What is a strong password & why should you use one?

The term "strong password" doesn't have a unified definition. Google's Enterprise suite requires 20 characters with a variety of numbers, symbols & letters - but your favorite social media platform only requires 8? Let's break it down.

What is a strong password?

The goal of a strong password is to be memorable but lengthy, have a healthy mix of numbers/symbols/letters & be complex. To understand a strong password, we'll go over common practices that users at risk. Let’s look at a few examples of weak passwords to understand why these put you at risk.

It uses identifying words, or numbers

A common example is using a last name + year of birth combination. Smith1969! - though this example uses 10 characters and includes letters and numbers, it includes a name that can be associated with you or your family and other identifying pieces of information such as your birth year, which means it can be easily hacked.

A long password is a strong password. The harder a hacker or a code-breaking software application has to work, the better. Also, the number of substitutions can be easily guessed. Substituting the number 1 for the letter l is easy to guess for both humans and software.

It's too short

Let's say you use something such as "F1r3truck". While this has numbers, and letters - it's a common word that can be deciphered using a common method of brute-forcing known as a dictionary attack. 

A long password is a strong password. The harder a hacker or a code-breaking software application has to work, the better. Also, the number of substitutions can be easily guessed. Substituting the number 1 for the letter l is easy to guess for both humans and software.

How do I come up with a strong password & have good password practices?

There are a few key points to keep in mind.

• Length
  • Your password should be long, 12+ characters of extremely varying degree. (the higher the better)
• Complexity
  • Your password should never be an easy to guess word, or an identifying piece of information about you. Try to find something neutral, or only something you would know. A fun & memorable practice is using a non-public life event, along with the date of it.
    • In example, think of the first time you went to a water park. EG (W@T3rP@rk4392) (Waterpark 04/03/1992). This isn't a birthday, and typically hackers wouldn't know your parents took you to a waterpark in March of 1992. Plus, it's 13 characters.
  • Also, try using it to be site-specific 
    • Acct4_B@nk0f@merica!$$ - Bank of America login
    • Africaby__Toto1982!! - the song Africa, by Toto released in 1982. (could be used for a music streaming service)
• Do not reuse passwords
  • If one password is compromised, this is the failsafe to not allowing your other logins to fall like dominoes to a hacker.
    • In this case, if your social media is hacked - the attacker doesn't now have access to your bank, email, credit cards, other socials, etc).
  • If you struggle with this, consider utilizing a Password manager, such as 1Password. An in-house favorite of ours.
    • 1Password allows you to house multi-factor authentication, securely generate passwords for each website & store them all in encrypted storage that not even 1Password staff themselves have access to.

Conclusion

There is not one answer to what a strong password is, nor is there a single solution for every password ever. Follow good password practices, and be as secure as possible & you'll find yourself lightyears ahead of most in terms of security. 

Author's Note:

A great practice to utilize is knowing whether or not your sensitive data (passwords, emails, etc) has been found in a data breach. Most credit monitoring services offer this, along with a site that has been around for more than a decade (and is partnered with 1Password actually) known as HBIP (https://haveibeenpwned.com/). Here, you can type in your email & it will tell you whether or not your data has been found in any known data breaches. From here, you can determine the password used & promptly change it.