How Strong Is Your Password: A Guide to Account Security

Do you know what constitutes a strong password? If not, your bank account, social media, entertainment services, and more are at risk.

Getting hacked always seems like something that’s unlikely to happen to you – until it does. The truth is, we could all be at risk. According to Risk Based Security, back in 2019, there were nearly 5,200 company data breaches, leaking sensitive consumer information such as home addresses, emails, and passwords. If a service you use experiences a data breach exposing a password that you reuse across your accounts, a hacker could very quickly take over. They could even leverage information within that account to take over other accounts that may use different passwords. This could all happen before you even know your data was leaked – according to IBM, it took most companies around 206 days to recognize that a breach even happened. The moral of the story? Generating new, strong passwords for each of your accounts is key to lock down account security. However, creating and keeping track of all these passwords can be challenging. That’s why we wrote this guide to password security. Take the time now to learn about creating and managing strong passwords, so you can rest easier knowing your accounts are safe.

How Do Passwords Get Hacked?

While the internet connects us to useful services and our friends and family, it also connects us to bad actors from around the world. By finding basic information, such as your email or username, these hackers can buy or “crack” your login credentials. If you’re using a weak password, this will be a cakewalk for them. Let’s take a closer look at how passwords get compromised:

Passwords Can Be Purchased on the Dark Web

There are plenty of hackers who only want your login credentials so they can sell them to someone else. This is often the case if they conduct a breach or find matches while “credential stuffing” (a hacking method we’ll discuss next). There’s a vibrant marketplace for compromised login credentials on the dark web, a specialized collection of websites that can only be accessed with a type of browser called Tor.

Passwords Can Be “Cracked”

If hackers have a bit of information, such as your username or the password for another account, they can automate processes to attempt to “crack” another account password. The success rates for these types of attacks vary wildly – but if you’re using a weak password or reuse the same password, the success rate could be very high.

Here are some of the most common password security cracking methods:

Credential stuffing: Hackers can easily breach sites with poor security and steal long lists of user credentials. Because many users reuse their passwords on multiple accounts, hackers can automate processes that run the stolen credentials through more sensitive accounts. This requires very little manual work on their end, and they simply wait until they find a match. Once they have access to more sensitive accounts, they can begin more sophisticated attacks.
Phishing: This is a common method that uses social engineering to trick users into volunteering their sensitive information. Hackers may send out fraudulent emails in bulk purporting to be a credible website or vendor, and then have users sign into fake login pages or download malicious attachments. This data is collected and tested against other accounts to commit more severe crimes.
Spraying: With password spraying, hackers automate a program that pairs the most common passwords with your email or username. If you’re using common passwords like “123456,” “qwerty,” “football,” or “letmein,” you’re at very high risk of this hacking method.
Brute force: This is a less common method, but hackers can also try to use algorithms to guess your password. This takes a lot of time and a lot of computer power. The process can be a bit faster if the hacker knows how many characters your password is. However, if you use a long and strong password, it could take lifetimes for an algorithm to work. And even then, if you’ve enabled two-factor authentication, the hacker would be locked out.

Common Password Mistakes

Cybersecurity is a powerful thing if you do it right – but it only takes one weak spot in your defenses for a hacker to break in. Maintaining a strong password is essential, but it’s not the whole story. You can save yourself a lot of trouble by avoiding these common password mistakes:

Using the Same Password

Even if you use one strong password for all of your accounts, if it’s leaked in a data breach, all of your accounts could be compromised. It’s crucial that you generate good passwords unique to each account. This will minimize damage if your password is ever breached.

Changing Your Password Too Often

While you may remember being urged to change your passwords every month, security experts are now encouraging users to make strong passwords and stick with them. Their rationale is this: putting a lot of thought into a strong password will make your account less vulnerable, while constantly generating new passwords makes people more likely to choose weak or common ones.

So, when should you change your password? According to the FTC, you should only switch out your password when you have a reason to believe that it has been compromised or if you recognize that your existing password is too common or weak. Otherwise, create a strong password and stick with it.

