Passwords represent the most significant, and sometimes the only line of defense between strangers and your personal information. So, how do you choose a good password that is easy to remember yet hard for someone else or a computer to guess? Let’s go over some good and bad choices when choosing the perfect password.
Here is an updated list of common passwords discovered in data breaches. This file contains the top 100,000 passwords from the HaveIBeenPwned data set. If you see a password that you use in this list you should change it immediately.
Most inexperienced users will often choose passwords that are contained within this list or similar other similar listings. People choose passwords that are personal, easy to remember, incorporate birthdays or other important dates in them, and often feature the names of people or pets. So don’t make passwords with any of that.
Such lists (like the one above) are very easy for hackers or other malicious individuals to parse through using a script that tries each one, until they eventually gain access to your personal data.
You know the importance of using strong passwords. But what is a strong password, really? 23r#12YUF734t is easy for a computer to crack, but hard for a human to remember, whereas sentences are hard to crack yet easy to remember. So use passphrases instead of passwords.
And if you’re still using personal information as answers to your security questions, stop! These details can often be easily obtained and used to gain access to your accounts. Don’t type the real answer to “What street did you grow up on?” Use a password manager and save the generated password there, and let it auto-fill on your next visit.
Are You Using Dumb Passwords?
The usage of dumb passwords is, more often than not, the case with novice internet users.
Apart from using weak passwords, many also tend to use the same passwords for different accounts. This can be disastrous because once a malicious hacker attains the password for one of your trivial accounts, he will immediately gain access to your other important personal information stored at financial institutions, for example.
Many people usually use the names of their pets, cars, relatives as a choice for their password. This is not a good choice because you are probably not the only person with a specific car model or a unique pet name. Your passwords should always be one-hundred percent unique, no matter what website you’re using.
In case you recognize yourself as someone who has similar thinking when creating a password for their accounts, you are most likely using a dumb password choice.
Using weak passwords is somewhat understandable for new internet users, who are not aware of the potential risks that come along by doing so. There are others who are aware of such risks, but even so, don’t mind using obvious passwords. These individuals are convinced that the odds of them being scammed are minimalistic. “I have nothing to hide,” they say. However, such thinking can be disastrous if they reuse the same password for their hacked accounts as they do on their banking websites.
The most common excuse for using simple passwords is that simple and apparent passwords are much easier to remember than other well-structured passwords.
The good news is that this study “observed a number of phenomena which run counter to the established wisdom. For example, passwords based on mnemonic phrases are just as hard to crack as random passwords yet just as easy to remember as naive user selections.” So think of phrases with a few words, or a song lyric you associate with the website in question, and use that as a passphrase that is memorable yet hard for a computer to crack.
If you want to free your mind from having to remember passwords, there are many ways you can preserve your password without bothering about writing them down on a piece of paper. We have password managers like lastpass, bitwarden, 1password or dashlane. Or just click the “Forgot Password” and reset your password each time you want to login (less convenient but provides more friction if you’re trying to use twitter or other social media less).
Browsers also offer to save your passwords, but I don’t put much trust in a browser, especially not one owned by Google. But if you must, Chrome isn’t terrible and is probably better than Firefox’s built-in password manager. In December 2019, Google Chrome released new advanced measures of protecting your passwords while remembering the matching credentials.
All these little features are not enough to fully protect you against malicious online attacks. Thus why we will provide you with some fundamental practices you should incorporate when creating a password. Before that, let’s look if your current password is listed with other bad password choices.
Is Your Dumb Password on this List?
Most Common WIFI passwords:
The website passwordrandom.com offers a list of the most commonly used passwords by internet users. This site allows you to type your password in a textbox, and straight afterward, it will warn you if your password is listed with the other ten thousand passwords.
This feature is great because it also has a scale that increases and decreases when you attempt to change your password. To make things even more comfortable, the exact parameters you need to fulfill to make your password one hundred percent safe are listed below, so you will exactly know what you are doing wrong.
Suppose you don’t want to go through creating your own unique password. In that case, the website also offers the possibility of generating random passwords that fulfill all safety parameters needed for your password to be as safe as possible.
Keep in mind this is only one website, and throughout the internet, many similar websites offer secure password generators.
