Passwords are the key to your online protection. Thus, it is imperative always to create strong passwords to secure your online integrity. According to LogMeIn, the organization behind the password manager LastPass, if you count all your social networking, streaming, bank accounts, and applications, you might at least have 85 passwords for all your accounts.
On the other hand, weak passwords may have severe implications, such as identity fraud, financial losses, and more.
Wondering how to create a strong password in 2021 to fend off cyber threats? Don’t worry. This guide will tell you how to develop the correct passwords for your accounts and be warned if they are broken. You will also discover vital tips to make your logins even more secure.
How to create a strong password- Quick Guide
- Build your password from a phrase – Make your password memorable by using the first letter of each word in an easy-to-remember sentence or phrase. And add numbers and symbols, of course. For example, ‘I am going home today’ becomes “IAght/23#@Hm.”
- Use combinations from your keyboard – Ensure that the password is a unique combination of creatively placed letters and number digits from your keyboard. You can also use initials or a favorite constellation pattern to create random, unique passwords creatively.
- Avoid using emotions in your password – Involving emotions when creating passwords can reveal patterns from personal associations. Never do any combination of adding personal names or events that a person close to you can easily guess or crack.
- Use PAO System – Use the Person-Action-Object (PAO) technique that links three favorite nouns with a memorable story. For example, ‘My first vacation in Paris’ can be transformed into the password ‘MyFiVacinPar.’
- Phonetic muscle method – Create a strong password by randomly arranging the phonetic code of words from the first letter down to all letters. For example, “mrRui12GMT” = ‘Mr Ruir 12 G.M.T’. Prepare a list of phonetic passwords, memorize them, and use them in different accounts.
- The Electrum Method – Instead of a traditional password for securely accessing your digital currency wallets like Bitcoin, use a 12-word seed phrase. Choose random words that cannot easily be guessed or from popular literature. Also, ensure it is not an obvious guess to improve security features.
What makes an unbreakable password?
The absolute minimum that you can follow when constructing passwords that are easy to remember but hard to guess is to follow three rules:
Password lengths: Adhere to passwords that are at least eight characters or 12 characters long. Having more characters in the password is advisable since it takes longer for an intruder to break it. Usually, the ones with ten or more characters are stronger.
Combinations: Using capitalization, pronunciation, percentages, and punctuation combinations makes your passwords unbreakable.
The complexity of passwords: Your password must contain at least one character in any of the following classes:
- Alphabets in lowercase
- Alphabets in upper case
- Symbols
- Miscellaneous characters
- Follow the “8-4 Rule” (Eight Four Rule), that is,
8 = Minimum length of 8 characters.
4 = 1 lower case + 1 upper case + 1 special character + 1 number.
For many, merely obeying the “8 4 Rules” can bring a worthy change. It would automatically improve your passwords even when you do not follow any rules when constructing one.
If the “8 4 Rule” is not enforced in your bank and other financially sensitive website passwords, you should immediately consider updating those passwords from your side to obey the “8 4 Rule.”
These three laws render breaking the password significantly more complex for hackers. Since the methods used by password crackers have progressed to a highly efficient degree, the passwords you build must be unique.
You can check various online password checkers if you wonder whether your chosen password is safe. Some online password checkers have specific fields that display the variety of your password in letters and its presence in dictionaries.
A few tools also show the approximate time to brute force your password, illustrating the value of a long, unpredictable, and unique password.
How to create a strong password (and memorize it)
The tips above are simple enough to follow for creating strong passwords. So then, why aren’t more people using them?
That’s because many websites and programs still don’t need a solid password. Yes, they display your password’s strength, but in the end, they do nothing to stop users from saving lousy passwords.
Secondly, it is difficult to recall a completely random 12-character password that uses upper and lower-case letters, numbers, and symbols without a photographic memory. That makes people wonder how to choose a password you can remember. Consequently, many people opt for passwords that are easier to recall but too simple to crack.
