How to Make a Strong Password

Pretty much everything nowadays is password protected. Even though this is a simple topic, knowing the difference between a strong and weak password is critical for keeping your personal information and devices unbreakable!

Before getting into what makes a password strong, let’s go into some basic ways that passwords can get hacked so that you can know the importance of a strong password.

1. Social Engineering

   This is a method hackers use to manipulate people into giving them information. (View my blog posts on types of cyber fraud and phishing to learn more)

2. Malware

   A simple definition of Malware: Software that is intentionally designed to cause damage to any programmable device, service, or network.

   What is an example of malware that specifically targets passwords?

   Keyloggers: A software that records keystrokes made by a user. If a keylogger is ever put on your computer, anything that you type becomes available to a hacker. So, if you enter in your computer password, social media passwords, bank account information, a hacker can use all of that against you. 

3. Brute Force Attack

   This method refers to an attacker trying different passwords with the hopes of eventually guessing the correct one. It is very common for hackers to use this method if they have a lot of relevant information that would be used for the password, like name, date of birth, address, family names, and their past passwords. 

4. Dictionary Attack

   A dictionary attack is similar to a brute force attack since it tries different passcodes until the correct one is reached, but it is different since it uses an automated process of using a generated list made up of commonly used passwords, word phrases, and numbers. In order to beat a dictionary attack, having a strong and unique password is pivotal since dictionary attacks take advantage of the fact that people use common and memorable words in passwords. 

5. Mask Attack

   This method is more sophisticated than a dictionary attack since it checks passwords that match a specific pattern. Based on information that an attacker knows, the mask attack tool allows a hacker to get the password in a faster time than brute force and dictionary, because the search is more refined. For example, if you know that a user’s password starts with the letter ‘A’ and ends in a number, you can refine the searches to reflect that. 

6. Shoulder Surfing

   This is what it sounds like - someone can look over your shoulder when you are logging into your computer or website and see your password. This is also common at stores or ATM’s when people can look over your shoulder to see your PIN number. You should always be careful of your surroundings when doing anything related to your personal information!

Ok, now that we got that covered, let’s go into the anatomy of a strong password!

Strong Password Requirements:

1. At least 8-10 Characters long

2. Combination of uppercase and lowercase letters

3. Include numbers and special characters (` ! ” ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | < , > . ? /)

4. Does not include your name, birthdate, address, other personal information, your previous passwords, or common words/phrases!

Tips:

1. Be creative! Do not use commonly used words, keyboard combinations, letter/number combinations. 

2. Don’t use the same password for multiple accounts. If one of your accounts ever got compromised, it would be very easy for someone to access all of your other accounts with the same password. 

3. Never leave a digital trail of your password! You should never write out your password in a text message or email to someone. 

Avoid these common passwords!

1. 12345678910

2. Password

3. Qwerty

4. passwOrd

5. Abc124

6. 12121212

7. Abcdefghij

8. 111111

Once you have a strong password set, don’t forget to take advantage of Multi -Factor Authentication (MFA) if that is an option.

Simple definition of MFA: An extra step of security that requires an added piece of information to authenticate the user.

Common examples of this are security questions that are asked like “What was the street you grew up on” or verification codes sent to your email or cell phone number, or an actual phone call that tells you the code. Using MFA makes it extremely difficult for cybercriminals to gain access since they do not have that device on hand with them, or they do not know that information. Once a cybercriminal sees that step, it definitely deters them from going forward with their plan as well. 

Keeping your identity and devices secure starts out with a solid password! If you do not have that, you leave yourself susceptible to intrusion. Share this information with your friends and family!