Making Your Password as Strong as Possible
If the eyes are the windows to our souls, then our passwords are the doors to our digital lives.
Passwords allow us to enter our online accounts so we can browse, shop, post, and play on the web. However, whoever has access to our passwords can also take a peek into our online activities, personal information, and digital identities.
Much has been said about creating safe passwords but we’ll make it easy for you. In this post, we won’t just tell you how to create secure and unique passwords but also give you advice on how to test their strength and manage them more effectively.
How hackers figure out passwords
Believe it or not, but cybercriminals may be some of the most creative people on the planet! They come up with ingenious ways of stealing your personal data including your passwords. Here are just some of them:
1. Phishing. This is when hackers send you emails, text messages, or even voice calls to “phish” or bait you into sharing your passwords. They can create messages to look as if they’re sent by legit companies, such as your bank or credit card provider!
2. Dictionary attack. When cybercriminals use an index of words or a dictionary to figure out your password. Often, they have an index of the most commonly used passwords and try each and every one to breach your accounts.
3. Brute force attack. This is similar to a dictionary attack but this time, hackers also use non-indexed words and alpha-numeric combinations to unlock your password.
4. Malware. Malicious software can be installed on our computer, sometimes even without our knowing. If you accidentally downloaded a suspicious attachment or clicked on a sketchy-looking link, then you’re at risk of malware infection. Cybercriminals can then remotely control your computer and install software capable of gathering your passwords as you type them.
5. Shoulder surfing. As the name suggests, this happens when hackers literally look over your shoulder to see what password you’re typing. This often happens in computer shops or places with public Wi-Fi.
What a hacker can do with your password
If you’re dealing with a friendly hacker (like an annoyed sibling or a mischievous colleague), maybe they’ll just change your profile photo or post embarrassing things using your account. But most hackers aren’t friendly and there are serious consequences from using weak and easily hackable passwords. They include:
1. Identity theft. Once hackers can get into your account, they can pick up details of your personal life that they can use to steal your identity. This is another way of saying that they will impersonate you to apply for loans, credit cards, and more.
2. Privacy compromised. We’re sure that you have files and other important information stored in your online accounts that you don’t want others to get a hold of. When cybercriminals crack your passwords to get into these online accounts, your online privacy is immediately compromised.
3. Account ransom. When scammers get into your accounts, they can easily take over them to make money on the side. They can hold your account or your device “hostage” by encrypting your files until you pay ransom. When you do, they send you a decryption key so you can access them again. However, beware because some of them may send a faulty decryption key. It’s also possible that they never had plans to give your files back to you.
What’s a unique password?
A password is considered unique if it’s used for only one account. Unique passwords are important because having different passwords for each online account makes it tougher for hackers to breach them.
On the other hand, if you have the same password for your bank account, social media account and email, you’re potentially in big trouble. If hackers are able to guess your social media account password, that’s one thing, but imagine if they could use this info to infiltrate your online bank account or email?
This is exactly why it’s always advisable to have different passwords for each online account.
Ways to create more secure passwords
Aside from having unique passwords for each account, what can you do to make each individual password stronger?
For years, tech journalists, bloggers and cybersecurity experts have been studying what constitutes a strong password. Here are some of their pointers:
1. Use passphrases. Passphrases are words or sentences used as keywords. The more random the words you include in your passphrase, the better.
2. Use punctuation and numbers. It is a good practice to include numbers and punctuation in your password to make it extra difficult to decipher.
3. Make it long. Try coming up with passwords containing at least 12 characters. Years ago, eight-character passwords were the gold standard but hackers have become more sophisticated. It can now take them as little as a few minutes to crack a password of this length.
4. Make use of upper and lowercase alphanumeric characters. Using this combination makes your password more complicated and harder to hack.
5. Use a password generator. If you don’t want to come up with your own password, you can always rely on password generators. Just one click and they give you a completely random password!
Passwords to avoid: The 10 most common passwords
People are creatures of habit and unfortunately, this makes our passwords predictable. It’s not uncommon for people to use birthdays or anniversaries as their passwords. What we often forget is that these pieces of information are often publicly available and can easily be connected to you.
Animals, no matter how cute, shouldn’t be considered for passwords either. On the list of the 100 worst passwords for 2019, “monkey” takes the 30th spot, “tiger” the 56th, “butterfly” the 69th, and “dragon” in 70th place (lots of Game of Thrones fans out there!)