So, to save you from falling for weak passwords, the following cheats and tricks will help you build and remember long, unique, unpredictable, and safe passwords.
1. Build your password from a phrase.
People can recall sentences and song lyrics much more than remembering random letters, figures, and symbols. So, taking the first letter of a term in a long and unforgettable sentence is an excellent start to creating a strong password. Afterward, place the upper and lower case letters, numbers, and a few symbols to complete your unique password creation.
For example, if you are a Beatles fan, you can try the following as one of the strong password examples:
“Yesterday, all my troubles seemed so far away / Now it looks like they’re here to stay / Oh, I believe in yesterday,” which translates to “Y,amtssfa/Nillth2s/O,Ibiy” in password type. Pretty easy, right?
Similarly, using a personal comment like “Don’t forget, your wedding anniversary is on October 3rd!” is another excellent example of this trick. The password subsequently becomes “Df,ywaioO3rd!“.
So, using this trick, there are countless ways to create unique and quick-to-recall passwords.
2. Try various key combinations from your keyboard creatively.
Your keyboard is a blank canvas ready to support you in generating strong usernames and passwords. Draw meaningful trends, including letters and numbers, around the keyboard using your imagination.
The patterns may be your initials, first name, or a geometrical form like your beloved constellation to build your preferred password.
These strategies will create random and safe passwords that are quickly remembered as your favorite album or constellation.
3. Avoid involving emotion when creating a password.
Your partner’s name may come first on your mind when searching for good password ideas since you are emotionally engaged with the happenings of the time.
Though you do not entirely know that, it is a password that someone else could guess quickly or be cracked easily. Therefore, it should be something you must not consider when constructing a password.
4. Use PAO System.
According to computer scientists from Carnegie Mellon University, remembering passwords through mnemonics can help you remember an everlasting password. They propose utilizing the form of Person-Action-Object (PAO) to build and save your unbreakable passwords.
This tactic gained traction from Joshua Foer’s bestselling novel, “Moonwalking with Einstein.” Simply put, it’s about creating passwords using three of your favorite nouns: a person, an action (or activity), and an object.
For example, if you’re a fan of self-driving cars, you can think of “Elon Musk” as the person and “Tesla” as the object. You can create a whole situation (action) from these two nouns: Elon Musk driving his Tesla Model 3.
You can then use this situation to create a strong password, such as “EloMudrivTM3”. It isn’t easy to guess for a random person, but it will undoubtedly be easy to remember.
Do the same with three other stories, combine the made-up terms, and you will have an 18-character password that will sound incomprehensible to someone you are still friends with.
5. Phonetic muscle technique.
If you find it fun trying to read every gibberish written anywhere, be it a billboard, a pamphlet, or an ad, this trick is for you. This system depends on phonetics and the memory of muscles. Below is how it works:
- First, visit an online strong password generator.
- Then, build 20 new keys using capital letters, punctuation marks, and numbers at least 12 characters long.
- Scan the passwords; scan for phonetic structure. Strive to locate passwords in your mind that you can pronounce. For instance: msEncabo5Et (miss Encabo 5 E.T.) or BroughtUtheV8Et (Brought you the V8).
- Write the phonetic passwords in your notepad (hide them, by the way). The passwords that are easy to type are usually memorizable.
- Keep the list with you and leave the rest. You can also save these passwords to any password manager. After that, you can periodically check this personalized strong password ideas list to create even more passwords.
Ideally, you should change your passwords on your most commonly-used websites occasionally. You might need to type your new passwords a few times to memorize them thoroughly.
6. Method of Electrum.
It takes a high degree of protection to secure a digital currency wallet (such as Bitcoin) and a massive dependency on safe passwords.
Fortunately, some secure Bitcoin wallets are available out there today. And Electrum is one of the best. Electrum wallet provides a 12-word seed that helps you securely access all your Bitcoin addresses. The seed for your Bitcoins acts as a master password.
