To Learn the Anatomy of the Perfect Password, You Have to Know Really Bad Ones
by Joinesty, on Sep 22, 2017 10:34:00 AM
The only way to make your passwords stronger is to learn from the mistakes of weaker ones.
The need for online personal security has never been higher. With data breaches and hacking attacks becoming everyday news, you need to arm yourself with strong passwords to protect all your online accounts.
But how will you ever know if your passwords are too easy to crack? Don’t wait until you’re some overseas cybercriminal’s unfortunate victim to find out. Today we’re dishing everything you need to know about creating strong passwords and ditching ones that leave your accounts vulnerable.
So let’s find out if your passwords are weaksauce or have the strength to stand up to brute-force attacks.
A Weak Password Takes Zero Effort and Offers Zero Protection
If your passwords fall under any of these categories, you’re going to be in for a bad time:The Standard Bad Boys: 123456, password, qwerty, etc.
Hackers employ a slew of tactics to steal your personal information, but brute-force attacks remain the most popular for hacking passwords. These systematically work through the most common passwords and passphrases until they find a match. Keyboard-adjacent passwords, like “qwerty”, “123456”, and “asdfgh”, rank high on the list of the worst passwords because they’re so common. Since they’re such go-tos for the password-lazy, hackers add them to their list first and cross their fingers you’re part of the herd.
And if a hacker already knows the guidelines you need to follow to create a password on that site, their job only becomes easier.
Single Words from the Dictionary
Free password-cracking tools hackers can download online come equipped with a full dictionary of words. They’ll try thousands of words to get into your account, like we mentioned above.
Using common words like “sunshine”, “kittens”, and “canoe” won’t offer your secure accounts the protection they deserve.
Identifying Details and Personal Information
Security experts always say to leave out your full name, parts of your social security number, and your dog or BFF’s birthday when creating your passwords. That’s because if your password gets exposed online, cybercriminals will be able to use this information to get in your other accounts and open fraudulent accounts in your name.
Plus, since identifying information like your cat’s favorite toy or your sister’s phone number can be found so often on social media, it won’t take long for a hacker to connect the dots and unlock your account.
Using the Same Password Twice
One of the cardinal sins of password management, reusing the same password for multiple accounts is also one of the riskiest moves you can make. First, when a data breach occurs, all of the usernames, emails, and passwords connected to that website’s database will be exposed online for hackers to steal.
If they have one password and your email address, what’s to stop them from trying to get into your other accounts using that same information? Variations of the same password don’t work well either. If a hacker knows your original password, say “cupcake1”, they’ll be able to figure out “cupcake2” and “cupcake3” without breaking a sweat.
Now that you know some of the worst password habits, you may be scratching your head as to how to add strength to yours.
Here’s How to Create Strong Passwords to Protect All Your Online Accounts
You can’t control a data breach and you can’t spy on every hacker across the planet. But you can secure your online accounts with strong passwords and update them regularly to keep hackers off your trail. Here are our 7 best tips for creating the perfect passwords:
1. Aim for Length and Complexity
Shorter passwords may be easier to remember, but they’re also easier to crack. To get out of this mindset that passwords are simple words, start thinking of them more as passphrases.
This implies a longer, more complex string of words you may actually remember better than a short, random collection of letters and numbers.
Your passwords should be at least 16 characters long and contain a combination of:
- Uppercase letters
- Lowercase letters
Password cracking programs are really good at cracking short passwords but they have a much harder time cracking anything over the 16-character minimum.
Notice that spaces are crucial here. Certain websites will not count a space as an applicable character, but try it anyway. Many password cracking programs get tripped up with spaces so it’s an added layer of protection.
2. Get Random and Weird
String a bunch of random, strange words together if you’re looking for a strong password. Whether you use the 7th word on page 77 of all seven Harry Potter books or words in different languages that make zero sense when tied together, as long as no one knows your system, you’re on the right track.
Just make sure you can remember that odd combination later down the road.
