Today we will explain how to create secure passwords. Ones that will help protect your online accounts from computer attacks. This guide will teach you what a secure password should look like on the Internet and how important it is to manage passwords for your accounts, not only those related to finances or email.
After explaining the importance of passkeys in cyber security, and the relationship between the router and CyberSec, it’s time for the next article in the CyberSecurity series.
Table of contents:
1. Why insist on Strong Passwords?
The maniacal recommendation of strong and different passwords for each account may seem intrusive, even paranoid, to some users. But is it so? The primary security breach events at significant tech companies clearly illustrate that there is a problem with the lack of secure passwords.
- Big tech companies like Facebook, Google, and others have had significant security breaches.
- Cybercriminals break into thousands of online accounts daily, stealing users’ data (and money).
- Millions of people around the world use passwords like “123456”.
Having secure passwords is essential to protecting our privacy and data. The risk is unquestionable: if you don’t use strong and complex passwords daily, you run the risk that someone will one day guess them and do whatever they want with them. So how do you create secure passwords?
2. Secure Password. A few Statistics
2022 Psychology of Passwords report revealed that despite most people receiving some cybersecurity education, our report found that many (62%) are still reusing passwords. While only 12%of respondents admit to always using unique passwords, 89% know that reused or similar passwords are a security risk. Nearly half of respondents (42%) claimed good password hygiene (42%).
Of those who received a cybersecurity education, only 31% stopped reusing passwords, and only 25% started using a password manager.
When it comes to online accounts, would people create a more robust/more complex password for:
- 69% – financial accounts (banking, stocks, etc.).
- 52% – Email accounts,
- 35% – would do the same while using Medical records/healthcare-related accounts.
- 33% – work-related accounts
- 32% for Social media accounts
- 18% – retail/shopping accounts
- 14% – entertainment accounts
- 8% – travel/airline accounts
- 13% – create the same password regardless of the type of account.
3. Declarations vs. Reality
Password breaches occur in every generation. Generation Z (born 1997-2010) is a group that is disturbingly careless about password security. At the same time, Generation Z is much more likely than other generations to declare that they are excellent at maintaining password hygiene. However, the numbers contradict it.
Research has shown that as many as 69% of respondents representing this age group use different variations of the same password and similar passwords for several accounts. This figure is similar to that of Millennials (born between 1981 and 1996) – here, the number was 66%.
4. How To Create Strong Passwords
The biggest obstacle to creating strong passwords is the difficulty in remembering them. Many people are afraid that they will not remember and will not recover their password later. Another factor is sheer laziness – we do not want to create strong passwords, especially on websites we only want to test or plan to use infrequently. And this is simply a gift for cybercriminals.
a. Use the Password Generator
Now let’s get to work: How to create secure passwords? For this purpose, a secure password generator is worth using, making it easier for us to remember them. Remember to create a secure password that should only be used for one account. So the rule is:
one password = one account
b. Set Up A Strong Characters Combination
In addition, try to make the password long and complex, making it difficult or even impossible to crack. Use many random characters, digits, uppercase, lowercase letters, and special characters like %,:, (, @, $, ! etc.
c. Help yourself with a Password Manager
This will be hard for a hacker to crack, but unfortunately, also impossible for you to remember. For this purpose, use a password manager instead of writing down passwords on paper or in a notebook on the computer desktop. There are many such services on the Web, and I do not want to advertise any of them. Do your research and find a password manager that works for you.
d. Change Passwords Occasionally
It’s essential to change your passwords from time to time. Password protection is only sometimes 100% up to you as there can be leaks that expose your passwords online. That’s why changing your passwords is essential to prevent someone else from using them if they’re leaked.
e. What Instead of a Character Combination?
If you do not want to create passwords consisting of a random string of characters and do not want to use a password manager, you can also use passwords that are easy to remember but hard to guess.
A very effective way is to use combinations of several words that, although seemingly have no logical connection with each other, will make sense to you, and you will remember them easily.
Some claim this technique is more effective than simply combining capital and lowercase letters, numbers, and special characters into a short password. They are so complicated that they lose all meaning, which minimizes the risk of guessing them.
f. Set Up A Two-Factor Authentication (2FA)
You should set up two-factor authentication (2FA) on every online account that enables this function. 2FA function protects your passwords even more. It requires entering a one-time code each time. You can also plug in a USB security key when logging in from a new device. Two-factor authentication for online accounts significantly lowers the risk that fraudsters can log into your account, EVEN if they have already stolen your password.
g. Have I Been Pwned?
It’s also a good idea to periodically review pages such as ‘Have I been pwned.’ He’s a network veteran collecting all password leaks. You enter your email, and the network tells you if any password has been leaked on the services where you used it. You can prevent a leak and start changing your passwords if you notice it.
5. Account Password Management
I also recommend using a Password Manager. This may surprise you, but password security is secondary these days, and the most important thing is how you manage those passwords afterward.
A password manager allows you to store passwords for other accounts (multiple accounts). When logging into your account, you don’t have to remember your password every time, as the manager will do it for you and provide your login information during your web browser session.
6. Useful Tools To Create Strong Passwords
If you’re looking for the most robust password possible, you can use resources like the ZXCVBN Estimator, an open-source tool created by Dropbox for estimating the strength of passwords.
In addition, thanks to the tool https://lowe.github.io/tryzxcvbn/ you can see how long it would take to crack the given example password. A number will appear in the Guesses_log10 field: the higher the resulting number, the more secure the tested password will be.
7. Dos and DON’Ts While Creating Passwords
a. Creating Strong Password Rules:
- Create separate passwords for each account separately.
- To create strong passwords, use characters, numbers, uppercase and lowercase letters, and special characters.
- Change your passwords from time to time to increase security.
- Use proven password management tools.
- Check the strength of your password with valuable tools.
- Set up a two-factor authentication wherever is it possible.
- Control leaks of your passwords on the Internet.
b. Don’t do this when creating a password:
- Never use the same password for several services.
- Don’t create short passwords that are easily obtained by social engineering. Do not use children’s names, important dates related to your private life, or your pet’s name to create a password.
- Also, don’t do classic swaps like e to 3 or o to 0, as these are tricks known to cyber criminals.
- Check out the lists of the worst passwords to know which ones you should NEVER use.
- Try not to share your passwords with anyone else, as this dramatically increases the risk of them falling into the wrong hands. This may be because the person you share them with uses them to access your accounts, but also because they need to learn how to keep passwords secure.