Using Common Passwords

People often rush through creating accounts for websites – the process is seen as a hurdle in the way of accessing a service. When you rush through creating a password, your mind will likely fill in ready-at-hand phrases. These are very weak passwords, and because many people end up using the same phrases, hackers can easily break into these accounts.

Such passwords include:

123456
Qwerty
q1w2e3r4t5y6
asdfghjkl
password
passw0rd
soccer
football
iloveyou
Nothing
Secret
Admin
Access

There are a few strategies behind these weak passwords, such as using letters next to one another on the keyboard, counting up from one, or just listing general things you may be interested in (i.e., “football”). The problem with passwords such as these is that they aren’t unique, and tens of thousands of people use them every year.

That makes it easy for hackers to “crack” accounts using these passwords by using an automated process to test thousands of the most common ones against your username. By using complicated, strong passwords, these programs won’t be able to get into your account.

Saving Passwords to Browsers or Devices

To achieve a more seamless login experience, popular browsers like Safari, Google Chrome, and Microsoft Edge offer to save your password. If you agree, your login credentials will be stored in your account, and the next time you visit a website, the credentials will be filled in automatically.

This may speed up the login process, but it isn’t safe. There are much stronger password managers out there – that can still offer autofill. Saving passwords to your browser or device is far from the best password manager means that if a hacker compromises your browser account (such as a Google account), they also access all of your passwords.

On a similar note, saving a list of passwords on your desktop is not ideal. If a virus gets on your computer, this information will be very easy to find. Ideally, you’ll use a secured password manager with two-factor authentication enabled or you’ll write your passwords down and store them in a safe place. We’ll discuss this at length later in this article.

How to Make a Strong Password

If all of this talk about weak passwords has you wondering, “How secure is my password?”, read on. We’re going to take a look at best practices that will keep your accounts safe.

Characteristics of a Good Password

At least 12 characters: The more characters your password has, the stronger it is. For a very strong password, using at least 12 characters is ideal. Passwords of this length are very difficult for cracking programs to uncover, especially if they follow the next couple of tips.
Include special characters: Special characters include unique symbols, such as: ~, !, @, #, $, %, ^, &, *, +, – , ;, :, /, \, {, }, [, ], (, and ). Adding special characters to your password greatly increases its security.
Avoid common patterns: Names, phrases, dates, or letters nearby on the keyboard are not secure. Common patterns are easily exploited by password cracking programs. You also should not include personal information in your password that can be easily found in public records. Using random password generators is useful to do this.
Different for each account: This bears mentioning again. Your passwords must be unique to each account to ensure security. Otherwise, one compromised password becomes the hackers’ master key to the rest of your accounts.

How to Make a Good Password

A good password will fulfill all of the characteristics discussed above. Ideally, your password is entirely random for optimal strength. If it isn’t, you can still make a strong password, but you need to screen it to make sure it’s safe.

For Randomized Passwords: There are specialized programs, within any of the best password managers, that generate very strong passwords for you. These random password generators let you select how many characters you’d like and include which type of special characters to include. Randomization is a very strong strategy, especially if you pair it with a strong password manager with auto-fill capabilities.
For Passwords You Write: If you’re creating your own passwords, you run the risk of using easy-to-decipher patterns. According to the National Institute of Standards and Technology (NIST), you can reduce this risk by screening your passwords. This involves comparing them to common password lists to determine if your password is easy to guess.

Examples of Good Passwords

Let’s put all of that information together and show you some examples of good passwords. Of course, since we’re writing them here and displaying them publicly, you don’t want to use these. However, generating a similar password will help ward off common hacker attempts.

Weak Password: ridebike
Neutral Password: learntorideabikeatfive
Strong Password: LeaRntoRIdEabike@5
Very Strong Password: @VfTwIG:Ve5c1V

Notice how you can systematically increase the security of a password by increasing its lengths, randomizing capitalization, and adding numbers and special characters to it. However, to achieve a truly secure password, you should use random password generators to create an unpatterned string of letters, numbers, and special characters.

