How to create strong passwords and remember them: The ultimate guide
The readers like you support PrivacySavvy to help keep up the good work. When you purchase using links on our website, we may earn an affiliate commission at no extra cost to you. Learn how PrivacySavvy.com makes money.
Using strong passwords is the secret to your online protection. Still, the trick is to create unique passwords that you can remember—or else you can fall into the bad habit of using the same login credentials for several accounts.
According to LogMeIn, the organization behind the infamous password manager LastPass, if you count all of your social networking, streaming, bank accounts, and applications, you might quite likely have 85 passwords for all your accounts.
Weak passwords may have severe implications, such as identity fraud, and many more. In 2019, businesses announced a record of 5,183 data breaches that uncovered sensitive data such as home addresses and login credentials that could be conveniently exploited to hack your identity or commit fraud.
And that pales next to the more than 500 million compromised passwords that have been released since 2017 by hackers on the dark web.
For most of us, the identity security of a post-password environment isn’t here. So the best we can do is to consider deploying some best practices in the meantime, which will help mitigate the risk of revealing your info.
Some people would keep searching on Google about concerns like “how to create a strong password in 2021” or “how to make a strong password for internet banking.” We discovered several password mistakes that ended up being silly considering today’s dangerous cyber world.
Read on to learn how the right passwords get developed and handled, how to be warned if they are broken. You will also discover vital tips to make your logins even more secure. Let’s get started with mistakes.
Most significant mistakes netizens make when creating passwords
We think about the rest of our profiles as dupes, first of all. That’s natural, given that there are at least 100 accounts connected to one email for most online users. And, this amount doubles every five years.
We have used a simple password for any of our profiles, more frequently than ever. It is simpler for us to recall it that way, right? This is the first mistake.
You risk your overall protection online by developing poor passwords for websites that you think you would only use occasionally.
In essence, you are “opening the door” to hackers by using a poor password and letting them in. To top it off, there is a high probability that what you think are “solid” passwords” are actually bad ones. See if you have ever used any of the following as a login:
- Your name. Like seriously?
- Your acquaintances or names of family members. Names of dogs and other pets as well. Okay, of course, we love our pets, so even without an expert, on the other hand, it might be easy to guess.
- The pioneer in most “worst passwords” lists is “123456“. This most hacked password is pursued by “qwerty” and some other similar to it.
- Your login number. If let’s note, your username is Tiziana. Your password should not be Tiziana, too.
- There are so many generic terms to mention, so let’s assume passwords such as “password” or “admin” are not the most substantial choices. Also, avoid using sports teams’ names, favorite basketball gamer, or generic names even for your login.
- The shorter your password, the less time anyone has to break it. Unfortunately, only around 30 percent of internet users use passwords of more than six symbols.
Okay, you now know what type of passwords you need to avoid, let’s move on how to discovering how hackers get your strong passwords before we move onto our password security tips.
How cybercrooks get your passwords no matter how ‘safe’ they are
There are many password-hacking techniques open to cybercriminals, but the simplest one is actually buying the passwords from the dark web.
Many people use the internet’s black market, the dark web, to purchase and sell user codes and passwords today. If you have been setting the same password for several years, odds are it’s been compromised.
Even if you were smart enough to hold the credentials off the black market aggregate lists, cybercriminals would have to hack them.
And if that’s the scenario, they’re obliged to go through one of the following processes. These attacks may threaten the existing accounts or perhaps a compromised hashed password database.
Strike with brute force
At its core, this assault aims to guess any combination before it reaches yours. In this case, the intruder automates software to have as many combinations as possible (and as quickly as possible).
In 2012, an industrious programmer revealed a 25-GPU cluster he had designed to break every 8-character Windows password including upper and lower case letters, numbers, and symbols in less than six hours. It could process 350 billion guesses per second.
Even today, there has been not much improvement in the technology as such brute force attacks keep working.
Anything under 12 characters is typically subject to get cracked. Remember, when it comes to creating strong passwords; the longer, the better.
As the name suggests, in this case, the hacker actually assaults you with a dictionary. While a brute force attack attempts a mixture of symbols, letters, and numbers, a dictionary attack attempts a prearranged set of terms such as what you might encounter in a dictionary.
You can only withstand a dictionary assault if your password is either a normal term, is wildly rare, or if you use several word phrases, such as LaundryZebraTowelBlue.
As per our research, multiple word term passwords outsmart a dictionary assault, which decreases the potential amount of improvements to the number of words we can use to the additive strength of the number of words we use.
