What is a Password?
Have you experienced a feeling of dread after receiving an email that reads: “Someone logged into your account” and you know it wasn’t you? If you’re like most people, this has happened more than once.
In the best case, you were able to simply change your password and other credentials and that was it. But in the worst case, you might’ve lost sensitive data like credit card info.
All those issues start with a weak password. Poor password security can put all your accounts in danger from online threats. The best way to protect yourself from cyberattacks is to understand what makes a good password.
- A password is a unique set of characters utilized as a security measure to authenticate user identity and protect personal data or system access from unauthorized access.
- Passwords should be robust, integrating a mix of uppercase and lowercase letters, numbers, and symbols to amplify their complexity and deter hacking attempts.
- Periodic password changes, avoiding repetition, and not sharing passwords are best practices to enhance their efficacy as a fundamental layer in cybersecurity defense strategies.
What is a Secure Password?
Creating a secure password will require you to use more than common words, phrases, or dates. Some of the worst passwords you could come up with would contain your name, the name of a common object or animal, or your birthday. Sadly, that last example appears very often.
And let’s not forget the worst example of all – the word “password” itself.
Secure passwords are often not real words, or if they are, they are spelled in an unusual way. Think of replacing letters with similar-looking numbers or symbols (l1k3 th1$). Furthermore, passwords are case-sensitive, which means they get stronger when uppercase and lowercase letters are combined (m0R3 L1k3 tH1$).
Strong passwords will also have a minimum of eight characters. The maximum is capped at 64 characters, but it would be wise to keep your password length at 16 or fewer.
In essence, complex passwords will perform better than simple passwords. But you might wonder why complexity makes for a strong password.
The answer is pretty simple: a complex password is harder to guess or break into.
The point of passwords today isn’t only to confirm user identity. It’s also to repel potential attackers. To that end, you should only use specific password types and avoid certain passwords too easy for a hacker to figure out.
Broadly speaking, passwords can fall into one of two types: weak and strong. Of course, that’s not the end of the story – otherwise, you wouldn’t be reading this article.
Weak passwords consist of categories we’ve already mentioned, plus an extra one:
- Easy to guess
- Universal passwords
You already have an idea of what a simple password is – essentially, a common word from the dictionary. It’s worth noting here that merely adding a number to the word won’t do much in terms of password security. So, “journalist” will be just as weak as “journalist1” and vice versa.
Too Easy to Guess
Easily guessable words include any name or term that could be linked to you with a bit of research. You know that cliche movie scene where a hacker figures out the password by typing in the name of someone’s child or pet? That’s what we’re talking about here. If your current password is, for example, your street address, you can expect to get hacked sooner rather than later.
Dates and Numbers
When it comes to dates, those might look like a great idea for a password. But, when you break it down, your birthday or wedding anniversary is nothing more than a string of numbers. Believe it or not, such passwords can be guessed in a matter of minutes.
Universal – One Password for Everything
Finally, there’s what we deemed a “universal password.” This would be a single password that you use on multiple websites. You might think, “Okay, I made a secure password. Why wouldn’t I use it for all my accounts?”
Your password might be very secure, but you can’t guarantee the same for the sites you’ve visited. Suppose one of the sites gets hacked, as it often happens. In that case, the attackers might gain access to all confidential data, including your universal password. From that point, they’d be able to enter all your accounts without trouble.
Now that we’ve covered types of weak passwords, let’s look at the opposite side.
We can divide strong passwords into three main categories:
A strong password will, first, be alphanumeric. In other words, it will contain letters and numbers. As mentioned, the password can also have special characters, which will only boost its effectiveness (r3M3mB3R tH!$ 3xAmpL3?). Better yet, using random words will increase password strength even further.
However, it might be even better if your password consists of random characters that don’t form a word, phrase, or sentence. This would make it extremely hard, if not impossible, to crack.
Granted, such a password would also be challenging to remember. Luckily, certain solutions allow you to generate and store random passwords for later use. We’ll get to that subject later in the article.
Finally, you can devise a unique password by using keyboard patterns. This password type won’t require you to remember a combination of symbols. Instead, you’ll use memorable keyboard paths to create a random password that you actually can remember.
Let’s see how these three principles would work in practice.
Strong Password Ideas and Examples
1. Alphanumeric Strong Passwords
We’ve already given plenty of examples of alphanumeric passwords. Any more would be overkill. But it might be helpful to explain a simple process that will turn a single dictionary word into a strong password.
You may start with any simple word – even your name. For this example, let’s say the name is Kelly.
The first step would be to add a number: Kelly437.
Then, you can throw some numbers instead of letters into the mix: K3lly437 or Ke11y437. In this step, you can also substitute letters for special characters: K3l!y437.
