The average internet user is far more tech savvy than they used to be. But as users are getting more sophisticated, hackers are too. It’s increasingly difficult to stay one step ahead of the hackers and keep your online accounts secure. Working from home has made this more apparent. For this reason it’s vital to learn how to create passwords that are strong enough to resist hacking attacks.
How do Passwords Become Compromised?
Passwords are generally exposed in one of three different ways:
- Specific targeting: Generally this happens when a victim is targeted by someone they know. The password thief knows enough about their victim to guess at their email password. They can then use password recovery to access other sensitive accounts and information.
- A brute force attack: This is a popular strategy for hackers looking to steal passwords. These attacks can target one person or a group of accounts. They work by systematically checking combinations of characters until the right combination is found.
- A data breach: A hacking attempt that results in account information being compromised either within a company, or the company’s customer base.
Tips for Creating Effective Passwords
You may not be able to prevent hackers from making attempts to steal data, but you can make sure your account passwords are strong enough to withstand both specific and brute force attacks.
In both cases, following some simple rules makes it easy to create strong passwords that are impossible to guess, and extremely difficult to expose via brute force attacks.
To create a strong password:
- Use at least 12 to 16 characters.
- Use a combination of letters, numbers, and symbols, including both uppercase and lowercase letters.
- Don’t repeat any characters.
- Avoid using dictionary words, names, and pronouns, in any language.
- Avoid usernames, IDs, and any words or number strings that might be used to identify you. For instance, a birthdate or other date that’s special to you.
- Don’t use any predefined letter or number strings, such as parts of the alphabet, acronyms, the Pi sequence, or the Fibonacci sequence.
- Don’t use any password more than once.
Keeping Track of Passwords
It’s not enough to create one strong password and use it for all your online accounts. No matter how strong your password is, it’s an extremely bad idea to use it for every account—because as soon as one of your accounts is compromised, they all are. If a hacker is able to expose a person’s password on one website, their next step is typically to use that password to try and hack their email account. From there, they can use password recovery to hack any account that uses that email address.
On the other hand, if all your passwords are unique, your other accounts are still safe, even if one account is compromised. Most importantly, one compromised account won’t necessarily lead to your email account being exposed.
The best way to proceed is to use a unique password for every online account you have. The problem then becomes how to keep track of your various passwords. You have a number of options for this, including:
Writing them down: Don’t do it! It may be the simplest option, but it’s also the riskiest one. As soon as you write a password down on paper, or in a computer file, that account is at risk. Writing down passwords isn’t the riskiest thing you can do, but it should still be avoided.
Remembering passwords: If you’re capable of remembering multiple long strings of numbers, letters, and symbols, then memorising passwords is the preferred option. Storing passwords in your own brain is by far the best way to keep them safe.
If you want to use this method, it can be helpful to develop a system of creating passwords that are easy for you to remember. One way to do this is to make up some mnemonic phrases to help you remember each sequence of characters. Of course, the problem then becomes one of remembering the phrases, rather than the passwords, so it does still require that you have a good memory.
A password manager: Few people can memorise more than one or two strong passwords. A password manager is a good compromise, as with this option you only need to remember one password to unlock all the others you’ve stored.
A password manager is a service that creates and stores unique passwords for every account you log into online. All of your passwords are stored within the manager, and can be accessed using one master password. When you login to a website, the password manager logs you in automatically, filling in your ID and password for you. The database of passwords and IDs is stored on your computer, but since it’s encrypted, it’s safe from all but the most advanced hacking attempts.
It’s important to note that password managers are not immune to security breaches. For instance, one of the biggest password manager providers—LastPass—was breached in 2011. However, only account holders with weak master passwords were vulnerable in that case. As long as you’re careful to create a strong master password, your account, and your other passwords, are safe.