3. Try a Line From Your Favorite Book or Movie
Can you quote pretty much every line from your fave novel or movie? Why not put that memory to good use and create a password you won’t forget? Long strings of words, mixed with a few symbols and characters for good measure, will not only increase your password’s strength, they’ll give your brain one less thing to remember.
Don’t use the actual quote, though, as that can be predictable.
Tam Frager, IT communications manager at Oregon State University, used a quote from Kurt Vonnegut’s novel Slaughterhouse Five, as a perfect password example here.
The quote “All this happened, more or less,” became the password: Allqth1sqhappenedq,mehrqoderqwen1ger.
According to Frager, the new password uses the letter “q” as a space, the number “1” in place of the letter “i”, and translates the second half of the line to German.
Even Frager’s password hint is too complicated for a hacker to guess: “1. Slaughterhouse Five takes plqce there”.
Giving yourself a password hint like this says:
- You have the actual novel name so you can look up the quote if you forget it
- You know the novel takes place in Germany so you can translate the language
- That typo is no accident — it’s the key used to decode “q” from a space
- The number one is there to hint at your “1” for “i” replacement
Should you copy this example exactly?
Of course not. Your passphrase will only be memorable if it’s tied to something connected to your memory. This exercise is a good way to start thinking outside the password box though.
4. Don’t Be So Honest with those Security Questions
Sure, you’re not going to use your girlfriend’s nickname in your passwords again (right?!), but that doesn’t mean your security questions aren’t just as problematic.
Be too honest here and you could risk an attack as if you were really using her name.
Instead of answering your security questions with the names of real people or places in your life, use those from your favorite books, movies, or TV shows, like we mentioned above, or come up with answers that don’t even match the questions being asked.
So now if a hacker tries to use your social media connections to break into your accounts, the answers won’t match and you’ll be protected.
5. Bump Up Your Password’s Strength with Two-Factor Authentication
Two-factor authentication might be even stronger security than your password itself. Enable it and websites or apps will send a text message to your phone when someone’s trying to login to your account.
As long as a hacker doesn’t have access to your phone, they won’t have the code they need to get in.
6. Keep Updating and Strengthening Your Passwords — Especially for Your Most Used or Sensitive Accounts
Even if you create the strongest password ever, you shouldn’t keep that password forever. Get into the habit of updating your passwords every few months to keep hackers on their toes.
Data breaches happen all the time and you never know which of your passwords have been exposed already — especially if you’re not storing them securely or encrypting them like a password manager does.
7. Partner with a Password Manager for the Ultimate Win
A password manager will save your login credentials and automatically enter them for you so you don’t have to remember them. They’re just as easy to use as your browser’s autofill function, except your passwords are actually encrypted and safe.
This will banish your bad habit of reusing passwords for good. Plus, it will eliminate all the places your passwords are hiding (and vulnerable) when you corral them in one place.
Here’s the only thing: You’ll still need to create a super strong master password to get into your password manager. This password has to take the cake when it comes to length, complexity, and your ability to remember it. Luckily, if you follow today’s tips, that shouldn’t be too hard for you.
Check out our favorite tips for finding the best password manager by this afternoon.
Let Joinesty Secure Your Passwords and Your Email Addresses
Joinesty uses bank-level security to protect your passwords and login credentials so you can make them complicated and keep them hidden from cybercriminals. The Joinesty browser extension works seamlessly to log you into your accounts just as fast as your browser’s autofill function.
Here’s another perk for protection-minded users: Joinesty creates a different email address for each site you sign up for or use.That means you’ll never have to give out your personal email address to sign up for online accounts ever again. Joinesty will forward all the emails you receive and hackers won’t be able to steal your email during a hacking attack or data breach.
With all the scary reasons to stop giving out your email address, you’ll be so glad you’ll never have to do so again with Joinesty.
Secure your accounts. Protect your privacy. Live better online.
Start your free 14-day trial of Joinesty and see our secure email address creation feature in action now!