This already looks like a more secure password, doesn’t it? Well, you can take it a step further and mix and match lowercase and uppercase letters: k3l!Y437.
As you can see, we started with a name and ended up with something that looks like a random set of characters. As far as passwords go, this one would be pretty tough to figure out. And it if becomes too hard to recall, you can always store it in a password manager.
2. Random Character Strong Passwords
Unlike alphanumeric, random passwords can be much harder to come up with and memorize. However, you can use a relatively simple coding method to do just that.
Like with the alphanumeric example, start from a simple word. We’ll give Kelly a break here and use Michael instead.
Instead of typing the correct letters, shift them one keyboard row up. In this case, the result would be: Michael = J8dyq3o. And just like that, you’ve arrived at a random set of characters that includes numbers and letters.
You can spice things up even more by using uppercase instead of lowercase letters or substituting letters for numbers. However, that would make the password much harder to remember.
If you’re not up for the hassle, there’s an infinitely easier way to get a random password: using a password generator tool.
Various software features such tools. Firstly, there are password managers like Dashlane or Keeper. These managers can generate unique passwords for every online account you have and store them securely.
Secondly, browsers like Mozilla Firefox give you the option to generate passwords. The browser can also store your password and link it to your Mozilla account.
Whether you choose the first or second option, you’ll have an easier time getting a good password that won’t be forgotten after a while. In fact, a password generator can be a life-saver in various situations. This is also a good place to stress the importance and convenience of password managers.
3. Pattern Strong Password Ideas
Patterns might be a bit trickier for some people than other methods. But if you’re a visual type, this could be the perfect option.
It’s important to note that patterns don’t always make strong passwords. For instance, “qwerty” is a pattern – a straight line from Q to Y. However, this is also the fourth-worst password in the world.
The apparent problem with patterns is that they move across straight lines on your keyboard. This leads to strings of consecutive letters and numbers, which can be easy to figure out even by an average user. Hackers will, of course, be even better prepared to crack such passwords.
If you’re still interested in creating a pattern-based password, you could try “drawing” a shape on your keyboard and then getting rid of every other letter. This would turn the notorious “qwerty” into “qet.”
Unique passwords can be your best line of defense against cyber-criminals. The following section will explain how those malicious online lurkers can jeopardize your data.
How Hackers Crack Passwords
The most common methods of password hacking are dictionary attacks and brute force attacks.
The Dictionary Method
A dictionary attack is precisely what it sounds like. The hacker uses software that starts listing words from a dictionary and testing them as passwords. This type of attack makes common words so dangerous in passwords.
It might seem like dictionary attacks would take ages to succeed, but it’s pretty much the opposite. If your password uses dictionary words, it can usually be cracked within five minutes. The same goes for words followed by numbers.
These attacks rely on attempting various combinations of words and characters. But, despite what Hollywood tells you, this won’t be done by some hacker with sunglasses and wild hair continually smashing their keyboard.
Instead, a brute force attack is conducted by sophisticated hacking software with machine learning and AI capacity. All the hacker needs to do is feed the software relevant data and start the program.
It might look boring in a movie, but it represents a massive security risk in real life.
If you use a password with special characters that still relies on everyday words, i.e., “dog_lover!,” it can be cracked in a matter of days.
This is where choosing passwords with more complexity comes in. A good password (like k3l!Y437 – hello, Kelly!) might endure attacks not just for days but billions of years or more. Simply put, such passwords would be impenetrable to brute force attacks.
Unfortunately, these aren’t the only ways in which your passwords could be compromised.
Rainbow Table Attacks and Network Analysis
Cyber-criminals can use so-called “rainbow table” attacks, as well as network analyzing tools, to gain access to passwords.
The former can match your passwords to the corresponding decryption key, while the latter intercepts network data to extract information. In both cases, your unique password won’t be enough to stop the attack. The wrongdoer will receive everything they need to compromise sensitive accounts.
Less sophisticated methods of stealing passwords include phishing, social engineering, and spidering.
Phishing and Social Engineering
Phishing and social engineering are similar in many ways. The victim will receive communication containing a malicious link. This usually happens via email, but it can function through other types of messaging like a text message.
In the case of phishing, clicking the link will usually download a particular virus or other malware designed to collect passwords. However, social engineering will do something much more sinister.
A social engineering email will appear to come from a reputable source. The message will usually ask the recipient to take some action by clicking on the provided link. Rather than downloading malware, the link will take the victim to a scam website that will require a login.
Of course, as soon as the person logs in, the scam website will store their credentials.
So, if you receive an email from google.info (not a real site) asking you to verify your account to claim $500, it would be best not to touch any links in the email and report it to the real Google immediately.
