Choosing a strong password is critical to securing your account. Strong and secure passwords can also be a pain, which is why many of us can fall into the bad habit of sharing a password or two across many different accounts. This practice, while helpful in remembering our passwords, makes us more susceptible to attacks on our accounts.
Strong password basics
1. Make sure the password is at least 10 characters long
The general rule of thumb use to be a minimum of 8 characters but 10 or more is safer, especially with the high availability of cheap compute power to brute force shorter passwords.
2. Don’t use common dictionary words
This can be a tough one to avoid, as the temptation is to use common dictionary words as part of our passwords. Yes, it’s true, one of the most common passwords in use is “Password.” And, no, that’s not a good practice.
3. Use a mix of letters (upper and lower case), numbers, and special characters
Make your password at least 30,000 times stronger by using a combination of mixed-case letters, numbers and special characters compared to a password consisting of only lowercase letters. One trick that is not suggested is replacing characters with common number and special character replacements in dictionary words, like this: tr1ck0rteat. Also stay away from using sequential patterns like: “123”, “abc”, or even common sequential keyboard patterns like “asdf” or “qwerty”.
4. Don’t use personally identifiable information
Those trying to break into your account may have information about you like your birthdate, address, phone number, etc. They will use that information to help them guess your password, so it’s best to leave that type of info out of your passwords.
5. Use a unique password for every account
Having the strongest password on the planet but using it across multiple accounts does you no good if one of those accounts is compromised. For example, Yahoo discovered a major breach that compromised about a billion of its users’ accounts. If your Yahoo password was strong but used across other accounts, the attackers could use your Yahoo password to log in to those other accounts. If you were to purchase dedicated servers from us we would highly recommend using a completely unique password.
Weak password examples
Below are some examples of weak passwords that may not appear weak at first look but are after a little closer examination. A brief explanation of what makes these bad choices follows each:
- 3304435789 This is someone’s phone number. It breaks two of the basic rules above by being all numbers and using personal information.
- April101988 This is someone’s birthday. While it’s over 10 characters long and contains a mix of letters and numbers, it contains personally identifiable information, lacks special characters, and starts with a common dictionary word.
- P@ssword345 This password might seem like it meets the basics for a strong password, but it fails in a subtle way. It is over 10 characters long, contains a mix of letters, numbers and special characters, and doesn’t contain personally identifiable information. However, replacing letters with common symbols (“@” for “a” in this example) is not a secure practice, as these are easily guessed replacements. It also depends on a fairly common sequential pattern in 345.
Strong password tips and examples
Fear not, creating strong and secure passwords is not impossible. Combined with the strong password basics outlined in this article, here are some tips and examples for creating passwords that will help keep your account safe:
1. Use a phrase and mix it up with acronyms, nicknames, and shortcuts
Making use of acronyms and shortcuts can provide secure yet easy to remember passwords. For example:
- humTdumt$@t0nAwa11 (Humpty Dumpty sat on a wall)
- 1tsrAIn1NGcts&DGS! (It’s raining cats and dogs!)
- p@$$GOandCLCt$200 (Pass Go and collect $200)
2. Have some fun, incorporate emoticons
Emoticons are the text format of emojis, commonly seen as various “faces” such as: 🙂 🙁 😮 Incorporating emoticons can help make passwords strong:
- @11Work:-(&NOplayMAK3$jackD11:’( (All work and no play makes Jack dull)
- L37sH@vEsumfUN!;-) (Let’s have some fun!)
- i<3w1LyW0NK@:-0 (I love Willy Wonka)
3. Use a (less common) pattern on your keyboard
Phrases can be fun and memorable, but some people prefer a more visual way to remember their password. In that case, picking a pattern on the keyboard can be useful. This is best described with examples and pictures:
4. Use a strong password and customize for the specific account
This technique is particularly useful for when you have a strong password and would like to use it across multiple accounts on any web services you use. Since we know we shouldn’t use the same password across multiple accounts (no matter how strong that password is), we can customize the password per account. For example, we have our strong password based on the phrase “Humpty Dumpty sat on a wall” and want to use it across Amazon, Google, and Netflix:
Next level security
Sometimes strong passwords you can remember are not enough. Enter two-factor authentication, which requires you to have access to your phone (or another device like an RSA token, etc.), in addition to your username and password. Many sites and services support two-factor authentication as an additional layer of security. Look for the option when setting up your account or afterwards in the account settings where the password is updated. Logging into a site using two-factor authentication requires you to enter your username and password and then a code you’ll find on your phone (either via an app or SMS message) or other device like an RSA token.
With these guidelines in place, you’re now ready to create and maintain strong passwords for all your accounts.