As we continue to promote cybersecurity awareness, we want to highlight the best practices for creating a strong password. With 76% of users setting their own passwords at work, password creation should never be done in a rush or as an afterthought. Instead, passwords should be created with care to ensure they are secure, especially for accounts managing sensitive data.
Table of Contents
What Is a Strong Password?
Why Using a Strong Password Is Important
How To Create a Strong Password
Examples of a Strong Password
How to Check Your Password Strength
What Makes a Password Weak to a Hacker
Trouble Memorizing Long Passwords? Consider a Passphrase
Use a Password Manager To Handle Multiple Strong Passwords
Find a Strong Password Strategy That’s Comfortable for You
What Is a Strong Password?
A strong password is one that’s created so it’s hard for a person or automated program to guess. Passwords are otherwise meant to limit account access only to those who are given the login information. That means the stronger the password, the more secure the account is.
Why Using a Strong Password Is Important
Your password is the primary defense against someone trying to access your account. While other protections may be set up, such as multi-factor authentication (MFA), whatever data is on that account is a guessed password away from being stolen. That means company data, banking details, or other sensitive information may be one weak password away from becoming a data breach.
How To Create a Strong Password
Creating a strong password is easier than you may realize. Use the steps below to guide you in creating one:
1. Make sure it’s at least 16 characters long.
When it comes to password security, longer is always better.
2. Mix in uppercase and lowercase letters, numbers, and symbols.
You don’t need to memorize a fully randomized password. However, mixing in a few of these can significantly strengthen your password.
3. Avoid using common words, people, characters, products, or companies.
When attempting a brute force attack, hackers normally use common words to save time. Therefore, passwords should include uncommon words or variations with symbols.
4. Don’t reuse previous passwords.
A strong password can become a weak password if it’s exposed in a data breach. 63% of social engineering attacks involved stolen credentials like passwords.
5. Never use easy-to-find personal information in your passwords.
Information like birthdates, name of family members, pets, and other important information is more likely to be tested if you’re specifically being targeted in a cyberattack.
6. Make it easy to remember.
A strong password doesn’t have to be random or hard to recall. Here’s how to create a memorable yet secure passphrase:
- Choose 4-6 unusual words that don’t normally go together.
- Mix in uppercase and lowercase letters.
- Add numbers and symbols for extra security.
- Ensure the passphrase is at least 16 characters long.
By following these steps, you’ll have a strong and easy-to-remember password without needing to cut corners.
Examples of a Strong Password
Indigo-Spruce-Parrot-19-Backflip!
Why it’s strong: A lengthy passphrase using a mixture of words, numbers, symbols, and hyphens. The length significantly boosts its security, while still being easier to remember than most passwords.
Gr@pe$RainOnPluto72
Why it’s strong: The phrase is an unusual combination of words that don’t naturally go together, making it difficult to guess. The numbers and special characters add complexity, and the entire password is more than 16 characters long.
uAX7e1Eg&7y2pR*W
Why it’s strong: This is a fully randomized password with a combination of uppercase and lowercase letters, numbers, and symbols. While it’s not easy to remember, its randomness and lack of patterns make it highly secure.
How to Check Your Password Strength
Are you curious about how secure your password really is? Use the links below to test its strength. These tools will analyze its length, complexity, and other key factors.
- Security.org | Password Strength Tool
- Bitwarden | Password Strength Testing Tool
- NordPass | How Secure Is My Password?
What Makes a Password Weak to a Hacker
Weak passwords are easy targets for hackers because they lack complexity and are often predictable. Here are some key factors that make a password vulnerable:
- Short Length: Passwords of fewer than 12 characters can be quickly cracked by brute-force attacks, where hackers systematically try every combination.
- Common Passwords: Using simple words or common passwords makes it easier for hackers to guess passwords using automation. Variations of “123456,” “admin,” and “password” are frequently among the most common passwords and among the first that hackers check.
- No Special Characters: Passwords that only use lowercase letters or rely on simple patterns are easier to crack. Special characters, numbers, and uppercase letters add complexity that makes guessing much harder.
- Password Reuse: 85% of people still reuse passwords across multiple sites. If the same password is used for multiple accounts, a breach in one system could expose other accounts, too.
- Predictable Substitutions: Swapping letters for common symbols (like replacing “a” with “@”) can still be predictable to hackers using sophisticated tools designed to recognize these patterns.
By avoiding these common weaknesses, you can significantly reduce the chances of a hacker compromising your password.
Trouble Memorizing Long Passwords? Consider a Passphrase
People cut corners with passwords because memorization is easier said than done. Even when using different strategies that we’ve mentioned, some people may still struggle with it. That’s where passphrases come in. When written correctly, passphrases can be just as secure as a strong password.
Use a Password Manager To Handle Multiple Strong Passwords
As people increasingly rely on different types of digital accounts, from social media to banking, it can be difficult to remember multiple passwords. Considering that employees reuse passwords on average 13 times, this continues to be a major security concern. Rather than worrying about memorizing dozens of unique passwords, use a password manager to handle all of your different passwords and remember a single strong master password instead.
Find a Strong Password Strategy That’s Comfortable for You
At the end of the day, a password is only as strong as it’s written to be. Cybersecurity experts can encourage all the best practices they want, but people are more likely to ignore the rules if they feel unrealistic to follow. That leads people to continue using easy-to-guess passwords or repeating the same stronger passwords across multiple accounts, so they don’t have to memorize separate ones.
Try to find a comfortable middle ground between passwords being challenging to guess but realistic to memorize. Also, if you routinely use more than a handful of online accounts, using a password manager is always worth it. By doing so, you can set a strong unique password for every account while only needing to remember a single strong master password.
