Simple tips on how to create a strong password

Make one up and don’t forget it!

Modern man likes to simplify everything. Everything is available to him with a click of a computer mouse. Today our article urges — let’s make it more complicated! Don’t make it simpler!

A password doesn’t have to be logical and simple. If you have a dairy farm, it’s clear to a cow — a password of “cow” is hardly a good option for your email. However, creating a complex password is only half the battle. The other half is to make sure you don’t forget it and can remember it when you need it. We don’t want your accounts to become impregnable for you.

In our article about what a strong password should be, we touched upon the basic principles of password creation. Today, we’ll take a closer look at the techniques you can use to create passwords that will become strong guardians of your accounts and protect your personal data.

To offer you a list of basic rules of a secure password, we have analyzed a lot of materials devoted to this topic on the Internet. Let’s list these rules, and even if you’ve heard them many times, don’t take them lightly and your personal data will thank you.

Size matters

• The password should be long. Preferably at least 8 characters. Starting with 16 is better.
• The password should be unique for each account. Do not use the same password more than once.
• Use lowercase letters and uppercase letters.
• Use numbers.
• Use special characters.

Do not use dictionary words. For example: pine tree, pen, car. Be creative and create something like: shvrtoair, ytsfcnshpsh and things like that.

Try to use a combination of several alphabets. For example, Latin, Cyrillic, and Arabic script.

Creative chaos

Even if you don’t play the piano, you’ve probably tried hitting the keys at random, hoping that you’ll get divine music. Do you get chaos? — That’s oh what we need! Try running your fingers across the keyboard and get a password like this:

Qi@8zh0!kX74a
E5u73$zOf&9azUa
YgC3£i4%rJqyB80
Oz!x43cVe$oz5S
84aP@E&39uzxC1ka0

Change your most important passwords more often. For example, once a month.

When creating a new password, make sure it differs from all old passwords.

Do not use as a password any data (or combination of data) that can be easily matched to you. For example: Your first name, last name, date of birth, email address, and so on.

When making up a new password we can imagine how a hacker acts. Let’s say he picked up the password to your primary email account. From the emails, he found out that you use iCloud, regained access to it, and locked your iPhone. He then reset the password to your Facebook page and accessed your private messages.

In the correspondence, the attacker found photos of your documents, phone number, and bank card number. He used this data in a chat with the bank, tied another number to the account, got in, and accessed your money. If the hacker is experienced and armed with the necessary aids, it costs him nothing to make a chain of these actions from beginning to end.

What passwords are insecure

Insecure passwords are common words or phrases, letters, or numbers in a row. People often use them when they don’t think about security or just want to finish registering quickly. A password is insecure if it consists of:

• a sequence of numbers: 12345, 337799, 10011001
• date of birth: 13051990, 19900513, 0513
• phone number: 0998765432, 0976543210
• common words: password, qwerty, administrator
• your name, names of relatives or pets: anton, alex, sveto4ka, barsik, kesha
• geographic name: Jurmala, mississippi, pacificocean
• username or part of it: username_example, antonio
• e-mail: example@ukr.net, pochta@gmail.com

Such passwords are easy to pick up. For example, a hacker will need only 13 seconds to bruteforce the password qwerty12345. But it would take several centuries to find such a password: Oz!x43cVe$oz5S84aP@E&39uzx.

The most popular password in the world last year — 123456 — was used more than 4.5 million times, hackers can cope with it in a second, writes CNBC, citing data from NordPass and independent researchers.

17 of the top 20 most popular passwords in the world in 2023 can be cracked in less than a second, including combinations of numbers and “original” passwords like password and administrator. It takes a second for intruders to crack the user password and 11 seconds for admin123. The record holder of the top 20 is UNKNOWN, which takes 17 minutes to crack.

Here are the most popular passwords in the world:

1. 123456 — 4.52 million uses
2. admin — 4 million
3. 12345678 — 1.37 million
4. 123456789 — 1.21 million
5. 1234 — 969.8 thousand.
6. 12345 — 728.4 thousand.
7. password — 710.3 thousand.
8. 123 — 528.1 thousand.
9. Aa123456 — 319.7 thousand.
10. 1234567890 — 302.7 thousand..
11. UNKNOWN — 240.4 thousand.
12. 1234567 — 234, 2 thousand.
13. 123123 — 224.3 thousand.
14. 111111 — 191.4 thousand.
15. Password — 177.7 thousand.
16. 12345678910 — 172.5 thousand.
17. 000000 — 168.7 thousand.
18. admin123 — 159.4 thousand.
19. ******** — 152.5 thousand.
20. user — 146.2 thousand.

Check your password in a password strength analyzer, there are enough of them on the net.

What is a hacker thinking about?

We’re practicing password writing. Get creative. What are you thinking about right now? The Canary Islands? Okay. A smart hacker might realize that you, like him, are thinking about those islands. So let’s make it harder for him. Let’s replace some letters with symbols to make it easier to remember, replace similar letters with similar symbols.

Let’s say @ for a, 1 for i, $ for s. What do you get? — C@n@ry1$l@nd$. Now you can safely go to the islands, and drink mojitos on a chaise lounge, your account is secure.

To make it easier to remember, you can choose a memorable combination. For example, notes, and days of the week. Say, take your favorite day Friday, and insert some sequence of numbers between the letters. Let it be your birth year 1989 and month 12, but in reverse. You get F9r8i9d1a2y1. Decorate at the beginning and end with special symbols — *;#F9r8i9d1a2y1@. I think it’s beautiful.

Such methods are good if you want to easily remember your password and not copy it every time from the password manager.

What is a password manager?

Of course, the best way to store passwords in your mind is unless a hacker has the gift of hypnosis, he won’t be able to get there. A less successful idea is to save passwords in your smartphone notes, in a text document on your computer, in cloud storage where they can be discovered by intruders, or write them down on a piece of paper and forget where you hid them.

The best way to remember a new password is not to save it for a while, but to enter it manually every time. After several dozens of attempts, you will develop a mechanical memory, and you will enter the password reflexively.

However, a modern person has a lot of passwords. And it is hard to do without a password manager, i.e. without programs that memorize and store passwords for you, such as KeePass, LastPass, or Roboform.

However, to enter the program, you must make up a password again, a kind of boss of all passwords. Naturally, such a password should be the longest and most difficult one. How to memorize it? — Be creative and train your memory.

Which password manager should you choose? We will write a separate article about it.

How to keep your password secret

Let us remind you that the best way is to keep passwords “in your head”. But it is not ideal, as it can be revealed at the moment of entering them. To keep your passwords secret, try this:

• Create a new password for each important service.
• Enable two-factor authentication wherever this option is available.
• Don’t save passwords in your browser.
• Don’t enter passwords on sites without an SSL certificate.
• Don’t trust anyone and don’t give your password to anyone. Not even friends and parents. Especially not to your wife (husband).
• Change your password every time you think it might have been stolen. In other cases, change the password at least once every 6 months.