How to create strong passwords and remember them: The ultimate guide
Passwords are the key to your online protection. Thus, it is imperative always to create strong passwords to secure your online integrity.
And it isn’t difficult either. A simple trick is to create unique passwords to remember and avoid the bad habit of using the same login credentials for several accounts.
But, given the plethora of apps and websites people use today, all of which requiring login credentials, how is it achievable?
According to LogMeIn, the organization behind the infamous password manager LastPass, if you count all of your social networking, streaming, bank accounts, and applications, you might quite likely have 85 passwords for all your accounts.
On the other hand, weak passwords may have severe implications, such as identity fraud, financial losses, and more. For example, in 2019, businesses announced a record of 5,183 data breaches that uncovered sensitive data such as home addresses and login credentials that an adversary could exploit to hack your identity or commit fraud.
And that pales next to the more than 500 million compromised passwords that have been released since 2017 by hackers on the dark web.
For internet users of today, the identity security of a post-password environment isn’t available. So you need to consider deploying the best cybersecurity practices to mitigate the risk of revealing your info in the first place.
Wondering how to create a strong password in 2021 to fend off cyber threats? Or, you may be confused about how to make a strong password for internet banking to keep your finances safe.
Don’t worry. This guide will tell you how to develop the right passwords for your accounts and be warned if they are broken. You will also discover vital tips to make your logins even more secure.
But before that, let’s take a look at some common password mistakes with potentially severe consequences considering today’s dangerous cybersecurity scenario.
Most significant mistakes netizens make when creating passwords
Excluding your bank accounts, you might think of the rest of your profiles as unimportant to protect. That’s natural, given that there are at least 100 accounts connected to one email for most online users. And, this amount doubles every five years.
Also, you might have used a simple password for any of your profiles more frequently than ever just because it was easy to remember, right?
This is the first mistake! You risk your overall protection online by developing poor passwords for websites you think you would only use occasionally. In essence, you are “opening the door” to hackers by using a poor password and letting them in.
Besides, there is a high probability that what you consider a “strong” password is bad.
For instance, check if you have ever used any of the following as a login.
- Your name.
- The names of your acquaintances, family members, your pets.
- Common worst passwords like “123456” or “qwerty” and alike.
- The username of your credentials.
- Generic terms, such as “password,” “admin,” “letmein” and more.
- Sports teams’ names, favorite basketball gamer, or name of celebrities.
- Short passwords. (The shorter your password, the less time anyone has to break it.)
If any of your passwords follow one or more of these parameters, you have a weak password for your account that you should change immediately.
How cybercrooks get your passwords no matter how ‘safe’ they are
While many password-hacking techniques are open to cybercriminals, the simplest one is buying the passwords from the dark web.
Cybercriminals frequently use the black markets on the dark web to purchase and sell users’ login credentials, particularly passcodes and passwords. If you have been using the same password for several years, odds are it’s been compromised given the frequent data breaches.
Even if you do your best to keep your credentials safe from hacking, cybercriminals would still try everything possible to get your passwords.
Following are some of those strategies that cybercriminals frequently use to attack existing individual accounts or compromised hashed password databases.
Brute force attack
At its core, this assault aims to guess any combination of characters to find your password. Since such password-guessing takes time when done manually, the intruders automate software to try as many combinations as possible in the shortest possible time.
In 2012, an industrious programmer revealed a 25-GPU cluster he had designed to break every 8-character Windows password, including upper and lower case letters, numbers, and symbols, in less than six hours. It could process 350 billion guesses per second.
Even today, there has not been much improvement in the technology as such brute force attacks keep working.
Anything under 12 characters is typically subject to get cracked. So remember, when it comes to creating strong passwords, the longer, the better.
As the name suggests, in this case, the hacker actually assaults you with a dictionary. While a brute force attack attempts a mixture of symbols, letters, and numbers, a dictionary attack attempts a prearranged set of terms such as what you might encounter in a dictionary.
You can only withstand a dictionary assault if your password either doesn’t exist in the dictionary, is wildly rare, or if you use several word phrases, such as LaundryZebraTowelBlue.
Usually, multiple word passwords (rather, passphrases) outsmart a dictionary assault. Although they aren’t entirely immune to such attacks, they still take time to be cracked.
It is the nastiest of all strategies that cybercriminals apply when they want to deceive, threaten, or pressure you to fulfill their malicious purposes.
The most common way to execute phishing attacks is via emails impersonating legit messages to bluff you.
