Ch1hu@hu@.

You can also use a string of unrelated words put together in a mash-up, which the FBI refers to as a passphrase — such as NovemberBerry87FunClock. No, it doesn’t have to make sense.

Be Automatic

Obviously remembering all these strong passwords is difficult, and you don’t want to be writing them on sticky notes beside your computer. The answer? Use a password manager.

Instead of getting overwhelmed by trying to keep track of multiple passwords on your own, a password manager does it all for you. This handy digital tool stores all your passwords in one secure location and fills them in for you, making it easy to manage the whole process — and it even has its own master password so nobody can just click on it and see them all. Most password managers also have a built-in feature to create unique and strong passwords if you don’t want to make your own.

Some password managers store your data locally on your device, some sync over the internet, and some do both, with each system having its pros and cons. Highly-rated password managers include KeePass, NordPass, 1Password, Keeper, Dashlane, Bitwarden, and RoboForm.

Be Cautious

Even if you’ve followed all these other tips, you can get added security by enabling two-factor authentication (2FA), also known as multifactor authentication, (MFA) — although MFA sometimes has even more than two steps.

2FA or MFA processes add extra layers of security to your accounts by requiring a second or third form of authentication at login. That could be a fingerprint scan or a special code generated through an authenticator app, text message or email.

These additional steps might seem annoying at times, but they’re very effective at protecting your online accounts by putting up more hurdles and barriers. Unless a scammer has hacked your phone or email account, like by tricking you with a phishing scheme, it’s extremely difficult to access that second level of verification.

Conclusion

Creating strong and secure passwords is essential for protecting your online identity and finances. Every account you create needs its own strong password, and while it might seem like a lot of work, it’s definitely worth the effort. Taking the easy way out can result in situations far worse than spending a few minutes to come up with a robust password.

The good news is that by following some best practices and adopting good password habits and strategies, you can reduce the risk of hackers and cybercriminals stealing your personal information and sensitive data. It’s simply a matter of being creative, going for length over brevity, and avoiding the shortcuts that are long out of date.