- Minimum of 15 characters.
- Mixed upper and lower case letters.
- Don’t include personal information.
- Include special characters and numbers.
- Use a password manager.
- Never share with anyone.
- Never save it in your browser.
How to Easily Spot a Weak Password
The secret is to make passwords memorable but hard to guess. Learning a few simple skills will make creating strong memorable passwords easy. Creating them can actually be fun – and your payoff in increased safety is huge.
To understand the definition of a strong password, it’s best to go over common practices that put millions of users at risk on a daily basis. Let’s look at a few examples of weak passwords to understand why these put you at risk:
It uses common words, like “Password”
The word “Password” is the most commonly used password. It’s also pathetically weak – as are ’default’ and ’blank’. These are simple words that can be easily guessed by a user. However, humans aren’t your only concern. Programs that use automated databases can perform a dictionary assault on your system, identifying the password easily.
It’s easy to identify, especially if someone knows you well
A common example is using a last name + year of birth combination. Marshall1968 – though this example uses 12 characters and includes letters and numbers, it includes both a name that can be associated with you or your family and other identifying pieces of information such as your birth year, which means it can be easily hacked.
It’s short and can be easily deciphered
Let’s say you use “F1avoR” as a password, mixing up capital letters and numbers. Here are two important reasons why this password example isn’t safe:
- It’s too short. A long password is a strong password. The harder a hacker or a code-breaking software application has to work, the better.
- The number of substitutions can be easily guessed. Substituting the number 1 for the letter l is easy to guess for both humans and software.
For your online accounts, passwords are the weakest point in any level in security. If someone accesses your credentials, your content and your vital information are at risk.
Although most websites today offer extra security protection, anyone who retrieves or guesses your password can easily bypass other security measures that most sites have in place.
That person can make any changes to your online accounts, make purchases, or otherwise manipulate your data.
Selecting a secure password is crucial because let’s face it, our entire life is now spent in the digital universe: social media, banking, email, shopping, and more.
Many people have a terrible habit of using the same passwords across multiple accounts. It may be easier to remember, but if there is a security vulnerability on one account, everything could be compromised.
Passwords are Your Digital Keys
Your sign-on details are the digital keys to all your personal information and the best way to keep your company information safe. You want to make sure to keep your passwords safe from third-parties so that they can stay private.
While many small-time cybercriminals attempt to hack into email accounts and social networks, they often have darker and more malicious goals. They’re usually after information from personal finances such as credit card details and bank account info, or business accounts to either directly line their pockets or attempt to extort an individual or business.
The two significant security risks are insecure password practices and shared accounts. This involves using the same password for personal and business apps, reusing passwords across multiple apps, sharing passwords with other employees, and storing passwords insecurely.
The point here is that a robust and secure password is all that could potentially stand between you and pesky cyber criminals.
How Can Your Password Compromised?
Outside of spyware and phishing attacks, there are numerous techniques that hackers use to crack your passwords.
One strategy is to gain access is by straight-up guessing your password. They could do this by looking at your security questions, your social media presence, or any other found information that could be online. That is why it is vital not to include any personal information in your passwords.
Other tactics that hackers utilize is to try a password cracker. By using brute force, a password cracker employs various combinations continuously until it breaks the password and gains access to the account. We’ve all seen this in the movies, but it’s worth noting that this is not just a Hollywood special effect.
The less complex and shorter your password is, the faster it can be for the tool to produce the correct combination of characters. The more complex and more extended your passwords are, it is less likely the hacker will use a brute force technique. That is due to the extended amount of time it would take for the software to figure it out.
Instead, they will put in place a method called a “dictionary attack.” Here is where a program will cycle through common words people use in passwords.
Strong Password Ideas and Tips with Great Examples
- Make sure you use at minimum ten characters. That is where it can get tricky. As previously noted, you should avoid using personal information or your pet’s information — those are the first choices for hackers to try and exploit. In determining your password strength, pay close attention to two significant details: the complexity and length you choose. Long-tail, complex passwords are tough to crack. To create complex but memorable passwords, use different types of characters, a mixture of lower and uppercase letters, symbols, and number
- Do not use directly identifiable information. The ones trying to hack into your accounts may already know personal details such as your phone number, birthday, address, etc. They will use that information as an aid to more easily guess your password.
- Use a unique password for each separate account. If you use the same password across multiple accounts, you could use the most reliable password possible, and if one account is compromised: all of them are. The recommended best practice is to create a strong password ideas list and use it for all your online accounts. Your unique list of passwords should be kept safe.
- Avoid common dictionary words. This mistake is the toughest one to avoid. The temptation is always there to use ordinary, everyday dictionary words. It is true that the most common password used today is, “password.” Avoid plain dictionary words as well as a combination of words. For instance, “Home” is a bad password. However, adding “Blue Home” isn’t an improvement either. A strong hacker will have a dictionary-based system that cracks this type of password. If you must use a single word, misspell it as best as you can or insert numbers for letters. Use a word or phrase and mix it with shortcuts, nicknames, and acronyms. Using shortcuts, abbreviations, upper and lower case letters provide easy to remember but secure passwords.
- “Pass Go and collect $200”– p@$$GOandCLCt$200
- “Humpty Dumpty sat on a wall” — humTdumt$@t0nAwa11
- “It is raining cats and dogs!”– 1tsrAIn1NGcts&DGS!
Incorporate emoticons, emoticons are the text format of emojis, commonly seen as various “faces.”