Your passwords aren’t only in danger from high-tech attacks either. Online criminals may have a more hands-on approach to password stealing.
This is the case with spidering. The method has less to do with hacking and is more akin to a traditional scam.
Criminals might contact you posing as contractors or potential clients. Rather than using automation, they’ll strike up a conversation and pretend they’re interested in your services. These data thieves will ask probing questions in the hope they’ll receive a piece of info about the company network or other vital systems.
If they manage to get the information, cyber-criminals will use it to locate vulnerable spots in your network and exploit them for hacking attacks. As in other cases, a strong password won’t help here – hackers will try to make a data breach through a back entrance into the system.
As you can see, your online accounts can be at risk even when all your passwords are as strong as they can be. But that doesn’t mean you’re left helpless.
A strong password is just the beginning of a tough online defense system.
How to Reinforce Your Passwords
If you own several online accounts, you should follow some crucial principles of password management:
- Avoid common passwords.
- Never use the same password for multiple sites.
- Keep your passwords private and don’t share them with anyone you don’t trust.
- If you can’t create a secure memorable password, use password generators.
- Get used to changing passwords. Don’t keep the original password for months on end, especially on your business and social media account.
- Use password managers to keep track of each password. Don’t leave your password management to sticker notes.
- Employ additional security methods like two-factor authentication, multi-factor authentication, and one-time passwords.
Password Managers and Generators
When you have several accounts, keeping multiple passwords in memory will become very challenging. Fortunately, there’s no need to memorize the correct password for every account you own.
This is where a reliable password manager steps in to rid you of the headache.
A good password manager will keep all your passwords in one place and auto-fill your credentials upon visiting a website. In that case, you’ll only need to know one master password.
The master password will be used to log into the password manager software. After that, password management will practically take care of everything else.
It’s understandable if you think having every password in the same place sounds scary. However, there’s no reason for fear if you choose the right password manager. These systems are designed to keep your passwords private and as safe as possible.
Maximal password security is achieved through several means. First, none of your passwords will leave your computer or phone without encryption. The encryption system used is usually such that even the server provider can’t decode it.
In other words, the only sources who know the password are (hopefully) you and the version of the password manager installed on your device.
A quality password manager will also check the strength of your passwords and suggest potential updates. But it gets even better: Many password managers will support two-factor authentication.
Two- and Multi-factor Authentication
Two-factor authentication, unsurprisingly, combines two factors during login.
Instead of using only the password – the first factor – this type of authentication will ask for additional confirmation. The second factor can be a code sent to your phone, security token, or a pre-set security question.
And if you want to get really high-tech, you can choose to provide login confirmation via fingerprint or retinal scan.
Multi-factor authentication functions much like the two-factor variant but, as the name implies, uses multiple factors.
These security methods can be an excellent way of preventing unwanted access to your accounts. Plus, they can come in handy in case of a forgotten password.
For example, you could set up authentication to ask for a security question after several unsuccessful password guesses. While false answers will, naturally, lock anyone else out of the account, you’ll be able to get right in by answering correctly.
A Secure Password Means a Secure Account
A password is what stands between your data and cyber-criminals. Coming up with a good password might be one of the most important things you’ll ever do for your online accounts.
Now that you’ve seen the most effective methods to create a fool-proof password, you can feel safer using your favorite websites and social media.
How to stay safe online:
- Practice Strong Password Hygiene: Use a unique and complex password for each account. A password manager can help generate and store them. In addition, enable two-factor authentication (2FA) whenever available.
- Invest in Your Safety: Buying the best antivirus for Windows 11 is key for your online security. A high-quality antivirus like Norton, McAfee, or Bitdefender will safeguard your PC from various online threats, including malware, ransomware, and spyware.
- Be Wary of Phishing Attempts: Be cautious when receiving suspicious communications that ask for personal information. Legitimate businesses will never ask for sensitive details via email or text. Before clicking on any links, ensure the sender's authenticity.
- Stay Informed. We cover a wide range of cybersecurity topics on our blog. And there are several credible sources offering threat reports and recommendations, such as NIST, CISA, FBI, ENISA, Symantec, Verizon, Cisco, Crowdstrike, and many more.
Frequently Asked Questions
Below are the most frequently asked questions.
What is the strongest type of password?
Random character passwords are likely the strongest. For instance: 8oSNH!D4ha6NfNm3eJMX
Which special characters can I use?
Special characters fit for password use are called ASCII special characters.
What's the best way to keep my passwords safe?
Undoubtedly, the safest way to store your passwords is in a password manager.
Author: Tibor Moes
Founder & Chief Editor at SoftwareLab