How to Create the Safest Possible Password
Last Updated on October 24, 2018 by Karen Quach
Creating a password is something we’ve all done, usually multiple times. But do you actually know what you’re doing when you set up a new password? Do you know what makes a strong or weak password?
It seems like every other week we hear about another major retailer or business failing victim to a mass data hack or security breach. And if multi-million dollar corporations aren’t safe, it’s hard to believe that any of us stand a chance.
The following is an outline of what makes a strong password, what to avoid when setting your password, and tips and tricks for keeping your online activities secure.
Tips for a Safe Password
First off, there is no such thing as a completely hack-proof password. With the advancement of super-computers and hacking techniques, no password is totally safe. But there are steps you can take to protect yourself against identity theft and security fraud by creating stronger, hard-to-crack passwords.
Characteristics of safe passwords include as many of the following as possible :
- At least 10 characters
- Upper and lower case letters
- Numbers and special characters
- Not found in a dictionary
- Not based on personal information- i.e. birth date, phone number, address, etc.
Avoid the following pitfalls when creating your password
- Passwords that are too short
- Passwords that are not complex enough
- Passwords that are too easy to guess
- Passwords that are already in use
- Passwords not protected by two-step authentication
Just a heads up
Don’t use password as your password! The following is a list of the most hacked passwords from analysis of over 450,000 hacked Yahoo! accounts, according to ESET, an IT security firm:
Don’t Make It Too Easy
The easiest passwords for hackers to crack are the ones that require little to no effort to create or type in. And while it might seem obvious which passwords you want to stay away from, some people are still using 123456, password, and abc123 as their passwords. In fact, these rudimentary, easy-to-guess passwords turned up in the Adobe security breach back in 2013.
Additionally, do not include well-known facts or information about yourself in your passwords, such as your favorite sports team, important dates, your dog’s name, or where you went to college. These trivial facts can easily be discovered with a preliminary Google search or a quick scan of social media.
Avoid One Password to Rule them All
Though it may be tempting to use one password for all your accounts, most security experts recommend using a unique password for every account. This is especially important for your most sensitive accounts like bank accounts, retirement accounts, and personal and professional email accounts. Imagine how much easier you’ve made it for a would-be hacker to access your accounts when all your account passwords are the same.
However, who among us has the time or the brain capacity to create and memorize a dozen unique, hard-to-guess passwords? That’s where password storing software comes into play. Not only can these helpful apps store all your passwords, they can also help you create stronger passwords and automatically change passwords in the event of a security breach.
Use Smart Password Storage
There are several password-assistant software programs that can store your passwords for you, like LastPass, 1Password, and KeePass. The highly-rated LastPass lets you sign up with your email address and a strong master password and then saves all your passwords in a secure vault. From the LastPass vault, you can organize the sites you frequently visit and easily sync your LastPass account with your other devices. Of course, LastPass is just one of the many available password managers. Many are free for the initial download, such as LastPass, and then require a yearly fee for upgrades or more advanced features. Do some research and read through the features to decide on a password manager that is right for you.
As an absolute last resort, type out all your passwords in Word doc—don’t save it but print it out and put in a safe place, like a locked file cabinet or a safe. This is a worst-case scenario and should not be relied upon as a secure method of password storage.
Beef it Up
As we know, longer passwords are harder to crack. And since you should always avoid including obvious or well-known names, dates, and facts about your personal life or family in your password, you need to get creative.
One way to do that is through unique phrase creation. For example, if you and your wife recently took a trip to Spain, you could structure your password around the phrase:
Our trip to Spain was one for the books and we can’t wait to go back!
Now shorten this phrase into a string of letters and symbols, and substitute numbers where applicable. So the password becomes:
The first word in the password phrase is our, which can be represented with a 0, or spelled-out, zero. The second word is trip and we can be represented with an upper or lowercase T/t. Continue to assign a number, letter, symbol, or unique spelling for the remaining words in the phrase—& for and, and 2 for to, 4 for for, etc.
Another method is to pick a sentence or phrase that is easy enough for you to remember, and use it as your password. Make sure the phrase is long enough and unique enough to be secure.
My dog goes 2 the park and chases ducks
This phrase can be used as a password and should be “beefed up” with spaces, numbers, upper and lower case letters, and punctuation.
My.dog g0es 2_the paRk @nd chases Duck_s
Check Your Work
Once you’ve crafted a few password options, try testing them with an online password checker like The Password Meter. The Password Meter shows you the overall strength of your passwords, breaks down the strengths and properties of your password, and also estimates the time it would take for different machines to crack your password in a brute force attack.
Memorization of your new password will take some time. Repetition and a few days of practice will help your fingers and brain get used to the new combination. However, an easier and safer way to remember your new passwords is to use a password manager to store all of your account passwords in one, safe location. If you go this route, you only have to remember the password for the management app.
Add Another Layer
When possible, use two-step authentication processes. This adds an additional layer of security and requires you to enter a second password that is sent to your cell phone. In the event that a hacker does gain access to your primary password, their efforts will be thwarted because the second password keeps your account safe. The only draw-back to this approach is the extra time it takes to log into your account. Though when your online identity and security are at stake, a few extra seconds doesn’t seem so bad.
The Major Points
Here are the main take-away points for creating a strong, hack-proof password:
- Use 10 or more characters
- Vary upper and lower cases
- Include symbols and punctuation
- Do not include personal info
- Test your passwords with a password checker
- Employ two-step authentication when available