Which of the following makes a good password?

Passwords have become a common topic in the news, with breaches from Twitter, Yahoo, and even Facebook highlighting their risks. If your password is stolen, malicious intent can rob your bank account blind or create extreme havoc on social media pages; especially for those in the public eye. As humans, we create passwords we can remember. Combinations of birthdays, loved one’s names, or even pets’ names. We use them to protect our bank accounts, social media sites, mail, and even our taxes.

The problem with passwords is we need so many of them. Potentially one for every resource previously mentioned.

In order to simplify our lives, we re-use them, and unfortunately we re-use them everywhere. This means that if your password is compromised in one location, hackers potentially can re-use them in every other place you have cloned its usage. This leads us full circle back to the potential malicious intent that can be exploited if only one place leaks that reused password.

Basic rules everyone should follow.

In order to combat this problem, we need to establish some rules of engagement for passwords and ensure their strength is sufficient. First here are some basic rules everyone should follow:

• Never re-use the same password between work and home
• Never re-use the same password for financial institutions and social media
• Never re-use the same password for an administrator account at work as your standard logon
• Never tell anyone your password. If you need to share it, change it when the other person is done with using it.
• Change your passwords frequently.

To that end, the passwords themselves need to be secure. The strength of a password should have several key attributes that make it more difficult to crack with traditional techniques including:

• Brute force – testing a password over and over again with combinations of characters (numbers, letters, and symbols) until one matches. This is why the length and potential types of characters to be included are so important. It makes the possible number of combinations potentially that much harder to test mathematically.
• Dictionaries - testing of the password with words in the dictionary, commonly used passwords like “Passw0rd”, or the default passwords manufacturers provide like “Cisco”.
• Social engineering – testing of a password based on known attributes about them including things like their birthday, anniversary, or even child’s name.

And once you finally select a password, its strength needs to observe these parameters:

• Length of the password – preferably over 12 characters
• Complexity of the password – must contain letters (upper and lower case), numbers, and symbols and have a minimum number of each
• Contain no repetitive characters
• Contain no human readable words, names, dates, or recognize context with the password
• Should not be reused from a previous time and date
• Should not contain sequences from a keyboard like ‘qwerty’ or ‘zxcvb’

Solutions for personal and business use.

With these in mind, it is very difficult for a person to remember passwords that have no rhyme or reason for creation. Especially for all the ones they need to create to meet every single one of these rules. Personal password managers help with this by creating random passwords that are nearly non-human readable and secured by only one password the user needs to remember. Something obscure and only used for the password manager itself.

For individuals, use a secure personal password manager to remember your passwords and create new randomized ones helps solve this problem. No two passwords are like, they are securely locked up in the cloud, and all you need to remember is your primary keychain password to access them. For businesses, the use of an enterprise password management solution for password tracking, release, randomization, and workflow solves this problem as well. Policies control all the parameters above and the passwords are always randomized and changed like clockwork.

Take my advice, folks, and don’t be the next victim.

Why Having A Strong Password Is Important

A strong password is the main barrier keeping most of your online accounts from being hacked. Without up to date practices, you might be using passwords that cyber-frauds can easily guess within hours. Exposing yourself to identity theft and extortion is a risk you should never take. You will need to create passwords that can fight modern password theft methods.

Weaknesses in your account credentials can be a cybercriminal’s dream. But their success is your nightmare, so you’ll need to take steps to avoid being a victim of password hacking.

Password Security Threats

Compromised passwords give cybercriminals an open door into your most personal accounts. So, of course, you'll want to build a password that hackers are unlikely to discover.

The average user will create passwords to fool human hackers. This used to be a smart way to fight data theft. A criminal would use any information they could find about you and use common patterns in passwords to guess yours. You used to be able to just switch up the characters in your passwords and “Tr1Ck” your way into security. But hackers took notice.

Cybercriminals use sophisticated technology to get your passwords nowadays. This is important since many people try to make passwords hard for people to guess, but do not consider efficient algorithms. Software is designed to account for crafty user behavior as it guesses your passwords.

Here are some methods hackers use to get into your accounts:

Dictionary-based hacks use an automated program to combine dictionary words in common ways. Users make passwords easy to remember, so these hacks try to mimic obvious patterns.

Social media and publicly shared personal info are used to target you personally. Users commonly include names, birthdays, and even favorite sports team names in their passwords. Much of this info can be revealed just by spending a bit of time browsing your social media.

Brute force attacks use an automated program to recreate every possible combination of characters until it finds your password. Unlike dictionary hacks, brute force doesn’t handle long passwords well. However, short passwords can easily be discovered within hours in some cases.

Phishing involves a scammer pressuring you to give the hacker your money or valuable info. They pretend to be credible, usually as a trusted organization or someone you may know. Phishing scammers may call, text, email, or message you on social media. But they can also use fraudulent apps, websites, and social media profiles. If you believe you need protection against phishing attacks, we recommend using Kaspersky Internet Security.

Existing data breaches have exposed many passwords and other sensitive data already. Companies have been getting hacked more frequently, and hackers take all the data to expose it online for a profit. This can be especially threatening if you've reused old passwords since outdated accounts are likely to be compromised.