Your favorite sport may not be a good idea either, with “soccer” taking the 33rd spot, “football” the 40th, “baseball” the 41st, and “basketball” in 75th place.
And apologies to anyone named Charlie, Michael, Nicole, Jessica, Hannah, Michelle, Daniel, Maggie, Jordan, Jennifer, Amanda, Justin, Joshua, Matthew, Samantha, Andrew, Thomas, Madison, Maria, or Sophie. Please do not use your names as passwords as they are too common and easily hackable. Unfortunately, all of these names made it to the list of 100 worst passwords.
The top 10 worst passwords in 2019 were:
As you can see from the list above, these passwords are all short and follow easily detectable patterns.
How to create an effective password for your phone
Protecting your phone starts with the actual hardware. Luckily, phone manufacturers have already thought of the best ways to make our devices more secure.
Password protection for Android phones
Android phones usually have built-in password enablers and you can find these features under Settings.
1. Go to Settings and click on Security. For some phones, they have a separate Lock Screen option.
2. If you select the Lock Screen option, you will be asked to choose between a swiping pattern, encoding a PIN, or inputting your own typable password (by far the strongest option).
3. Under Security, you also have the option to build a secure folder. Here you can put important files that need another password to be accessed.
4. You can also encrypt your SD card under the Security option. This means that files in your card are only visible in your phone, not in any other device.
Password protection for iPhones
Both old and new iPhone models allow users to set passcodes and change them later.
1. Go to Settings. For new models of the iPhone, go to Tap Face ID & Passcode. For older models, go to Tap Touch ID & Passcode.
2. Turn Passcode on and select a passcode option. Apple suggests using the Custom Alphanumeric Code and Custom Numeric Code since these are the most secure.
Of course, it’s not enough to protect your phones using built-in password enablers. Your phone software needs protection too so you should consider mobile security apps.
How secure is my password?
Are you ready with your new password? If you followed all the steps listed above, it’s time to put it to the test.
And before you do, just remember that there are different levels of password security strength. For some websites, when you’re setting up an account, they tell you right away if your given password is weak or strong:
- Weak password strength. Your password is quite common, predictable and can be easily hacked.
- Medium password strength. It’s still possible for cybercriminals to guess your password, it just might take them a little bit longer
- Strong password strength. The system recognizes that you have followed the best practices, such as including uppercase and lower case characters, numbers and symbols. Your password is most likely secure.
Now, what if you want to test passwords for your existing accounts? There are several websites that analyze password strength - all you have to do is input your password. But make sure you only use websites you trust and that these websites don’t keep a record of your password!
Introduction to password managers
Why do people create passwords that are easily hackable? Well, it’s not like anyone wants to be hacked. Instead, they just want something easy to remember.
There is always a tradeoff between memorability and password security. This is also why people reuse passwords for different accounts. But what if we told you that there’s a way to have different, complicated passwords for each of your accounts without having to remember any of them?
This is where password managers come in.
These are apps or websites that act as a concierge for all your passwords. Instead of giving you keys to hotel rooms, they give you passwords you need for websites.
You only need to sign in once to your accounts, then your password manager will remember it for you. This means that you don’t have to type your log-in details each and every time. Another advantage? You can make your passwords as complicated as you like. Remembering passwords can now be as easy as … well, not having to remember them at all!
There are several password managers on the market including 1Password, Bitwarden, and NordPass and they each come with different features and price points. Some only save passwords on one device, while others allow you to save passwords across multiple devices.
How to manage saved passwords in your Google account
Now that you know how password managers work, you may be more comfortable trying this out using your email first. And if you have a Gmail account, the good news is you don’t even need to download a third party password manager!
Gmail comes with a password manager which allows you to sync passwords across different devices. Handily, it’s very easy to set up!
How to use Google password manager on desktop
1. If you’re using Chrome as your browser, simply go to your profile on the upper right of your screen.
2. Click on the key icon Passwords under your profile photo.
3. Turn it off or on, according to your preference.
How to use Google password manager in mobile
1. On your Android phone, go to Settings.
2. Click on Google > Google Account.
3. Click Security > Saved Passwords.
4. Turn it off or on, according to your preference.
What is the best password manager?
Since you’re entrusting all your passwords to them, it goes without saying that you have to pick a password manager with a solid reputation.
However, having a password manager may not be enough. Make sure you also have cybersecurity software that can address other online threats. Choose the one which offers all-round protection and secures all aspects of your digital life, like the one we provide at Clario!
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.