Online Security: Choosing a Strong Password

Passwords are probably the most common way to secure anything you do on electronics. Unfortunately, with computational speed advancing every year, passwords are becoming easier to crack. You need a strong password because weak ones can be cracked in a matter of seconds! Although most websites have features like locking your account after a certain number of incorrect guesses, some don’t, and your data is too valuable to risk using a weak password.

There is no such thing as an uncrackable password (companies are moving away from password-based logins, but for now, passwords are still the standard) , but there are ways to make a password hard enough to guess that a would-be hacker will just give up and move on.

Strong Password Tips

The key to making a strong password is to make it long and unpredictable. But out of convenience, many people choose passwords that are simple or follow certain patterns. Hackers have been at this game for years, so they know about a huge number of tricks people use. So if you think you’re being clever by typing “drowssap”, think again. Here are some guidelines for making a strong password:

Make sure the password is at least 8 characters long. The longer, the better because each additional character increases the number of possible passwords exponentially.
Use a mix of upper and lower case letters.
Use numbers and non-alphanumeric characters (these are characters like %, *, &)
The password should not be any word in any dictionary (including names). This is because attackers will often use lists of words in combination with a brute force attack to speed things up (appropriately called a dictionary attack). The words in the lists are tried first, so if your password has a common word, you can bet it’s going to be cracked within seconds.
Don’t use an existing pattern. Things like “abcdef” or typing something backward are totally obvious. Patterns like the one for your license plate number or driver’s license are also widely known.
Don’t use keyboard patterns either. Combinations like “QWERTY” and “12345” are things that hackers already know about. Typing the keys one row above or below the password’s characters is also a widely known trick.
Avoid trivial substitutions. Swapping an “S” with “$” or an “L” with “1” are also commonly known tricks.
Don’t use personal information. Things like your birthday or your address are pretty easy to find, especially if you have a social media account.
Try not to repeat any one character more than twice. It’s not a strict rule, but it’ll make your password harder to guess.

How Do I Remember My Password?

With so many rules to follow, you might end up with a password that’s difficult to remember. But avoid the temptation to write it down somewhere. If someone’s snooping around your computer and stumbles upon it, your computer or account is as good as theirs. Luckily, there are some ways to keep strong passwords safely stored. The first would be to use a password manager like LastPass. With these services, you can have the most ridiculously hard-to-guess passwords and just retrieve them whenever you need them from their secure servers.

Another way is to use clever tricks to turn something familiar to you into a password. For example, suppose you have this rack hanging in your house somewhere:

Can a secure password be hiding in this picture? Yes! You can just take the first two letters of each animal from left to right and stick them together and add some unfamiliar numbers (like the rack’s bar code if the price sticker is still on it) surrounded by non-alphanumeric characters. So the end result would be something like this: LiRhGiElHi*0129137*. It looks hard to remember but as long as you remember the rules you used to create it, your password could be hiding in plain sight. You could just as well use the first two letters of each song on your favorite album or the first three letters of each word of your personal motto. The possibilities are endless.

Other Password Tips

Here are some other tips related to password use that you should follow:

Never tell anyone your password, even if they seem legit. If someone’s asking for it, it’s most likely a phishing attack.
If you need to fill out security questions, don’t pick obvious ones. Lots of information is in public records (like where you went to school or your mom’s maiden name).
Change your password regularly. This helps ensure that your password isn’t cracked and stored in some hacker’s database.
Don’t save your passwords in your browser. If someone manages to access your computer or mobile device, your accounts are basically unlocked to them.
Avoid using the same password for multiple sites. Otherwise, if someone cracks your password, they may be able to access your other accounts.
Use multi-factor authentication whenever possible. This means having at least two different types of verification methods. An example would be a password and a fingerprint.