When cybercriminals want to deceive, threaten, or pressure you by social engineering to do anything they like unintentionally, the most disgusting of strategies is phishing. A phishing email can tell you (falsely) that your credit card account has got something wrong with it.
It would guide you to click on a connection that will take you to a bogus website designed to look like your credit card business. With bated breath, the scammers waiting by, assuming that the ruse is sufficient and that the target enters his password in the end. Once someone puts their password, the phisher gets it.
Phishing schemes can even threaten to trap you by sending phone calls. Be leery about every robocall pretending to be for your credit card account. Note that the reported greeting does not indicate which credit card it calls for.
It’s a kind of evaluation to see if you hang up straight away or if they have “hooked” you. If you continue on the line, you’re going to be linked to a specific human who can try what they can to weed as much personal info, like your passwords, out of you as possible.
How to spot a weak password
Idea is to construct unforgettable but hard to guess passwords. All you require is a little creativity to build robust passwords that are unforgettable. It can actually be enjoyable to build them – and the reward in enhanced protection is massive.
To grasp the concept of a good password, it’s better to first go through common activities that place millions of users at risk. So, let’s look at a few elements contributing to weak password strength:
The use of generic words, such as “password”
The most widely used password is the term ‘password’ itself. It’s pathetically poor as like having ‘default’ and ‘blank’ are. These are elementary terms that anyone can guess quickly.
Human beings are not the primary worry here, though. A dictionary attack gets carried out on the target device by the machines utilizing huge electronic databases to quickly recognize passwords.
Simple to recognize, especially if anyone knows you well
Using a last name + year of birth combination is a typical example of a weak password. Since in such cases, a user uses at least 12 characters containing letters and numbers, even many secure sites approve their password. That’s where the problem occurs.
For example, Marshall1968 includes both a name that can be related to someone or their relatives and other bits of known details (birthday), which can enable someone else to hack their account quickly.
It is short and can be deciphered quickly
Let’s assume, you use “F1avoR” as a password, which boasts mixed up capital letters and numbers. Here are two major explanations why this example of a password is not safe:
Firstly, that’s too brief. A powerful password is a lengthy password. The harder a hacker or a software program that cracks passwords needs to work, the more appropriate your password is.
Secondly, in such a case, others can accurately estimate the number of substitutions. For example, for both humans and machines, replacing the number 1 with the letter l is simple to infer.
Anatomy of an unbreakable password
The absolute minimum that you can follow when constructing passwords that are easy to remember but hard to guess is to follow three rules:
Password lengths. Adhere to passwords that are at least 8 characters long. It is advisable to include more characters in the password since an intruder would take longer to break it. 10 or longer characters are stronger.
Combine it. Using capitalization, pronunciation, percentages, and punctuation combinations help making your passwords unbreakable.
The complexity of passwords. Your password Must contain at least one character in any of the following classes:
- Alphabets in lower Case
- Alphabets in upper case
- The figures
- Miscellaneous characters
- Follow the “8-4 Rule” (Eight Four Rule), which we explain right below
8 = Minimum length of 8 characters.
4 = 1 lower case + 1 upper case + 1 special character + 1 number.
For many people, merely obeying the “8 4 Rule” can be a significant change. It would automatically make passwords even better than before for those of you who do not follow any rules when constructing a password.
If the “8 4 Rule” is not enforced in your bank and other financially sensitive website passwords, we highly recommend updating specific passwords to obey the “8 4 Rule” immediately.
These three laws render breaking the password exponentially harder for hackers. The methods used by password crackers have progressed to an extremely efficient degree, so the passwords you build must be unique.
You can check various online password checkers out there if you are wondering if your chosen password is safe or not. Some online password checkers have certain fields that display the variety of your password in letters and its presence in dictionaries.
Few tools also show the time it will take for a brute force attack to break your password to illustrate the value of a long, unpredictable, and unique password.
How to create a strong password (and memorize it)
The guidelines above are simple enough to follow for creating strong passwords. Then why aren’t more people using them?
That’s because many websites and programs still don’t need a solid password. Yes, they display your password’s strength, but in the end, they do nothing to stop users from saving lousy passwords.
Secondly, unless you have a photographic memory, it is difficult to recall a completely random 12-character password that uses upper and lower case letters, numbers, and symbols. That’s why you start wondering how to choose a password you can remember.
That is why too many people opt for passwords that are easier to recall and simpler than they should be. Fortunately, there are a few cheats and tricks that will help you build and remember passwords that are long, unique, unpredictable, and safe.