You may also find remembering a sentence for your password if it refers to something easy for you, but complex for others, such as; “The first house I ever lived in was 601 Lake Street. Rent was $300 per month.” You could use “TfhIeliw601lS.Rw$3pm.” You took the first letters of each word, and you created a powerful password with 21 digits.
If you want to reuse passwords across numerous accounts, this technique is particularly useful as it makes it easy to remember. Even though, as already mentioned, you really should use separate passwords, you can customize each per account. Utilizing the same phrase as above, “Humpty Dumpty sat on a wall” we created a secure and reliable password, and now you can use it on Amazon, Netflix, or Google accounts:
Here are good password examples using this technique.
Weak Passwords to Avoid
Everyone is guilty of creating easy to guess passwords at some point in their digital life. You might feel confident that when you chose “3248575” that no one would figure out is your phone number. The examples below add to what are weak passwords that at first appear strong. However, once you look a little closer, you realize what is missing.
A brief explanation of what makes these bad choices follows each:
- 5404464785: Using numbers such as these quickly reveal someone’s phone number. By using this strategy, you are breaking two basic rules, using personal information and all numbers.
- Marchl101977: The birthday password. Even though this password contains a combination of numbers with small and capital letters and is over ten characters long, it is a disaster waiting to happen. It too breaks the rules by starting with a standard dictionary word, use of personal information and it lacks special characters.
- P@ssword234: You may at first feel this password meets the basics. However, it indirectly fails our tests. While it does have over ten characters, contains special characters and numbers, a mix of the letters, and it does not include any personally identifiable information, it is still considered weak. Because of how easy they are to guess, replacing letters for symbols is not a strong recommendation. It also offers the standard “234” sequential pattern.
What is Two-Factor Authentication?
“Multi-factor authentication” in the digital world is simply an extra layer of security. As common as it may seem in the technology industry, if you ask around, you will find that not everyone knows about “Two Factor Authentication”. What’s even more interesting is that many people who don’t understand the term may very well be using it every day.
As mentioned throughout this blog, standard cybersecurity solutions and procedures only require a necessary username and password. With such simplicity, criminals score by the millions.
Two Factor Authentication, also known as 2FA, is a two-step verification process, or TFA. It requires more than just a username and password but also something that only that user has on them.
That could be a document or piece of information only they should know or immediately have on hand, like a token of some type. Using this technique makes it difficult for cybercriminals to gain access and steal the identity or personal information of that person.
Many people do not understand this type of security, and they may not recognize it though they use it on a daily basis. When you use hardware tokens, issued by your bank to put to use with your card and PIN when needing to complete internet banking transactions, you’re using 2FA.
They are merely utilizing the benefits of multi-factor authentication by using something they have or what they know. Putting this process to use can indeed help with lowering the number of cases of identity theft on the web, as well as Phishing through email. The reason is that it needs more than supplying the mere name and password details.
There are downsides, however. New hardware tokens that come from the bank in the form of card readers or key fobs that require ordering may slow business down. There can be issues for customers waiting and wanting to gain access to their private data through this authentication procedure.
The tokens get easily lost because they are small, so that too causes problems for everyone when a customer calls in requesting new ones. Tokenless Authentication is the same procedure except there no tokens involved. It is quicker, faster, and less expensive to establish and maintain across numerous networks.
Managing Passwords the Easy Way
Implementing enterprise password management helps small, and large businesses keep their information sound. No matter how many employees you have, they need help protecting the passwords that operate your business and your private life.
A password manager helps you generate strong passwords as well as remembering each one for you. However, if you do choose this route, you will need to at least create a secure password and remember it.
With the masses of websites for which you have accounts, there is no logical way to remember each one easily. Trying to remember every single password, (and where you wrote them down) and not duplicate one or resorting to using an easy-to-read pattern, is where the trouble starts.
Here is where password managers make life more comfortable – as long as you can create a strong master password that is necessary for you to remember. The good news is, that is the last one you will need to worry about no matter how many accounts you have.
The Truth about Browser-Based Managers
Web browsers – Safari, Firefox, Chrome, and others – each have integrated password managers.
No browser can compete with a dedicated solution. For one, Internet Explorer and Chrome store your passwords in an unencrypted form on your computer.
People can easily access password files and view them unless you encrypt your hard drive. Mozilla Firefox has the feature, “master password” that with one single, “master password” you can encrypt your saved passwords. It then stores them in an encrypted format on your computer.
However, the Firefox password manager is not the perfect solution, either. The interface does not help you generate random passwords, and it also lacks various features such as cross-platform syncing.
There are three standout-above-the rest dedicated platforms for password management. Each of these is a reliable option, and the one you choose will rely on what is most important to you.
The important part is remembering that you need to use genuinely random words for a secure password. A great example is “cat in the hat” would make a horrible word because it is a common phrase and makes sense. “My beautiful red car” is another type that is horrible.
However, something such as “correct kid donor housewife” or “Whitehorse staring sugar invisible” are examples of a randomized password. They make no sense together and are in no grammatically correct order, which is fantastic. Managers also allow users to store other data types in a secure form–everything from secure notes to credit card numbers.
In Closing, Stay Secure and Protected
We are experiencing times when passwords that you can remember is not enough to keep yourself and your company safe. If you do suspect criminal mischief with your account, immediately change your passwords.
Doing so only takes a minute, as restoring your personal life and your company financial records and history can often be devastating. Follow the steps listed above for selecting a strong unique password to establish and maintain safe accounts and personal information. If your password is easy to remember, it is probably not secure.