Today, this password type is called “passphrase,” reflecting a novel security perspective. Instead of a series of characters that are hard to recall, you merely construct a long phrase.
How do you build your 12-word seed?
It is straightforward. Come up with 12 words at random. You may start with phrases like “Quick Brown Fox Jumps Over The Lazy Dog.” (Of course, that is just an example.) Ensure it’s not a simplistic phrase or a phrase from current literature.
Common mistakes netizens make when creating passwords
To understand the importance of creating strong passwords, let’s look at some common password mistakes with potentially severe consequences, considering today’s dangerous cybersecurity scenario.
Excluding your bank accounts, you might consider the rest of your profiles unimportant to protect. That’s natural, given that most online users have close to 100 accounts connected to one email. And this amount doubles every five years.
Also, you might have used a simple password for any of your profiles more frequently than ever just because it was easy to remember, right?
It is the first mistake! You risk your overall protection online by developing poor passwords for websites you think you would only use occasionally. You are “opening the door” to hackers by using a poor password and letting them in.
Besides, what you consider a “strong” password may be weak.
For instance, check if you have ever used any of the following as a login.
- Your name.
- The names of your acquaintances, family members, and your pets.
- Common worst passwords like “123456” or “qwerty” and alike.
- The username of your credentials.
- Generic terms, such as “password,” “admin,” “letmein” and more.
- Sports teams’ names, favorite basketball gamers, or names of celebrities.
- Short passwords. (The shorter your password, the less time anyone has to break it.)
If any of your passwords follow one or more of these parameters, you have a weak password for your account that you should change immediately.
How cybercrooks get your passwords no matter how ‘safe’ they are
While many password-hacking techniques are open to cyber criminals, buying passwords from the dark web is the simplest.
Cybercriminals frequently use the black markets on the dark web to purchase and sell users’ login credentials, particularly passcodes and passwords. If you have been using the same password for several years, odds are it’s been compromised, given the frequent data breaches.
Even if you do your best to keep your credentials safe from hacking, cybercriminals will try everything possible to get your passwords.
Following are some strategies that cybercriminals frequently use to attack existing individual accounts or compromise hashed password databases.
1. Brute force attack
This assault aims to guess any combination of characters to find your password. Since such password-guessing takes time manually, the intruders automate the software to try as many combinations as possible in the shortest possible time.
In 2012, a programmer revealed a 25-GPU cluster he had designed to break every 8-character Windows password, including upper and lower case letters, numbers, and symbols, in less than six hours. It could process 350 billion guesses per second.
Even today, the technology has not improved, and as such, brute force attacks keep working.
Anything under 12 characters is typically subject to getting cracked. So remember, when it comes to creating strong passwords, the longer, the better.
2. Dictionary assault
As the name suggests, the hacker assaults you with a dictionary, in this case. While a brute force attack attempts a mixture of symbols, letters, and numbers, a dictionary attack attempts a prearranged set of terms you might encounter in a dictionary.
You can only withstand a dictionary assault if your password doesn’t exist, is wildly rare, or uses several-word phrases, such as LaundryZebraTowelBlue.
Usually, multiple-word passwords (or passphrases) outsmart a dictionary assault. Although they aren’t entirely immune to such attacks, they still take time to be cracked.
3. Phishing
It is the nastiest of all strategies cybercriminals apply when they want to deceive, threaten, or pressure you to fulfill their malicious purposes.
The most common way to execute phishing attacks is via emails, impersonating legit messages to deceive you.
For example, a phishing email aiming to hack your money will often impersonate your bank or other financial institution, telling you about some error with your credit card account or recent transaction. Such email addresses often carry link(s) to phishing web pages that impersonate the relevant institution (such as your bank), asking you to enter your login credentials and financial details. Once you do, the attackers waiting impatiently at the other end get all your details to exploit as they like.
But emails aren’t the only way to execute phishing. The attackers even exploit phone calls (or robocalls) for that.