For example, a phishing email aiming to hack your money will often impersonate your bank or any other financial institution, telling you about some error with your credit card account or your recent transaction. Such emails often carry link(s) to phishing web pages that impersonate the relevant institution (such as your bank), asking you to enter your login credentials and financial details. Once you do, the attackers waiting impatiently at the other end get all your details at once to exploit as they like.
But emails aren’t the only way to execute phishing. The attackers even exploit phone calls (or robocalls) for that.
For example, you may receive a call telling you about the blocking of your credit card. Here, you need to vigilantly note the context of those calls, such as whether they specify a certain credit card or not.
Ideally, try to get rid of such calls quickly. Otherwise, the longer you continue, the greater are the chances of you getting trapped by the scammers who aim to get as much information about you as possible, the most common being your login credentials.
When in doubt, it’s better to disconnect the incoming call and call your bank (or the relevant institution) from your end to verify the matter. You can even apply this strategy before responding to any phishing emails.
How to spot a weak password
When talking about creating strong passwords, the idea is to construct unforgettable but hard-to-guess passwords. All you require is a little creativity to build robust passwords that are easy to remember. It can actually be enjoyable to build them while you reward yourself with enhanced protection.
To grasp the concept of a good password, it’s better to first go through common activities that place millions of users at risk. So, let’s look at a few elements contributing to weak password strength:
The use of generic words, such as “password”
The most widely used password is the term ‘password’ itself. Unfortunately, it’s pathetically poor as having ‘default’ and ‘blank’ are. These are elementary terms that anyone can guess quickly, and hence, are never good words for passwords.
Human beings are not the primary worry here, though. Instead, a dictionary attack gets carried out on the target device by the machines utilizing huge electronic databases to recognize passwords quickly.
Simple to recognize, especially if anyone knows you well
Using a last name + year of birth combination is a typical example of a weak password. But since these passwords often include at least 12 characters containing letters and numbers, many secure sites approve them despite the underlying weakness. That’s where the problem occurs.
For example, Marshall1968 includes both a name related to someone or their relatives and other bits of known details (birthday), which can enable someone else to hack their account quickly.
It is short and can be deciphered quickly
Let’s assume you use “F1avoR” as a password, which boasts mixed-up capital letters and numbers. While it appears strong, it has two major drawbacks that make it a weak password.
Firstly, that’s too brief. A powerful password is a lengthy password. The harder a hacker or a software program that cracks passwords needs to work, the more appropriate your password is.
Secondly, in such a case, others can accurately estimate the number of substitutions. For example, replacing the number 1 with the letter l is simple to infer for both humans and machines.
What makes an unbreakable password?
The absolute minimum that you can follow when constructing passwords that are easy to remember but hard to guess is to follow three rules:
Password lengths: Adhere to passwords that are at least 8 characters long. It is advisable to include more characters in the password since an intruder would take longer to break it. 10 or longer characters are stronger.
Combinations: Using capitalization, pronunciation, percentages, and punctuation combinations help to make your passwords unbreakable.
The complexity of passwords: Your password must contain at least one character in any of the following classes:
- Alphabets in lower Case
- Alphabets in upper case
- Miscellaneous characters
- Follow the “8-4 Rule” (Eight Four Rule), that is,
8 = Minimum length of 8 characters.
4 = 1 lower case + 1 upper case + 1 special character + 1 number.
For many people, merely obeying the “8 4 Rule” can be a significant change. It would automatically make passwords even better than before for those of you who do not follow any rules when constructing a password.
If the “8 4 Rule” is not enforced in your bank and other financially sensitive website passwords, you should consider updating those passwords from your side to obey the “8 4 Rule” immediately.
These three laws render breaking the password significantly harder for hackers. Since the methods used by password crackers have progressed to an extremely efficient degree, the passwords you build must be unique.
You can check various online password checkers out there if you are wondering if your chosen password is safe or not. Some online password checkers have certain fields that display the variety of your password in letters and its presence in dictionaries.
Few tools also show the time it will take for a brute force attack to break your password to illustrate the value of a long, unpredictable, and unique password.
How to create a strong password (and memorize it)
The guidelines above are simple enough to follow for creating strong passwords. Then why aren’t more people using them?
That’s because many websites and programs still don’t need a solid password. Yes, they display your password’s strength, but in the end, they do nothing to stop users from saving lousy passwords.