- There are also specific ways of knowing when your password is not safe for a particular website. Google Chrome’s Password Checkup add-on will inform you any time your password is affected by a data breach.
- This add-on is convenient because it will inform you if anything happens that could affect your current password integrity. In case something like this happens, you will receive an alert to reset your password. Keep in mind that this extension was created to value the user’s privacy. This means you don’t have to worry about anybody else knowing that your password may be vulnerable.
- On HaveIBeenPwned? you can see 572,611,621 real world passwords previously exposed in data breaches. Because they are known passwords, they are unsuitable to use as they’re at much greater risk of compromise. Hackers take advantage of reused credentials by automating login attempts against systems using known emails and password pairs. Take a look at the passwords or check your email accounts to see if they’ve been breached, then change your passwords.
What is a Bad Password?
While going through lists of commonly used passwords, it’s easy to notice some specific patterns that repeat with most of these passwords. We have already explained some of the novice user’s tendencies when creating a password and the reasoning behind poor password choices. However, it’s important to know the exact elements of a bad password.
A bad password is considered a relatively easy password to find out, either by human guessing or by using a brute force attack.
In case you are not familiar with the term “brute-force attack,” this attack means that the hacker will use his computer’s power to enter as many possible passwords from a specific password list.
Such lists can be found online, as we already saw. However, in some cases, websites sell these password choices to malicious individuals and make it even easier for hackers to access someone’s personal information.
When it comes to bad passwords, some notable characteristics they boast:
- The classic 123456 or other sequential string like “asdfg”
- Including names in the password
- Using significant dates in your password, like birthday dates
- Not mixing upper and lower case letters
- Not using symbols in your password
- Not changing your password often
- The length of the password is under eight characters
These are some of the most common mistakes average individuals make when creating passwords. As we can see, bad passwords have characteristics opposite to the ones decent passwords should have.
In the next section, we will provide information about good ways of creating a strong password and explain other ways of protecting your passwords with additional security measures.
How to Make Your Password Hard to Crack
Now that we know the value of creating a safe password, it’s essential to understand how to create your own strong password.
To make your password safe, it’s vital to make it unique to your other passwords and not linked to your personal information. Passphrases and sentences are stronger than single strings of jumbled letters and numbers, plus are easier for you to recall.
If you are looking for optimal password security, your password must have specific characteristics we will list below:
- Be unique – It’s important to use unique passwords for every account you use. Especially if it’s an email or online banking account. Using the same credentials for multiple platforms will only make it easier for hackers to break in.
- Longer passwords provide better security – This may be the most crucial advice because hackers usually go after shorter passwords that are easier to crack. It’s necessary for your password to include at least eight characters. Keep in mind, the longer your password is, the longer time it will take for a hacker to crack it.
- Include uppercase and lowercase letters, numbers, and symbols in a sentence – Using a long password may not be enough to protect you from malicious individuals fully. Adding numbers, symbols, and different letter casing will make it significantly harder for hackers to crack your password. It would be best if you did this by switching letters with numbers (0 with O). The same can be performed with symbols as well. If your password parameters allow spaces, why not make an entire password sentence? Such as “Why not make an entire password sentence?”
- Use nonsense phrases – This is an excellent way of making your password stronger, as it removes the possibility of hackers going through dictionaries and guessing your password that way. This paper suggests the use of cognitive passwords as a method of overcoming the difficulty of creating passwords that are simultaneously memorable and difficult to guess. Cognitive passwords answer questions like:
- What is your mother’s maiden name?
- Who is your favorite superhero?
- What is your dog’s name
- What is your car’s name?
- What is your favorite movie?
- What city were you born in?
- What is your favourite colour?
The twist is to use nonsense phrases to answer these questions and save the answer in your password manager. What is your mother’s maiden name? You’ll have no idea, and that’s the point.
Apart from these characteristics your password should have, there are other ways of even further securing your password:
- Use password managers (I use lastpass)
- Always sign out (especially when using a computer you don’t own)
- Change your passwords regularly (this is something I don’t actually do….)
- Use VPNs (I use privateinternetaccess)
- Use two-factor authentication (using another security measure, apart from a password, to access the user’s account)