As we all tend to live our lives connected online more and more these days, we’re tasked with having more and more online accounts to access all our goods and services.
Every single day, these services and their accounts are under attacks from people who are trying to access our personal information, credit card numbers, and essentially gain access to any and every account that they possibly can, so they can sell your information to the highest bidder, or perform acts related to identity theft.
Now, I’m not saying all that just to scare you, but the reality of it is identity theft has become far more common in the past 10 to 20 years since the advent and propagation of the internet, and the increase in global connectivity online. One of the major ways that account compromises are possible is because many account passwords are insecure and easily determined by those with malicious intent and technological prowess.
In fact, many people don’t even know how to make a good strong password for their accounts in the first place. Here in this post I will give you a basic overview of how to make reasonably strong and secure passwords, and talk about what makes a password secure.
So let’s get started. First we’ll take a look at some best practice tips for your passwords, and then I’ll give you some examples of making simple yet secure passwords that you can remember easily.
1. Don’t use words you can find in the dictionary
This is a very common mistake that people do all the time. There are computer programs out there for cracking passwords that run through a list of every word in the dictionary automatically, and if your password has any of the words it finds, it just makes it that much easier for the remainder of your password to be guessed and then compromised.
2. Don’t use all lowercase or all uppercase letters
A password is stronger when it contains a mix of both lowercase and uppercase letters. If your password is all lowercase or all upper case, then it is not as secure as it could be. Even just introducing a single opposite case letter can improve the security greatly over one that has only a single case type.
3. Don’t use all letters or all numbers
If your password is only letters, even if you aren’t using words able to be found in a dictionary, it’s still considered a “weak” password. Likewise for passwords which include only numbers. In fact, passwords with only numbers in them are even easier to crack, since there are only a possible 10 values vs. at least having 26 choices with letters, or 52 if your password includes both uppercase and lowercase.
But I digress. It’s still not secure enough however. A stronger password would be a combination of letters and numbers, but that’s still not ideal yet. Let’s keep going.
4. Don’t use the same password for different online accounts
This is a big one. Many people do this, simply because it starts to become difficult to remember all those passwords. Even I have been guilty of this one from time to time myself. But as best as you can within reason, you are going to want to have a different password for each of your accounts.
The reason why this is not a good idea to do is because if one of your passwords is compromised on one of your many accounts online, and you have used that password on other accounts, then every account where you have used that password, it is now vulnerable to access from whoever it was that got your password from your single account.
In other words, the more frequently you use a single password across accounts, the less secure that password becomes, and by extension, the more vulnerable all of those accounts become too.
5. Don’t use short passwords
Even if you follow the rest of these suggestions outlined here and elsewhere on the net for good password practices, if your password is only 6 characters long, it won’t matter very much how secure you make it.
Arguably the most important factor in making a strong password is length. The longer the password is, the more difficult it becomes for those with malicious intent to compromise it.
A secure password has…
Here is a short list of the “rules” if you will, for a secure password.
In order for a password to be considered secure, it must have:
- No dictionary words
- At least 1 UPPERCASE letter
- At least 1 lowercase letter
- At least 1 number
- At least 1 symbol (Some symbol examples include: ! @ # $ % ^ & * ( ) – _ / and there are others you can potentially utilize too.)
- At least 8 characters in length (the longer, the more secure)
But how am I supposed to remember all that?
Yes, you’ve hit upon the potential conundrum with all this secure password business. As great as having a secure password like #7drjR48296&#!!kdXB is, how are you supposed to remember a random string of characters like that, especially taking into consideration point #4 earlier? You would need a different one of those gargantuan strings of difficult-to-remember passwords for EACH online account you use.
Well, the answer is simpler that you might expect. Let’s take a look at some example passwords and I’ll suggest some ways you can make them secure and also easy to remember.
Let’s say you’re a dog lover, and you have an unsecure password on your account that looks like this:
If we reference the “rules” for a secure password discussed previously, we can see that this one is lacking in quite a few ways. There is a mix of uppercase and lowercase letters (the first character is an uppercase ‘i’ in case it’s hard to tell visually,) and the length is 8 or more characters long, but other than that the rest of this password fails to be secure. It doesn’t use any numbers, or symbols, and it uses words found in the dictionary.
So let’s work on this password a bit. One of the best ways I have found to make a password both memorable and secure, is to start with a simple password like this one which is easy for you to remember, and just make modifications to it.