Secondly, it is difficult to recall a completely random 12-character password that uses upper and lower-case letters, numbers, and symbols unless you have a photographic memory. That makes people wonder how to choose a password you can remember. Consequently, many people opt for passwords that are easier to recall but too simple to crack.
So, to save you from falling for weak passwords, the following cheats and tricks will help you build and remember passwords that are long, unique, unpredictable, and safe.
Build your password from a phrase
People can recall sentences and song lyrics much more than they remember random letters, figures, and symbols. So taking the first letter of a term in a long and unforgettable sentence is an excellent start to create a strong password. Afterward, place the upper and lower case letters, numbers, and a few symbols to complete your unique password creation.
For example, if you are a Beatles fan, you can try the following as one of the strong password examples:
“Yesterday, all my troubles seemed so far away / Now it looks like they’re here to stay / Oh, I believe in yesterday,” which translates to “Y,amtssfa/Nillth2s/O,Ibiy” in password type. Pretty easy, right?
Using a personal comment such as “Don’t forget, your wedding anniversary is on October 3rd!” is another good example of this trick. The password is then translated into “Df,ywaioO3rd!” There are countless ways to create unique and quick to recall passwords using this trick.
Treat your keyboard like a constellation
Your keyboard is a blank canvas ready to support you in generating strong usernames and passwords. Draw meaningful trends, including letters and numbers, around the keyboard using your imagination.
The patterns may be your initials, your first name, or a geometrical form like your beloved constellation to build your preferred password.
These strategies will create random and safe passwords that are quick to remember as your favorite album or constellation.
Besides, experts often advocate turning on multi-factor authentication on top of setting a solid password. Many websites, including Dropbox, Gmail, and several banking websites, offer multi-factor authentication (MFA) today.
While there is no fool-proof method to deter hackers from breaching your data or identification, you could still beat hackers with a strong password coupled with MFA that would decrease your vulnerability dramatically.
Avoid involving emotion when creating a password!
Your partner’s name may come first on your mind when searching for good password ideas since you are emotionally engaged with the happenings of the time.
Though you do not entirely know that, it is a password that someone else could guess quickly, or it could be cracked easily. Therefore, when constructing a password, it should be something you must not consider.
According to computer scientists from Carnegie Mellon University, remembering passwords through mnemonics can help you remember an everlasting password. They propose utilizing the form of Person-Action-Object (PAO) to build and save your unbreakable passwords.
This tactic gained traction from Joshua Foer’s bestselling novel, “Moonwalking with Einstein.” In simple words, it’s about creating passwords using three of your favorite nouns, a person, an action (or activity), and an object.
For example, if you’re a fan of self-driving cars, you can think of “Elon Musk” as the person, “Tesla” as the object. You can then create a whole situation (action) from these two nouns: Elon Musk driving his Tesla Model 3.
You can then use this situation to create a strong password, such as “EloMudrivTM3”. This isn’t easy to guess for a random person but will certainly be fairly easy to remember for you.
Do the same with three other stories, combine the made-up terms, and you will have an 18-character password that will sound incomprehensible to someone you are still friends with.
If you find it fun trying to read every gibberish written anywhere, be it a billboard, a pamphlet, or an ad, then this trick is for you. This system depends on phonetics and the memory of muscles. Below is how it works:
- Visit an online strong password generator.
- Build 20 new keys that include capital letters, punctuation marks, and numbers that are at least 12 characters long.
- Scan the passwords; scan for phonetic structure. Strive to locate passwords in your mind that can pronounce. For instance: msEncabo5Et (miss encabo 5 E.T.) or BroughtUtheV8Et (Brought you the V8).
- Write the phonetic passwords in your notepad (hide them, btw). The passwords that are easy to type are usually memorizable.
- Keep the list with you and leave the rest. You can also save these passwords to any password manager. After that, you can periodically check this personalized strong password ideas list to come up with even more passwords.
Ideally, you should change your passwords on your most commonly-used websites once in a while. Note that you might need to type your new passwords a few times to memorize them completely.
Method of Electrum
It takes a high degree of protection to secure a digital currency wallet (such as Bitcoin) and a huge dependency on safe passwords.
But fortunately, some secure Bitcoin wallets are available out there today. And, Electrum is one of the best. Electrum wallet provides a 12-word seed that helps you to access all your Bitcoin addresses securely. The seed for your Bitcoins acts as a master password.
This password type is also referred to as “passphrase” today, reflecting a novel security perspective. Instead of a series of characters that are hard to recall, you merely construct a long phrase.
