The term "strong password" doesn't have a unified definition. Google's Enterprise suite requires 20 characters with a variety of numbers, symbols & letters - but your favorite social media platform only requires 8? Let's break it down.
What is a strong password?
The goal of a strong password is to be memorable but lengthy, have a healthy mix of numbers/symbols/letters & be complex. To understand a strong password, we'll go over common practices that users at risk. Let’s look at a few examples of weak passwords to understand why these put you at risk.
It uses identifying words, or numbers
A common example is using a last name + year of birth combination. Smith1969! - though this example uses 10 characters and includes letters and numbers, it includes a name that can be associated with you or your family and other identifying pieces of information such as your birth year, which means it can be easily hacked.
A long password is a strong password. The harder a hacker or a code-breaking software application has to work, the better. Also, the number of substitutions can be easily guessed. Substituting the number 1 for the letter l is easy to guess for both humans and software.
It's too short
Let's say you use something such as "F1r3truck". While this has numbers, and letters - it's a common word that can be deciphered using a common method of brute-forcing known as a dictionary attack.
A long password is a strong password. The harder a hacker or a code-breaking software application has to work, the better. Also, the number of substitutions can be easily guessed. Substituting the number 1 for the letter l is easy to guess for both humans and software.
How do I come up with a strong password & have good password practices?
There are a few key points to keep in mind.
- Length
- Your password should be long, 12+ characters of extremely varying degree. (the higher the better)
- Complexity
- Your password should never be an easy to guess word, or an identifying piece of information about you. Try to find something neutral, or only something you would know. A fun & memorable practice is using a non-public life event, along with the date of it.
- In example, think of the first time you went to a water park. EG (W@T3rP@rk4392) (Waterpark 04/03/1992). This isn't a birthday, and typically hackers wouldn't know your parents took you to a waterpark in March of 1992. Plus, it's 13 characters.
- Also, try using it to be site-specific
- Acct4_B@nk0f@merica!$$ - Bank of America login
- Africaby__Toto1982!! - the song Africa, by Toto released in 1982. (could be used for a music streaming service)
- Your password should never be an easy to guess word, or an identifying piece of information about you. Try to find something neutral, or only something you would know. A fun & memorable practice is using a non-public life event, along with the date of it.
- Do not reuse passwords
- If one password is compromised, this is the failsafe to not allowing your other logins to fall like dominoes to a hacker.
- In this case, if your social media is hacked - the attacker doesn't now have access to your bank, email, credit cards, other socials, etc).
- If you struggle with this, consider utilizing a Password manager, such as 1Password. An in-house favorite of ours.
- 1Password allows you to house multi-factor authentication, securely generate passwords for each website & store them all in encrypted storage that not even 1Password staff themselves have access to.
- If one password is compromised, this is the failsafe to not allowing your other logins to fall like dominoes to a hacker.
Conclusion
There is not one answer to what a strong password is, nor is there a single solution for every password ever. Follow good password practices, and be as secure as possible & you'll find yourself lightyears ahead of most in terms of security.
Author's Note:
A great practice to utilize is knowing whether or not your sensitive data (passwords, emails, etc) has been found in a data breach. Most credit monitoring services offer this, along with a site that has been around for more than a decade (and is partnered with 1Password actually) known as HBIP (https://haveibeenpwned.com/). Here, you can type in your email & it will tell you whether or not your data has been found in any known data breaches. From here, you can determine the password used & promptly change it.
Comments
0 comments
Please sign in to leave a comment.