content/en-za/images/repository/isc/2020/9910/tips-for-generating-strong-and-unique-passwords-1.jpg

Tips for generating strong and unique passwords

Why Having a Strong Password is Important

A strong password is the main barrier keeping most of your online accounts from being hacked. Without up to date practices, you might be using passwords that cyber-frauds can easily guess within hours. Exposing yourself to identity theft and extortion is a risk you should never take. You’ll need to create passwords that can fight modern password theft methods.

Weaknesses in your account credentials can be a cybercriminal’s dream. But their success is your nightmare, so you’ll need to take steps to avoid being a victim of password hacking.

Password Security Threats

Compromised passwords give cybercriminals an open door into your most personal accounts. So of course, you’ll want to build a password that hackers are unlikely to discover.

The average user will create passwords to fool human hackers. This used to be a smart way to fight a data theft. A criminal would use any information they could find about you and use common patterns in passwords to guess yours. You used to be able to just switch up the characters in your passwords and “Tr1Ck” your way into security. But hackers took notice.

Cybercriminals use sophisticated technology to get your passwords nowadays. This is important since many people try to make passwords hard for people to guess, but don’t consider efficient algorithms. Software is designed to account for crafty user behavior as it guesses your passwords.

Here are some methods hackers use to get into your accounts:

Dictionary-based hacks use an automated program to combine dictionary words in common ways. Users make passwords easy to remember, so these hacks try to mimic obvious patterns.

Social media and publicly shared personal info is used to personally target you. Users commonly include names, birthdays, and even favorite sports team names in their passwords. Much of this info can be revealed just by spending a bit of time browsing your social media.

Brute force attacks use an automated program to recreate every possible combination of characters until it finds your password. Unlike dictionary hacks, brute force doesn’t handle long passwords well. However, short passwords can easily be discovered within hours in some cases.

Phishing involves a scammer pressuring you to give the hacker your money or valuable info. They pretend to be credible, usually as a trusted organization or someone you may know. Phishing scammers may call, text, email, or message you on social media. But they can also use fraudulent apps, websites, and social media profiles. If you believe you need protection against phishing attacks we recommend using Kaspersky Internet Security.

Existing data breaches have exposed many passwords and other sensitive data already. Companies have been getting hacked more frequently, and hackers take all the data to expose it online for profit. This can be especially threatening if you’ve reused old passwords, since outdated accounts are very likely to have been compromised.

why you need a strong password for your internet devices

How to Create a Strong Password

To protect yourself against the newest hacking methods, you’ll need powerful passwords. So, if you’re wondering. “how strong is my password?” here are some tips to help you create a strong password:

  1. Is it long? Try for over 10-12 characters minimum but aim to make it longer if possible.
  2. Is it hard to guess? You should avoid sequences (“12345” “qwerty”) because these can be brute force hacked in seconds. Also avoid common words (“password1”) for the same reason.
  3. Does it use varied character types? Lowercase, uppercase, symbols, and numbers can all have a home in your password. Variety can increase how unpredictable your password is.
  4. Does it avoid obvious character substitutes? For example, you might use the number zero “0” in place of the letter “O.” Hackers code these into their software nowadays, so avoid this.
  5. Does it use any uncommon word combinations? Passphrases might be more secure when using unexpected words. Even if you are using common words, you can arrange them in an odd order and make sure they are unrelated. Both methods can throw off dictionary hacking.
  6. Will you remember it? Use something that makes sense to you but will be hard for computers to guess. Even random passwords can be remembered by muscle memory and being semi-readable. But passwords that lock you out of your own account won’t help much.
  7. Have you used it before? Reusing passwords compromises multiple accounts. Make it original every time.
  8. Does it use a rule that’s hard for computers to guess? An example might be a passphrase of three 4-letter words, where you are replacing the first two letters of each word with numbers and symbols. This might look like: “?4ee#2ge?6ng” in place of “treecagesing”

Secure Password Examples

Generally, there are two main approaches to making reliable passwords:

Passphrases are based on a combination of multiple real words. Uncommon words with character-swapping and random characters mixed in have been used in the past, like “Tr1Ck” for “trick” or “84sk37b4LL” for “basketball.” Algorithm hacks know this method now, so better passphrases are usually a mix of common unrelated words in a nonsensical order. Sometimes, there may be a sentence that has been chopped and swapped with a pattern only the user knows.

