Passwords are like a Key on a door to your personal world. So, how to create a strong password?
With increasing news of data breaches and hacks on apps and websites, it is essential to revamp your password game and make them stronger.
Strong Passwords can help prevent someone from getting in to your account. You don’t want other people to have access to your emails, files, and other content.
With the many rules around creating a password such as use a mix of lower and upper cases, Symbols, Numbers, yadda yadda yadda.
It can sometimes be difficult to remember them when it looks like this P@6ac#rd1o98
Seriously, who can remember that? To add more, if you have to create different password for multiple accounts from banking to social media, streaming, etc.
Related read: 8 Ways on How to Browse the Web Anonymously
Before you get frenzy resetting your old password, let’s see if your current passwords are that bad?
Do I Need to Reset My Passwords?
Unsurprisingly most people Passwords aren’t that hard to crack for hackers. They use their Name, Street address, Date of birth, Pet’s name, etc.
Even for instance if your password is indeed solid, that particular password becomes less secure as time goes on.
So, it is recommended and even the Better Business Bureau (BBB) states to change your password every 30, 60, to 90 days.
How Does a Hacker gets your Password?
Hacker’s can get your login credentials through a cyber attack, dictionary attack, Phishing, etc
Well, these are a few of the common methods used to crack a user login credentials:
- Most Used and Common Passwords Combination: They will try to get into your account using some of the most common and used Password combinations like — Qwerty, welcome, or even the word password itself.
- Phishing: An attacker dupes a victim as an entity into opening an email or text message which links to an external page asking to enter their login credentials and steal the user data.
- Brute force attacks: It basically means an attacker will submit and systematically check many passwords or passphrases as possible until the correct one is found.
- Credential recycling: Re-using your username and password combinations gathered in previous brute-force attacks on all your other accounts.
What Makes a Password Strong?
There isn’t any fixed rule to creating a strong indestructible password. But there are a few methods to create a password that isn’t the easiest to guess or crack.
- Truly random from your everyday life (use a series of random characters)
- The longer the Better (Around 8 characters or more)
- Combine a mixture of Numbers, Upper case letters, lower case letters, and special characters (@#$%^&*)
- Chang every 60-90 days
Avoid using,
- Look-alike characters for letters and numbers (eg. H@ll@nd)
- Word that are tied to your personal information such as your Name, Birthday, etc.
- No dictionary words.
- Reusing your old login credentials.
Also, make sure to stay away from the obvious. Hiding in plain sight can work in some situation. Do you really wanna risk your account with that?
So, avoid using words like password, 123456, abc123, 123123, birthday, welcome21, etc.
Best Password Methods
Below are the methods to create a truly indestructible password for your account.
PassPhrase Method
Personally I use it and recommend creating your password with this method.
Passphrase in simple words means a sequence of words more like an encryption key that you memorize to login to a computer system or an account service.
They are more easier to remember and harder for others to guess too. Also, the aim of the Passphrase is not to sound like a sentence.
Here is how it works:
- Grab a copy of the Diceware word list, which contains 7,776 English words, and next to each word is a five-digit number between 1 and 6.
24456 eo 24461 ep 24462 epa 24463 epic 24464 epoch
- Grab and actual physical dice and Roll the die five times. Make sure to write down the numbers that you get.
- Now, Find the word that matches with the die number and note it.
- Roll the die a total of five times to come up with the first word for your passphrase.
So, If you roll the number two, then four, then four again, then six, then four, and then look up in the Diceware word list 24464, the word is epoch.
That is the first word in your passphrase. Repeat the process until you get around six-word passphrase or eight if you like it to be longer.
Make sure to note down your passphrase on paper or notepad until you’ve memorized it.
Your Passphrase is quite random and can look like ” ababa alga ben bop cecil envy” or “bang eden deft duct sazar salton.”
It will take a moment to sink in and memorize but once you do, it is pretty impossible to crack.
Sentence Method
Sentence method in other words is also known as “Bruce Schneier Method.”
Here is how it works, think of a random sentence and transform it into a password using the first two letter of the word.
For instance, taking the first two letters of every word in “Sally careful with Father Hunting Rifle” would give you: “SacawiFaHuRi“
To an outsider, it’s SacawiFaHuRi, which does look and sound gibberish but to you it makes perfect sense.
The sentence you choose is up to your own. However make sure it’s something that you won’t forget easily and a bit hard to guess too.
Check the Strength of your Password
If you aren’t sure whether your password is strong or not, there are multiple tools to determine it for you.
However note that they don’t guarantee that it will be unbreakable. Check if your password is strong enough to keep you safe.
You can use this website to check your password strength. They also show you how long It would take a computer to crack your password.
Find out if your passwords have been Leaked
It’s quite impossible to keep your login credentials to yourself alone especially with the apps and sites we use everyday are asking for your permission. Normally we allow them without much thinking about it.
There are many tools to check if your password has been hacked, but I would recommend Have I Been Pwned and Avast Hack Check.
- Have I Been Pwned: Enter your password to check if the password has been found and used in the past.
- Avast Hack Check: Enter your email to check if your password has been leaked. They also show your leaked date and the site that has your data.
Use two-factor authentication (2FA)
Two-factor authentication (2FA) means two-step verification or dual-factor authentication. In simple terms, it refers to verify a login attempt to protect the user’s credentials.
It is a security process to keep out attackers from gaining access to individual devices or online accounts.
In this case, knowing the password alone will not grant the hacker access to the user account because, in addition to a password, a one-time code sent to your phone, biometrics (fingerprint, eye scan), based on Gps or a physical token is needed.
Use a Password Manager to Track of your Passwords
A lot of password managers are pretty bad. However you need it if you havemultiple password for different account.
Unless it’s super sensitive, even Chrome built-in password manager along will do the job.
Here are a few of Password Manager that are worthy enough in terms of security, value, usability to add to this list.
- 1. Dashlane — Supports Two-factor authentication (2FA), Dark Web Monitoring, VPN (Virtual Private Network).
- 2. LastPass — One-to-One Sharing, Security Challenge, Digital Wallet, Multi-Factor Authentication (MFA).
- 3. RoboForm — 256-bit AES encryption, Two-factor authentication (2FA), Password generator (up to 512 characters).
- 4. RememBear — Sync passwords, credit cards, and notes across devices.
- 5. Keeper — Two-factor authentication, 10 GB of encrypted cloud storage, BreachWatch, KeeperChat.
Final Words
Almost every website insists on creating an account and think up of a password. Some folks change their passwords for every account while others use one password for everything which does have it’s own pros and cons.
However both are prone to identity theft. Even tho, there’s no such thing as Uncrackable passwords, it is in your best interest to make sure they are hard enough to crack.