Creating strong passwords is essential for protecting your online accounts and personal information from hackers. Here are five strong password ideas to boost your security:
1. Use a Passphrase with Random Words
One effective method is to combine four or more random words into a passphrase. This approach ensures a long and complex password that is still easy to remember. For example:
- Phoenix Drive Cafe Office
- Seattle, Kindle, Coffee, Planes
- Minnesota Airplane Boston Christmas
These passphrases are memorable and can take millions of years to crack due to their length and randomness.
2. Create a Custom Formula
Develop a formula to generate your passwords. For example, take a phrase and replace each letter with the next one in the alphabet:
- “Cucumbers are tasty!” becomes “Dvdvncfst bsf ubtuz!”
Alternatively, use the first letter of each word from a favorite song or quote:
- “Mamma Mia chorus” becomes “MmhIgammhcIrymmdisammjhmimy”
This method creates complex passwords that are hard to guess but easy for you to remember.
3. Use the Keyboard Layout
Create a password by following a pattern on your keyboard. For example, take a simple name or phrase and use the keys above and to the right of each letter:
- “Jane Austen” becomes “Iwj4 W8e64j”
- “Lord of the Rings” becomes “P05r 0t 6u4 %9jye”
These passwords are difficult to crack because they appear random but follow a pattern you can easily recall.
4. Play with Vowels and Misspellings
Modify a phrase by replacing vowels or deliberately misspelling words. For example:
- “A car is floating in a pan” becomes “e cer is floeting in e pen”
This approach adds complexity while maintaining memorability. Spaces and special characters can further enhance security.
5. Use a Password Manager
If creating and remembering multiple strong passwords is challenging, consider using a password manager. These tools generate and store complex passwords for you, ensuring each account has a unique and strong password:
By following these ideas, you can significantly enhance your online security and protect your accounts from potential cyber threats.
The most common password-cracking techniques
Brute-force attack
During a brute-force attack, a malicious actor uses software that tries every possible combination to find the right one. An eight-character password consisting of upper- and lowercase letters, numbers, and special characters can be cracked in just two hours. Good passwords will take months or even years to break through, depending on their uniqueness and complexity.
Dictionary attack
While brute-force attacks try various combinations of special characters, numbers, and letters, a dictionary attack uses a program that goes through a prearranged list of words. Essentially, if your password can be found in a dictionary, specialized software can easily crack it.
Phishing
Phishing is a social engineering method to trick people into revealing their credentials. Phishing attacks often use email services as a medium: hackers send emails pretending to be reputable sources and refer users to fake login pages. A user then input their login credentials themselves and inadvertently grant this information to the hackers.
Credential stuffing
Credential stuffing is a popular method for hackers to gain access by collecting usernames and passwords used in previous attacks and trying them on other platforms. This method often proves successful because people tend to reuse the same password for all their accounts.
Keylogging
Keylogging involves a specific type of malware, known as a keylogger, infecting the victim’s device. The keylogger can then track the user’s keystrokes and device activity, depending on the software and the device. This can include copied and pasted data, phone calls, location, and screenshots. Using this information, hackers can easily access passwords and other sensitive information, allowing them to launch further attacks on the individual or data from their place of work.
How to create a strong password
- The longer your password is, the better. Many websites ask you to create eight-character passwords, but we recommend going for at least 15 characters.
- Avoid ties to your personal information, such as your name, surname, address, or date of birth.
- Use a combination of numbers, symbols, and upper- and lowercase letters in random order.
- Don’t use sequential letters and numbers.
- Avoid substitution: “kangaroo” and “k@ng@r00” are both equally weak passwords and a brute-force attack can easily crack them.
- Don’t reuse the same password for multiple accounts.