For example, you may receive a call telling you about the blocking of your credit card. Here, you need to vigilantly note the context of those calls, such as whether they specify a particular credit card or not.
Ideally, try to get rid of such calls quickly. Otherwise, the longer you continue, the greater your chances of getting trapped by scammers who aim to get as much information about you as possible, the most common being your login credentials.
When in doubt, it’s better to disconnect the incoming call and call your bank (or the relevant institution) from your end to verify the matter. You can even apply this strategy before responding to any phishing emails.
How to spot a weak password
When discussing creating strong passwords, the idea is to construct unique but hard-to-guess passwords. All you require is a little creativity to build robust passwords that are easy to remember. Indeed, it can be enjoyable to make them while rewarding yourself with enhanced protection.
To grasp the concept of a good password, let’s look at a few elements contributing to weak password strength.
1. The use of generic words, such as “password.”
The most widely used password is the term ‘password’ itself. Unfortunately, it’s pathetically poor as having ‘default’ and ‘blank’ are. These are elementary terms that anyone can guess quickly and are never good words for passwords.
Human beings are not the primary worry here, though. Instead, a dictionary attack happens on the target device via machines utilizing massive electronic databases to recognize passwords quickly.
2. Simple to recognize, especially if anyone knows you well.
Using a last name + year of birth combination is a typical example of a weak password. But since these passwords often include at least 12 characters containing letters and numbers, many secure sites approve them despite the underlying weakness. That’s where the problem occurs.
For example, Marshall1968 includes a name related to someone or their relatives and other bits of known details (birthday), enabling someone else to hack their account quickly.
3. It is short and can be deciphered quickly.
Let’s assume you use “F1avoR” as a password, boasting mixed capital letters and numbers. While it appears strong, it has two significant drawbacks that make it a weak password.
Firstly, it’s too brief. A strong password is a lengthy password. The more complicated a hacker or a software program that cracks passwords needs to work, the more appropriate your password is.
Secondly, others can accurately estimate the number of substitutions in such cases. For example, replacing the number ‘1’ with the letter ‘l’ is easy to infer for both humans and machines.
Ways to make your password security even better
Your email inbox, bank account, and Netflix account security depend on how well you protect your passwords. That begs the need to keep your passwords safe after creating strong ones.
But, of course, you need an easy way to remember them, too. So, below are some practical tips to help you with such needs.
1. Use a password manager and a password generator.
A password manager keeps all your passwords safe. The best thing is that you only need to memorize one password, the master password, which allows you access to your password manager vault.
Ideally, you can first use any tip mentioned above to create a strong password and then save it in a password manager. These programs often come with password generators. So, you can construct super-complicated, extra-long passwords that are infinitely harder to break than any passwords a person might develop. These apps then store and manage all other passwords for your accounts without you having to type or remember them.
Wondering where to find such an app? We have reviewed today’s best password managers in this detailed guide. But if you need a few quick recommendations, then here they are.
- Keeper: a standalone password manager and generator tool offering numerous security services, such as dark web monitoring.
- LastPass: a user-friendly password manager offering quick setup but supports one device type only.
- NordPass: a free password manager (for any device of your choice) offering premium privacy and security options.
- Dashlane: an end-to-end encrypted password manager that also comes with a VPN.
2. Mix Characters
Use a combination of at least eight letters, numbers, and symbols. The more variety in characters and length, the harder it is to guess. For example, a password like ‘BOl&abfm?’ uses uppercase and lowercase letters, numbers, and symbols for added security.
3. Combine Unrelated Words
Create your password or passphrase by merging unrelated words. However, avoid using phrases from popular media but opt for three or four longer words. For instance, 3adsjpidErscalBetobogGaN is a strong passphrase.
4. Avoid Dictionary Words
Avoid using dictionary words. Instead, substitute letters with numbers or symbols or deliberately introduce spelling errors. For instance, consider Penzhbe#5dn instead of ‘penthouse.’
