The Power Of A Strong Password
Updated October 15, 2020
Complete Guide to Strong Passwords
Passwords have been around for more than 2,000 years though it’s only been since the 1960’s that they’ve been utilized in computing, such as logins. Read on to find out what gives a password strength, how they can be cracked or engineered, popular passwords to avoid and some handy resources to help generate strong passwords in this Complete Guide to Strong Passwords.
What Makes a Password Strong
Passwords are designed to uniquely identify the person logging in or using a computer system. Because the string of characters is known only to one individual, the identity of the user can be confirmed through use of a particular string.
Passwords that rely on common words or phrases, names or initials, birth dates and relatives names all can be compromised with a bit of guesswork. The whole point of password strength is in making it so that someone cannot guess it with common information or by using brute force trial and error of every possible combination.
Weak passwords can have few characters, all upper or lowercase and thus be easily guessed with enough tries.
Strong passwords rely on:
– 10+ characters (some recommend 15+)
– upper and lower case characters
– punctuation (special characters)
Weak passwords are characterized by the use of:
– your name or initials
– birth date
– pet name
– social security number
– dictionary words
– repeating digits (like ZZZ111)
– any of the above with number replacement (3 instead of E, 1 instead of I, etc)
Password Best Practices
Writing your passwords down and taping under the keyboard or mouse pad isn’t any more secure than writing on a sheet of paper and laying it on top of your personal effects in the top desk drawer.
Using the same password on multiple sites is an invitation to have your accounts hacked. If any one of the sites you use gets compromised, then all of them where you’ve used a common password are subject to hacking.
Telling your password to someone defies the whole point of a password. It’s designed to be known only to you so that you can be uniquely identified.
How Easy are Passwords to Crack
Whether you call it hacking, cracking, breaking, deciphering, guessing or just plain breaking in to a system with your credentials, passwords can be brute forced through enough time and computing power over time.
Want to know how long your password will take to crack?
Here’s a few different places to check your password strength – be sure to alter any you test before using them directly on anything important.
Password Cracking Time Checkers
Password Length vs Approximate Time to Crack**
1 digit .0000000008 seconds
2 digits .000000044 seconds
3 digits .0000009 seconds
4 digits .000045 seconds
5 digits .036 seconds
6 digits 10 seconds
7 digits 15 minutes
8 digits 1 day
9 digits 3 months
10 digits 18 years
**Cracking time will vary based on choice of characters and available computing power for the task. These ballpark figures are based on use of upper, lower, numeric and special characters, none of which are repeating.
Common Passwords to Avoid
In addition to the most popular passwords to avoid lists that come out each year, it might be fun to check and see if the great password you’re wanting to use has been used before – and whether it was exposed in a data breach, check out the haveibeenpwned.com password checker.
With growth of technology, comes growth of security breaches. Millions of internet users each year have their information stolen from (seemingly) a ‘reliable’ website. When these hackers breach your account, how many of your accounts in total are they really gaining access to if you continually use the same password? You wouldn’t want one key to unlock every door you enter, so keep the same concept in mind when choosing a password.
Most data breached set of logins have been picked up and circulated across countless hacking communities and is likely being used just like dictionary passwords are via automated tools. In other words, if your password is found on the leaklist, odds are it’s going to be tried time and time again against a number of websites. This is especially true if your email address is found in the leaked data!
How Social Engineering is Used to Get Passwords
There are brute force computer scripts designed to keep trying passwords until they hit upon the right one, guessing your login details and circumventing the secure password you put in place.
Social engineering, on the other hand, is where human interaction is used to get you to give up your password without a fight. By convincing you that they’re someone other than a malicious hacker and that they have legitimate needs for that information, you end up giving them exactly the information that you’re trying to protect.
Strong Password Generators
Rather than trying to continually come up with 10+ character passwords that follow all the best practices, using a strong password generator can make life easier.
Take your pick from a wide selection of password generators – there are plenty of them to choose from across the internet.
Where to Store Your Passwords – Password Managers
Choose an online password manager and you’ll be able to secure hundreds of impossibly difficult to remember, unique passwords for each of all your online logins, easily. There are paid options on the market, but some free password managers are loaded with features and generally include strong password generators.
Using strong passwords and following best practices can give you a fighting chance at maintaining security amid a sea of automated script attacks and creative human social engineers who’d like to impersonate you. The four following factors are most important when setting up your password:
1. Get an online password manager
2. Set strong, unique passwords for every site
3. Don’t re-use old passwords
4. Don’t delay, start today