We all know that our passwords are the key to online security.
Despite this, most of us have been guilty of ignoring strong password guidelines and best practices. You’ve likely used a weak password at some point—and maybe even one of the worst password sins of all, like “password” or “123456.”
These weak passwords can have some serious consequences. In the event that your password is stolen, whoever accesses your account could gain access to personal information like your home address or credit card information. Worse, they might find the login credentials that would help them steal your identity.
If you’re looking for a wake-up call, this is it.
It’s time to boost the strength of your online passwords—and we’re here to help. We’re taking a look at the best practices you need to incorporate into your password system, and why they’re so important. Read on to learn more.
The Power of a Strong Password
Before we go any further, let’s take a look at what a strong password isn’t. Weak passwords, like the “password sins” we mentioned earlier, are any string of characters that would be easy to guess. (Don’t forget: if it’s easy for a human to guess your password, imagine how simple it would be for a machine to guess it!)
Here are some examples of weak passwords:
- Any word in any language that can be found in a dictionary. Variants of this include words followed by a number, such as “password35”
- A series of characters or numbers, such as CCCCC or 56789
- Passwords that include personal information, such as a spouse’s birthday or the name of a pet
- Passwords that are written and posted on your desk or near your computer
Using any of these types of weak passwords? If so, it’s time to reconsider your password strategy—because whether your account is for personal or business use, security awareness is crucial.
Strong Password Guidelines
One of the best rules for secure passwords? The strongest ones will look like a string of completely random characters. This makes it difficult both for a human to crack and for a machine’s brute-force attack (i.e. a cyberattack in which a machine guesses many possible letter and number combinations through trial and error).
Below are the best practices for creating a secure password that can stand this kind of force. Whether a website prompts you to follow these strong password requirements or not, it’s a good idea to include as many of these as you can.
Here are the characteristics of a strong password:
- It’s difficult to guess, both for a human or for a machine
- It’s unique to a single website login, to minimize risk in the case of a data breach
- It includes a minimum of 8 characters—and the more, the better
- It has uppercase and lowercase letters
- It includes numbers
- It has at least one special character, e.g. @#%&
Note that not all websites will support these password criteria. For example, while the strongest passwords include a special character, you’ll likely still run into some websites that don’t allow the inclusion of these criteria. Some websites don’t recognize uppercase vs. lowercase, and others may limit the number of characters your password can have.
Once you’ve decided on a password, use this tool to check the strength of your choice. You’ll know you’ve found a secure password if it would take a computer a great deal of time to crack it.
Remembering Complex Passwords
The most secure passwords are complex. This makes them difficult to guess and difficult to even say aloud. Unfortunately, this in turn can make them difficult to remember.
However, if you find yourself leaning toward writing a password down, remember that even the strongest password is made instantly weak the moment it’s on paper.
Instead, if you want to create a memorable password, you can try finding a phrase whose letters you can substitute characters with letters or numbers. For example:
- James Bond in No Time to Die becomes JB!nN0t1m2D1, a password that would take a computer 34 thousand years to crack
- I always forget Sarah’s birthday; I’ll remember next time becomes 1Af$bd;ILRn+, a password that would take a computer a whopping 485 thousand years to crack
However, if you want to create truly random passwords that are more difficult to guess, experts recommend using a password manager. These tools help you generate strong random passwords, store your passwords in encrypted form, and give you easy access to them across multiple devices. Many password managers will even alert you if your email or password has been involved in a data breach.
What Happens if You Forget a Strong Password?
This is the most common fear when it comes to boosting password security. After all, what happens if you lose access to a vital account after forgetting the password? The answer depends.
For some sites, gaining access to your account is as easy as resetting your password. For others, you may be able to get back in by confirming your identity through a linked email address.
For others, the process is more difficult. Google account recovery, for example, has a reputation for being a particularly laborious (though not impossible!) process.
Don’t forget, though, that all of this worry goes away with a solid password management system, which stores your passwords so you don’t lose them.
Create More Effective Passwords
Following these critical password guidelines doesn’t mean your accounts will never be hacked—but they do dramatically decrease your risk.
As you incorporate these guidelines into your online security, don’t forget that passwords are just one part of a well-rounded approach to online safety. For more tips on boosting your security, check out our blog.