A passphrase example might be, “coW!burN#movE?pianOh” (using the words cow, burn, move, and piano.)

Passphrases work because they are:

  • Easy to remember.
  • Trick dictionary and brute force hacks.

Random character strings are purely random, using a mix of all character types. These passwords include uppercase, lowercase, symbols, and numbers in a spontaneous order. Since there is no method to how the characters are arranged, guessing is incredibly difficult. Even hacking software can take trillions of years to figure out these passwords.

A random character string example might be, “f2a_+Vm3cV*j” (which might be remembered using the mnemonic, fruit 2 apple _ + VISA music 3 coffee VISA * jack)

Random character strings work because they are:

  • Nearly impossible to guess.
  • Very difficult to hack.
  • Can be remembered by muscle memory and mnemonics.

Strong Password Examples

When creating your password, examples can help you through the process.

Here are some tips on how to create a strong password:

Example 1: IwiCcR!fOdIiNkE?

Why it is considered strong:

  • Starts with a passphrase, “I want ice cream! for dinner in Kentucky?”
  • Uses a rule to keep first 2 letters of every word and capitalize every second letter.
  • Long at 14 characters.
  • Uses special characters: “!” and “?”
  • Includes uppercase and lowercase letters.

How to make it better:

  • Add characters to make it longer.
  • Add numbers.
  • Example: IwiCcR!7fOdIiNkE?6

Example 2: !HMnrsQ4VaGnJ-kK

Why it is considered strong:

  • Randomly generated using a password generator.
  • Long at 16 characters.
  • Uses special characters: “!” and “-“
  • Uses uppercase and lowercase letters.

How to make it better:

  • Use a mnemonic to remember it.
  • Example: “! HULU MUSIC nut rope skype QUEEN 4 VISA apple GOLF nut JACK - korean KOREAN”

Example 3: rageducksimplemoon

Why it is considered strong:

  • Based on a passphrase, using multiple common, unrelated words.
  • Long at 18 characters.

How to make it better:

  • Use varied characters — uppercase, lowercase, symbols, numbers.
  • Replace some characters with other types.
  • Example: !Age#Uck?Imple3Oon (Using this rule: uppercase second letter of each word and replace every first letter with a character.)
how strong password protect your laptop from hackers

How to Use and Remember Passwords

With so many unique passwords to keep up with, you’ll need to be careful how you store them.

To stay safe, don’t do the following:

  • Write down passwords on paper.
  • Save passwords in your phone’s notes app.
  • Save in your browser’s autofill password saver.

However, you will want to use the following methods:

Activate two-factor authentication on all your most valuable accounts. This is an additional security check following a successful password entry. It uses methods only you have access to, such as: email, text, biometrics (ex: fingerprint, face ID), or a USB security key. 2FA keeps crooks and prying eyes out of your account even if your password has been stolen.

Update your most important passwords often. When you decide to update, be sure to actually change them. It is a hazardous practice to keep your password and only change a few characters. You’ll want to update your passwords in regular timeframes like every month. Even if you don’t update every password, be sure to at least change them for the following accounts:

  • Online banking
  • Bill payment
  • Password manager master password
  • Social media
  • Email
  • Phone provider

Ultimately, remember that if your password is convenient for you, it’s probably convenient for hackers too. Complex passwords are the best way for you to protect yourself.

Use a password manager like Kaspersky Password Manager. The main benefits of using a password manager include being encrypted and being accessible anywhere you have internet. Some products have a password generator and password strength checker built in.

Related articles:

Strong Passwords – How to Create & Benefits

How strong are your passwords? They may not be as strong as you think! Learn how to create a strong password and read our top security tips for securing passwords.
Kaspersky Logo