Build your password from a phrase
People can recall sentences and song lyrics much more than they remember random letters, figures, and symbols. Taking the first letter of a term in a long and unforgettable sentence is an excellent start to create a strong password. Afterwards, place the upper and lower case letters, numbers and a few symbols to complete your unique password creation.
For example, if you are a Beatles fan, you can try the following as one of the strong password examples:
“Yesterday, all my troubles seemed so far away / Now it looks like they’re here to stay / Oh, I believe in yesterday,” which translates to “Y,amtssfa/Nillth2s/O,Ibiy” in password type. Pretty easy, right?
Using a personal comment such as “Don’t forget, your wedding anniversary is on October 3rd!” is another good example of this trick. The password is then translated into “Df,ywaioO3rd!” There are countless ways to create unique and quick to recall passwords using this trick.
We are not done yet, below you will also find other strong password generation ideas listed to help you secure your identity online.
Treat your keyboard like a constellation
Your keyboard is a blank canvas that is ready to support you in generating your strong usernames and passwords. Draw meaningful trends, including letters and numbers, around the keyboard using your imagination. (It would help if you don’t use a permanent marker.)
The patterns may be your initials, your first name, or a geometrical form like your beloved constellation to build your preferred password.
These strategies will create random and safe passwords that are quick to remember as your favorite album or constellation. Experts often advocate turning on multi-factor authentication on top of setting a solid password. A wide range of websites, including Dropbox, Gmail, and several banking websites, offer multi-factor authentication today.
While there is no fool-proof method to deter hackers from breaching your data or identification, you could still beat hackers with a strong password by taking a few quick measures that would decrease your vulnerability dramatically.
Avoid involving emotion when creating a password!
“Dating” or the name of your match may come first on your mind when searching for good password ideas since you are emotionally engaged with the happenings of the time.
Though you do not entirely know that, it is a password that someone else could guess quickly, or it could be cracked easily. When constructing a password, it should be something you must not consider.
According to computer scientists from Carnegie Mellon University, remembering passwords through mnemonics can help you remember an everlasting password. They propose utilizing the form of Person-Action-Object (PAO) to build and save your unbreakable passwords.
In Joshua Foer’s bestselling novel, Moonwalking with Einstein, PAO gained fame. The strategy goes like this:
Pick a view of an exciting location (Mount Rushmore). Then, think about a picture of a famous or notable individual (Beyonce). Finally, imagine, along with a random thing, any unexpected behavior (Beyonce driving a Jello mold at Mount Rushmore).
The PAO memorization method benefits: Our brains recall best with visual, shared messages alongside outlandish and uncommon situations. You will use the stories to produce passwords until you build and memorize many PAO stories.
For example, to build “driving,” you will take the first three letters from “Jello” and “driJel.” Do the same with three other stories, combine the made-up terms, and you will have an 18-character password that will sound incomprehensible to someone you are still friends with.
Some are fond of creating their own unique password scheme that they have used over time to build some odd, strange, unpredictable passwords. This system depends on phonetics and memory of muscles. Below is how it works:
- Visit any password generator you like online. Norton’s Password Generator is one trustworthy recommendation we can give here.
- Build 20 new keys that include capital letters, punctuation marks, and numbers that are at least 10 characters long.
- Scan the passwords; scan for phonetic structure. Strive to locate passwords in your mind that can sound out. For instance: msEncabo5Et (miss encabo 5 E.T.) or broughtUtheV8Et (brought you the V8).
- Write the phonetic passwords in your notepad (hide them, btw), take care of how easy they are to type. The passwords that are easy to type seem to get trapped easier in users’ muscle memory.
- Hold the codes phonetic and muscle-memory. Toss the remainder. Use any password keeper of your liking to print out your text file.
You should change your passwords on your most commonly-used websites once in a while. Please note you might need to type your new passwords to type a couple of times before you get to memorize them completely.
Method of Electrum
It takes a high degree of protection to secure a digital currency wallet (such as Bitcoin) and a huge dependency on safe passwords.
But fortunately, some secure Bitcoin wallets are available out there today. And, Electrum is one of the best. Electrum wallet provides a 12-word seed that helps you to securely access all your Bitcoin addresses. The seed for your Bitcoins acts as a master password.
This password type is also referred to as “pass phrase” today, and it reflects a very new way of thinking about protection. Instead of a series of characters that are hard to recall, you merely construct a long-phrase instead.
How do you build your own 12-word seed?