How do you build your own 12-word seed?
It is straightforward. Come up with 12 words at random. You may start with a phrase like “Quick Brown Fox Jumps Over The Lazy Dog.” (Of course, that is just an example.) Make sure it’s not a simplistic phrase or a phrase taken from current literature.
Ways to make your password security even better
The security of your email inbox, bank account, Netflix account depends on how well you protect your passwords.
That begs the need to keep your passwords safe after you are done with creating strong ones.
But, of course, you need an easy way to remember them, too. So, below are some effective tips to help you precisely with such needs.
Use a password manager and a password generator
A password manager keeps all your passwords safe. The best thing is, you only need to memorize one password, the master password, which allows you access to your password manager vault.
Ideally, you can first use any tip mentioned above to create a strong password and then save it in a password manager such as LastPass. These programs often come with password generators so you can construct super-complicated, extra-long passwords that are infinitely harder to break than any passwords that a person might come up with.
Be selective about the websites you trust
Security-conscious websites can hash the passwords of their customers such that the real passwords remain encrypted. But not all sites consider taking that approach.
Thus, take a minute to evaluate the platform before setting up profiles, passwords and entrusting it with confidential details.
Does the address bar have HTTPS, guaranteeing a safe connection? Are you getting the feeling that it is up to date with the newest safety requirements of today? If not, think about exchanging any of your sensitive details on it twice before moving any further.
Use multi-factor authentication
Multi-factor authentication (MFA) provides an external security framework to your account, which becomes your first layer of protection should your account details ever get leaked.
This has been the latest norm for efficient protection in the sector. It also has a subset dubbed as 2-factor authentication. In addition to a password, MFA needs the user to complete an added security check. This may be a biometric check (fingerprint, eye scan, etc.), or you may have to provide a tangible token. That way, it’s just half of the equation, as easy or difficult as the password is.
Note: We do not advocate using SMS as the second authentication element, following the 2018 Reddit hack triggered by SMS-intercepts. That MFA method has proven to be a well-trodden road for several hackers over the last few years.
Install a mobile authenticator program
These apps create a one-time PIN that you enter during your authentication process as an additional login step. The PINs keep getting updated every 30 seconds for every site you’ve set up MFA for using them automatically.
Additional security tips to keep your passwords safe
These are high-security tips that would also secure your login information at the very best:
- When on public Wi-Fi, use a VPN. That way, no one could intercept your username and password as you log in to your accounts.
- Never give your password to anyone else.
- Pick hard-to-guess options that only you know the answer to while choosing security questions when creating an account. Several queries have easy-to-find replies on social media with a quick scan, so take caution and pick carefully.
- Remember to tell your friends and loved ones to protect their online privacy, too, when you’re finished. Breaches continue to happen, but you’ll be encouraging your inner circle to defend themselves only by sharing this blog post with friends and relatives.
- Keep all your system software especially antivirus up-to-date. If a vulnerability slips through your defenses and common sense, a good antivirus would be able to identify and neutralize it.
Creating secure passwords can seem like a tough task, particularly when using a different one for every app or website you register on.
Certainly, not everyone can create and memorize several passwords. Consequently, many end up using the same or similar passwords despite knowing that it’s insecure. Some other people may have different passwords, but they might contain short words or numbers easy to guess and crack.
If you don’t fall in these two categories, you probably have different and strong passwords for each account (perhaps because you were pressured to do so through your employer or a website). But then you might also have a set of passwords right next to your screen even though you know others access your computer. This all undermines your security.
Being proactive is the strongest defense when it comes to password management.
It’s also essential to note that no password is an “un-hackable password.” Therefore, you need to complete the puzzle carefully to ensure the maximum possible security online.
Alongside creating strong passwords, you should use multi-factor authentication wherever available and never reuse passwords. Creating non-guessable (made-up) answers to the security questions and using a VPN to encrypt your internet traffic while creating accounts and logging into them would also help, too.
We hope you have successfully learned how to create a strong password through this guide. Keep these pieces of advice in mind while creating any new accounts. Also, consider updating your existing passwords as a precaution. Stay safe!
About the author
Tiziana is a writer with four years of experience in news and blog writing who always has been digital privacy-conscious. That' why she has joined PrivacySavvy - to make others privacy-oriented, too. In her spare time, Tiziana enjoys testing privacy and security gadgets and tools for fun. She also likes hitting the local food spots in her hometown.