5. Do not recycle a password
Every device, application, website, and software should have a unique and robust password or PIN. If hackers guess one password, they can attempt to compromise all your accounts. Remember, never share your passwords with anyone from colleagues, IT/support personnel, or even friends. Also, stay vigilant against phishing emails, smishing texts, and vishing calls. Moreover, never respond to requests for personal information, including passwords, birthdates, addresses, or credit card details.
6. Be selective about the websites you trust.
Security-conscious websites can hash their customers’ passwords such that the actual passwords remain encrypted. But not all sites consider taking that approach.
Thus, take a minute to evaluate the platform before setting up profiles and passwords and entrusting it with confidential details.
Does the address bar have HTTPS, guaranteeing a safe connection? Do you feel that it is up to date with the newest safety requirements of today? If not, think about exchanging any of your sensitive details on it twice before moving any further.
7. Use multi-factor authentication.
Experts often advocate turning on multi-factor authentication instead of setting a solid password. Today, many websites, including Dropbox, Gmail, and several banking websites, offer multi-factor authentication (MFA).
Specifically, multi-factor authentication (MFA) provides an external security framework to your account, which becomes your first layer of protection should your account details ever get leaked. It has been the latest norm for efficient defense in the sector. MFA also has a subset dubbed two-factor authentication (2FA).
In addition to a password, MFA needs the user to complete an added security check. It may be a biometric check (fingerprint, eye scan, etc.), or you may have to provide a tangible token. That way, it’s just half of the equation, as easy or difficult as the password is.
While there is no fool-proof method to deter hackers from breaching your data or identification, you could still beat hackers with a strong password coupled with MFA, dramatically decreasing your vulnerability.
Note: We do not advocate using SMS as the second authentication element, following the 2018 Reddit hack triggered by SMS-intercepts. That MFA method has proven to be a well-trodden road for several hackers over the last few years.
8. Install a mobile authenticator program.
Using an authentication application for your mobile is the securest MFA (multi-factor authentication) form. Two such apps used widely are Google Authenticator and Authy.
These apps create a one-time PIN you enter as an additional login step during your authentication process. The PINs update every 30 seconds for every website you’ve set up MFA for using them automatically.
Additional security tips to keep your passwords safe
These are high-security tips that would also secure your login information at the very best:
- When on public Wi-Fi, use a quality VPN. That way, no one could intercept your username and password as you log in to your accounts.
- Never give your password to anyone else.
- Pick hard-to-guess options that only you know the answer to while choosing security questions when creating an account. Several queries have easy-to-find replies on social media with a quick scan, so take caution and pick carefully.
- Remember to tell your friends and loved ones to protect online privacy when finished. Of course, breaches continue to happen, but you’ll encourage your inner circle to defend themselves only by sharing this blog post with friends and relatives.
- Keep all your system software, especially antivirus, up-to-date. If a vulnerability slips through your defenses and common sense, a good antivirus can identify and neutralize it.
Conclusion
Creating secure passwords can seem challenging, mainly when using a different one for every app or website you register on.
Indeed, not everyone can create and memorize several passwords. Consequently, many use the same or similar passwords despite knowing it’s insecure. Likewise, some people may have different passwords, but they might contain short words or numbers that are easy to guess and crack.
If you don’t fall into these two categories, you probably have different and strong passwords for each account (perhaps because you were pressured to do so through your employer or a website). But then you might also have a set of passwords right next to your screen even though you know others access your computer. It all undermines your security.
Being proactive is the most robust defense when it comes to password management.
It’s also essential to note that no password is “un-hackable.” Therefore, you must complete the puzzle carefully to ensure online security.
Alongside creating strong passwords, you should use multi-factor authentication (where available) and never reuse passwords. Creating non-guessable (made-up) answers to the security questions and using a VPN to encrypt your internet traffic while creating accounts and logging into them would also help.
We hope you have successfully learned how to create a strong password through this guide. Keep these pieces of advice in mind while making any new accounts. Also, consider updating your existing passwords as a precaution. Stay safe!