So let’s look at our numbers and symbols, and see if we can find any similarities. We know our password is lacking both of these elements and requires them in order to be considered secure. And we also want to try to change those dictionary words into something that doesn’t necessarily match up.
So here is an example of one possible way we can improve upon the original.
All I have done here, is replace that lowercase ‘i’ in ‘like’ with an exclamation point (you can think of it like an upside-down ‘i’ if that helps you remember) and that gives us our “at least 1 symbol” requirement met. It also removes the dictionary matching word “like” from our password too. For the ‘o’ in ‘dogs’ I just replaced that with the number ‘0’ instead. Similarly, this had the effect of removing the dictionary searchable word “dogs” from our password, and meeting the “at least 1 number” requirement.
Two simple changes were all that were necessary in this case, to take this from being a relatively weak and insecure password, and turn it into a secure password, all while keeping it still fairly easy to remember.
Pick a phrase or term that is easy for you to remember as a basis for your own passwords, and with just a few small changes following the secure password rules, you’ll have vastly improved passwords to help keep your online accounts as secure as reasonably possible.
If you want to take it even a few steps further (not required) you can check out the next section where we’ll take another look at how to make this password even more secure.
Expanding further for the curious/interested
Even though the password we put together in the previous section is a secure one, it’s a bit on the short side with only 9 characters. Remember, the longer a password is, the more secure, as long as it’s still following the secure password guidelines.
But with length comes increasing complexity and more difficulty in remembering it, right? Not necessarily! Here’s an easy trick for increasing the length of an already secure password.
Let’s say you really like the number 4, and it’s your favorite number and there’s no way you’ll forget that. Next let’s pick your favorite symbol, maybe it’s the hyphen –
Now, let’s combine your favorite number 4, with your favorite symbol – and think of some ways you can add that in to your secure password to increase its length, and still keep it easy to remember.
Here are some example variations to our original 9 character length secure password Il!ked0gs
- Total characters: 11
- Total characters: 11
- Total characters: 13
- Total characters: 13
- Total characters: 17
(NOTE: If it shows —- as one long line and a single hyphen at the end as you are reading the above password examples, know that those are supposed to instead be 4 hyphens in a row. It doesn’t display that way as I type/edit it, but may display like that when reading automatically. My apologies for any potential confusion.)
You get the idea here yes? These are just a few small examples of what you could possibly do, and simple ways to increase the security of even your secure passwords by increasing their length. If you make it a pattern or something easy for you to remember, then it doesn’t necessarily make the passwords any more difficult for you to remember what they are either.
Another thing that you may or may not choose to do in your passwords is plan for iteration. In other words, build into the password some kind of sequence that you are easily able to remember, in the event that you want/need to change your password, but want to keep it close to what you had before so it is still easy to remember.
One way you might do this is for example with the first improved password in the above list: Il!ked0gs-4
You could take that -4 portion of it, and when you change your password, make it -5 instead, and the next time, -6, and so on and so forth.
Now there are arguably pros and cons to making the iteration very obvious like that. The pros of course are that it is easy to remember and the new password is still technically secure. However if you did have one of your account passwords actually compromised, and all you change on it is a single predictable number, especially when it’s visually separated like that and might be easy for someone to guess, probably one of the first things they would try is changing that last number after the hyphen.
So it just depends really. There are other ways that are much less obvious you could use to implement iteration into your passwords. For example counting up 3 numbers each time instead of just 1, or changing a letter in some pattern and not a number. I’ll leave those possibilities to your imagination and creativity to come up with on your own. And remember building in iteration like this is totally optional, you decide if you want to do it at all or not for your passwords.
Even with this possible shortcoming though of building in iteration for the sake of convenience and easy memorization, these passwords are still secure, and much much better than an account that doesn’t even have a secure password to begin with.
I hope this post was helpful for you, and gave you some good food for thought. If you didn’t know before you read this article, then at least now you have a good idea of what makes a secure password vs. a weak one, and how to make stronger passwords that are still pretty easy to remember.
I’m not a security expert or anything, so the extent of my good password practices knowledge pretty much ends here. I’ve shared with you what I know, but by all means, check out some sites on your favorite search engine if you’re at all interested in good tips for staying secure online. There are great resources out there in video and podcast form too that delve much deeper into this topic than I would be able to assist you with.