The Best Kind of Password: Strong and Unique

What makes a password strong?

First, let’s talk about what’s not a strong password. The word “password.” Yes, people still use “password” as their password and it’s the worst possible option. Also, any words in the dictionary make weak passwords and should not be used because they’re easily decrypted and not complex.  For example, the words “football” and “baseball” are not strong passwords and neither is a number string like “1234567890.” These example passwords don’t use a combination of letters, numbers or special characters, which means they are definitely not strong. These simple passwords are the first ones hackers will try.

How to Make a Strong Password.

Password cracking software can crack simple dictionary words in minutes or even seconds. The faster computers become, the faster passwords will be cracked. When cyber threat actors can’t easily guess a password, they use brute force techniques; a technique where they try every possible password until the correct password is found. Steven Gibson and Kevin Fogarty discuss in their article titled, “How many seconds would it take to break your password?” just how easily your password can be hacked if you don’t follow strong password conventions.

In addition, don’t use common facts about yourself that could be easily discovered on social media or in public records such as your name, a family member’s name, username, phone number, address, birthdate, license plate number or your dog’s name. We share more online than we realize and all of these items can be easily found online.

So what constitutes strong? Strong is long, which means at least 10 - 12 characters, and strong is complex. Your password needs to contain letters, numbers and special characters like the @, !, or * punctuation marks. Strong passwords also use a passphrase to decide what letters and numbers to use so you can remember it! For example, the passphrase for “My first car was a 1979 camaro.” would translate to “Myf!rstc@rw@s@1979c@mar0.”  It has an upper-case letter, a lower-case letter, special characters and numbers. It’s also super long and something I can remember. You could create a somewhat shorter version by using the first letters of some of the words like this, “Mfcw@1979C@mar0.” You get the idea. It’s long, strong and something you can remember. Song lyrics also make good passphrases.

The last thing that’s really important is your password needs to be unique.  It should not be used across multiple accounts, sites or applications. Password synchronization is a really bad idea because if by chance, a threat actor learns one of your passwords, they now have all of your passwords. They’ll attempt to use that password in every place they can find, hoping it works in multiple places so don’t make it that easy for them. Use unique passwords for every account you create.

For additional tips to secure your passwords, read “Advanced password tips and tricks” from the Federal Trade Commission. And remember - be safe and create unique and strong passwords!