How to Create Strong Passwords: 7 Best Practices

Learn the 7 essential best practices to creating strong passwords that will keep your sensitive information safe from cybercriminals.
A lock on a keyboard with a credit card to the side, showing the importance of security

7 Best Practices for Creating Strong Passwords

We all have more online accounts than we can remember, which translates to a seemingly endless list of passwords. These passwords are essential, as they protect our sensitive information from unauthorized access by cybercriminals. Due to the sensitivity of the information that our passwords protect, it is critical that we use best practices to create strong, unique passwords across our various accounts – particularly when we consider that, according to Verizon’s Data Breach Report, over 80% of data breaches are caused by stolen credentials.

Here are our 7 most essential tips to creating strong passwords:

1)  Length: How long should passwords be?

The longer a password is, the more difficult it is to crack. Our experts recommend that your passwords should be at least 14 characters long.

2)  Complexity: What makes a password “complex”?

Password complexity refers to how effective a password is at protecting accounts from brute-force attacks – attacks that use trial and error until a password is correctly guessed. There are a few ways to make passwords more complex, such as including numbers, special characters, and a mix of upper- and lower-case letters. For example, a word like “password” could be updated to “p@s$w0rD” to increase complexity. (However, we wouldn’t recommend using any variation of “password” as a password… it’s far too common. More on that later.) This chart from Hive Systems does a great job of displaying how long it takes a hacker to crack your password based on complexity level.

Table displaying how long it takes a hacker to guess a password based on length and complexity.
Table courtesy of Hive Systems

3)  Passphrases: What is a passphrase?

Passwords can be difficult to remember, especially when they are as complex as experts recommend. Passphrases are a helpful way to create long and complex passwords, and they can be easier to remember than randomized passwords. A passphrase is a short sentence or series of words that is modified to create a password. For example, “my password is complex” could become “MyP@ssw0rdIsCompl3x!” to create a passphrase.

4)  Personal Information

Avoid using personal information in your passwords, such as your name, date of birth, pet’s name, hometown, etc. These details can be easily found on social media or through other sources, making them easy to guess and dangerous password components.

5)  Avoid Common Passwords

Avoid using simple passwords like “123456,” “qwerty,” or “password.” These are commonly used, which often makes them a cybercriminal’s first guess when trying to access your accounts. You should also be sure to change passwords on devices or accounts that come with a preset password. Many of these default passwords can be easily found or guessed, making them especially vulnerable.

6)  Unique Passwords: Should you use a different password for each account?

Using the same password across multiple accounts can be incredibly dangerous. If a cybercriminal gains access to one of your accounts, they will quickly be able to access all others that use the same password. Ever wonder why someone may want to hack a seemingly "useless" account, like a mobile game that isn't connected to any of your payment information? It may be because they're looking to crack your password, and then try that same password on more valuable accounts, like your bank. Therefore, it is important to use a different password for each account. Having this many different passwords may seem impossible, but this is where password management tools come in…

7)  Password Managers

A password manager is a tool that can help generate complex and unique passwords for each of your accounts, while securely storing them all behind a master password. Most password managers also have browser extensions that, when downloaded, will autofill your usernames and passwords when you visit the websites you've logged.

Password managers also provide a number of other useful features, such as folders for account organization, password strength ratings, dark web monitoring, and more.


Improving Your Security Posture

Following these best practices will help you create secure passwords to protect your accounts and sensitive information. However, there are additional measures that you can take to further strengthen your security standing. One such measure is enabling multi-factor authentication (MFA), which is an additional layer of security that is highly effective in preventing most data breaches.

While practicing password best practices and implementing other security measures are important on a personal level, it is also essential for these to be implemented on an organizational level. Businesses of all industries and sizes are susceptible to cyber-attacks, and following security best practices can help protect your company’s data. Interested in learning about how Blackink IT can help your organization build a strong security posture? Contact the cybersecurity experts at Blackink IT today!

Subscribe to the Blackink IT blog

Never miss another article from our technology & cybersecurity experts!
Continue Reading...