How to Create a Strong Password

To protect yourself against the newest hacking methods, you'll need powerful passwords. If you're wondering. "how strong is my password?" here are some tips to help you create a strong password:

1. Is it long? Try for over 10-12 characters minimum but aim to make it longer if possible.
2. Is it hard to guess? You should avoid sequences (“12345” “qwerty”) because these can be brute force hacked in seconds. Also, avoid common words (“password1”) for the same reason.
3. Does it use varied character types? Lowercase, uppercase, symbols, and numbers can all have a home in your password. Variety can increase how unpredictable your password is.
4. Does it avoid apparent character substitutes? For example, you might use the number zero “0” in place of the letter “O.” Hackers code these into their software nowadays, so avoid this.
5. Does it use any uncommon word combinations? Passphrases might be more secure when using unexpected words. Even if you are using common words, you can arrange them in an odd order and make sure they are unrelated. Both methods can throw off dictionary hacking.
6. Will you remember it? Use something that makes sense to you but will be hard for computers to guess. Even random passwords can be remembered by muscle memory and being semi-readable. But passwords that lock you out of your account won't help much.
7. Have you used it before? Reusing passwords compromises multiple accounts. Make it original every time.
8. Does it use a rule that’s hard for computers to guess? An example might be a passphrase of three 4-letter words, where you are replacing the first two letters of each word with numbers and symbols. This might look like: “?4ee#2ge?6ng” in place of “treecagesing”

Secure Password Examples

Generally, there are two main approaches to making strong passwords:

Passphrases are based on a combination of multiple real words. Uncommon words with character-swapping and random characters mixed in have been used in the past, like “Tr1Ck” for “trick” or “84sk37b4LL” for “basketball”. Algorithm hacks know this method now, so better passphrases are usually a mix of common unrelated words in a nonsensical order. Sometimes, there may be a sentence that has been chopped and swapped with a pattern only the user knows.

A passphrase example might be, “coW!burN#movE?pianOh” (using the words cow, burn, move, and piano.)

Passphrases work because they are:

• Easy to remember.
• Trick dictionary and brute force hacks.

Random character strings are purely random, using a mix of all character types. These passwords include uppercase, lowercase, symbols, and numbers in a spontaneous order. Since there is no method to how the characters are arranged, guessing is incredibly tricky. Even hacking software can take trillions of years to figure out these passwords.

A random character string example might be, “f2a_+Vm3cV*j” (which might be remembered using the mnemonic, fruit 2 apple _ + VISA music 3 coffee VISA * jack)

Random character strings work because they are:

• Nearly impossible to guess.
• Very difficult to hack.
• Can be remembered by muscle memory and mnemonics.

Strong Password Examples

When creating your password, examples can help you through the process.

Here are some tips on how to create a strong password:

Example 1: IwiCcR!fOdIiNkE?

Why it is considered strong:

• It starts with a passphrase, “I want ice cream! for dinner in Kentucky?”
• Uses a rule to keep the first 2 letters of every word and capitalize every second letter.
• Long at 14 characters.
• Uses special characters: “!” and “?”
• Includes uppercase and lowercase letters.

How to make it better:

• Add characters to make it longer.
• Add numbers.
• Example: IwiCcR!7fOdIiNkE?6

Example 2: !HMnrsQ4VaGnJ-kK

Why it is considered strong:

• Randomly generated using a password generator.
• Long at 16 characters.
• Uses special characters: “!” and “-“
• Uses uppercase and lowercase letters.

How to make it better:

• Use a mnemonic to remember it.
• Example: “! HULU MUSIC nut rope skype QUEEN 4 VISA apple GOLF nut JACK - korean KOREAN”

Example 3: rageducksimplemoon

Why it is considered strong:

• Based on a passphrase, using multiple common, unrelated words.
• Long at 18 characters.

How to make it better:

• Use varied characters — uppercase, lowercase, symbols, numbers.
• Replace some characters with other types.
• Example: !Age#Uck?Imple3Oon (Using this rule: uppercase second letter of each word and replace every first letter with a character.)

How to Use and Remember Passwords

With so many unique passwords to keep up with, you’ll need to be careful about how you store them.

To stay safe, don’t do the following:

• Write down passwords on paper.
• Save passwords in your phone’s notes app.
• Save in your browser’s autofill password saver.

However, you will want to use the following methods:

Activate two-factor authentication on all your most valuable accounts. This is an additional security check following a successful password entry. It uses methods only you have access to, such as email, text, biometrics (ex: fingerprint, face ID), or a USB security key. 2FA keeps crooks and prying eyes out of your account, even if your password has been stolen.

Update your most essential passwords often. When you decide to update, be sure to take action and change them. It is a hazardous practice to keep your password and only change a few characters. You'll want to update your passwords in regular timeframes like every month. Even if you don't update every password, be sure to change them for the following accounts at least:

• Online banking
• Bill payment
• Password manager master password
• Social media
• Email
• Phone provider

Ultimately, remember that if your password is convenient for you, it’s probably convenient for hackers too. Complex passwords are the best way for you to protect yourself.

Use a password manager like Kaspersky Password Manager. The main benefits of using a password manager include being encrypted and being accessible anywhere you have internet. Some products have a password generator and password strength checker built in.

Related articles:

• Internet Banking Security to Keep Fraudsters Away
• How to Generate Strong Passwords for Your Social Media Accounts
• What is Phishing and how does it affect email users
• Stay Safe with these Online Shopping Tips

What are 4 things that make a good password?

Which type of password is called good password?

What 3 things make a strong password?

Is a good password?