It is straightforward. Come up with 12 words at random. You may start with a phrase like “Quick Brown Fox Jumps Over The Lazy Dog.” Of course, that is just an example. Make sure it’s not a simplistic phrase or a phrase taken from current literature.
Ways to make your password security even better
The security of your email inbox, bank account, Netflix account depends on how well you protect your passwords.
That begs the need to keep your passwords safe after you are done with creating strong ones. Of course, you need an easy way to remember them, too. Below we cover some effective tips to help you precisely with such needs.
Use a password manager and a password generator
A password manager keeps all your passwords safe. The best thing is, you only need to memorize one password, the master password that allows you access to your password manager vault.
We advise you to first use any tip and trick mentioned above create a strong password and then save it in a password manager such as LastPass. These programs often come with password generators so you can construct super-complicated, extra-long passwords that are infinitely harder to break than any passwords that a person might come up with.
Be selective about the websites you trust
Security-conscious websites can hash the passwords of their customers such that the real passwords remain encrypted. But not all sites consider taking that approach.
Take a minute to evaluate the platform before setting up profiles, passwords, and entrusting it with confidential details.
Does the address bar have HTTPS, guaranteeing a safe connection? Are you getting the feeling that it is up to date with the newest safety requirements of today? If not, think about exchanging any of your sensitive details on it twice before moving any further.
Use multi-factor authentication
Multi-factor authentication (MFA) provides an external security framework to your account, which becomes your first layer of protection should your account details ever get leaked.
This has been the latest norm for efficient protection in the sector. It also has a subset dubbed as 2-factor authentication. In addition to a password, MFA needs the user to complete an added security check such as fingerprint (biometrics, eye scan, etc.) or provide a tangible token. That way, it’s just half of the equation, as easy or difficult as the password is.
Note: We do not advocate using SMS as the second authentication element, following the 2018 Reddit hack triggered by SMS-intercepts. That MFA method has proven to be a well-trodden road for several hackers over the last few years.
Install a mobile authenticator program
These apps create a one-time PIN that you enter during your authentication process as an additional login step. The PINs keep getting updated every 30 seconds for every site you’ve set up MFA for using them automatically.
Socrates sent out the sophisticated advice in the early days of rational thought: know yourself. We would like to update the advice and urge you to do what is utterly necessary today: protect yourself.
Additional security tips to keep your passwords safe
These are high-security tips that would also secure your login information at the very best:
- When on public Wi-Fi, use a VPN. That way, no one could intercept your username and password as you log in to your accounts.
- Never give your password to anyone else.
- Pick hard-to-guess options that only you know the answer to while choosing security questions when creating an account. Several queries have easy-to-find replies on social media with a quick scan, so take caution and pick carefully.
- Please take the chance to tell your friends and loved ones to protect their online privacy, too, when you’re finished. Breaches continue to happen, but you’ll be encouraging your inner circle to defend themselves only by sharing this blog post with friends and relatives.
- Keep all your system software especially antivirus up-to-date. If a vulnerability slips through your defenses and common sense, a good antivirus would be able to identify and neutralize it.
Creating secure passwords can seem like a tough task, particularly when the advice is to use a different one for every app or website you register on.
Everyone cannot create and memorize several passwords, that is true.
As a consequence, many end-up using a similar password even if they know it’s insecure. Or people have different passwords, but they are merely short words or have numbers that are always too quick to guess and crack.
Or okay, you probably have different and strong passwords for each account (perhaps because you were pressured to do so through your employer or a website). But then you also have a set of passwords right next to your screen even though you know others access your computer. This all undermines your security.
Being proactive is the strongest defense when it comes to password management. It’s also essential to note that no password is an “un-hackable password.” Security is a myth. You need to complete a puzzle to ensure maximum-possible security online.
What that implies is you need to be vigilant and do all you can. Alongside creating strong passwords, you should use multi-factor authentication wherever available, and never reuse passwords. Creating non-guessable (made-up) answers to the security questions and using a VPN to encrypt your internet traffic while creating accounts and logging into them would also help, too.
In the end, we hope you have successfully learned how to create a strong password. Keep these pieces of advice in mind while creating any new accounts. Also, you should consider updating your existing passwords. Take care!
About the author
Tiziana is a writer with four years of experience in news and blog writing who always has been digital privacy-conscious. That' why she has joined PrivacySavvy - to make others privacy-oriented, too. In her spare time, Tiziana enjoys testing privacy and security gadgets and tools for fun. She also likes hitting the local food spots in her hometown.