How to Keep Your Passwords Safe

Asking you to create long, unique, and strong passwords for each of your accounts is a tall order – but it’s necessary to protect yourself. There are ways to make it easier to keep track of your passwords without worrying about hackers finding a master list of all of your credentials.

Ultimately, it comes down to two methods:

Write Them Down

It used to be ill-advised to write down your passwords, but cybersecurity experts have since changed their minds. Writing down passwords encourages you to come up with really strong ones, while memorizing them encourages weak ones that are easy to remember (and crack). As long as you store your list of passwords in a very safe location, you’ll be safe.

Use a Password Manager

For ultimate ease-of-access and security, you can use a password manager, also known as a password vault. These are digital safes for all of your login credentials, and some automatically generate and fill in your credentials for you, making them incredibly powerful. If you use this method, it’s imperative that you enable two-factor authentication and lock down the account to keep it secure.

Here’s a quick look at some of the best password managers:

LastPass: LastPass is a popular password vault with free and premium options. It offers a highly secure password vault (including options for two-factor authentication) and it supports many different platforms and browsers. LastPass also includes a unique password sharing option, which lets you safely share a password without exposing it. It’s one of the most widely-used free password managers.
Norton: Norton Password Manager is a feature of their Norton 365 security program. This is a paid service that includes a strong password generator, the ability to securely share access to the password vault with trusted individuals, and auto-fill information online.
Dashlane: Dashlane is often ranked among the best password managers. It has all of the password vault features you’d expect, but it adds a lot of security-focused extras, such as dark web scanning and VPN protection. However, one big downside to Dashlane is that you need the premium version to sync across devices.
Google Chrome: Google Chrome also has a built-in password manager. As we mentioned earlier, it isn’t a good idea to rely on your browser’s password vault. It’s far too easy to access, and the auto-fill capabilities that make it so enticing can be achieved using a more secure password manager.

FAQ About Strong Passwords

Who invented passwords?

While variations of passwords and passphrases have been used for a very long time, the first use of a password to protect a user account on a computer is credited to Dr. Fernando Corbato in the 1950s.

Where are passwords saved in Google Chrome?

You can access saved passwords by visiting Settings within Google Chrome, and typing “Saved Passwords” into the Settings search bar. Here, you’ll find a list of all saved passwords, alongside their associated websites. To view them, click the eye logo. You’ll need to enter your Windows password to view it.

Why is password sharing bad?

Sharing a password undoes one of the most important benefits of passwords: confidentiality. If only you know your password, only you can access your account. By sharing a password, you are doubling your chance of exposure, and you can’t be certain that the other person will follow security best practices to keep it safe.

What do you do if you forgot your password to your phone?

If you use an iPhone, you simply cannot bypass the lock screen if you forgot your password. You need to reset your device and then restore your data to your most recent iPhone back up. If you haven’t backed up your phone, you cannot access that data again. If you could, it’d be easy for thieves to bypass your lock screen without the code.

Can I see my passwords on my iPhone?

Yes. As you log into accounts using your iPhone, you’ll be prompted to save them. You can view the passwords that you’ve saved to your iPhone by visiting Settings > Passwords & Accounts > Websites & App Passwords > Select a website to view its associated password.

Where are passwords stored in Android?

Unlike on the iPhone, you cannot save and access passwords in your Android’s general settings. However, Google Chrome is often used as the internet browser on Android phones. You can save and access saved passwords on Chrome within Settings > Saved Passwords.

Let’s Wrap it Up...

Taking the time to create strong passwords now can save you a lot of worry later. If you pair our strong password best practices with two-factor authentication, you can rest assured that your accounts are as secure as they can be. For added security, you can stay off of hackers’ radars by using our privacy protection tool. OneRep removes your personal information from 196 people-search sites, so you can stay in control of your own life.

Sources

Maria Shishkova

Digital Marketer & Privacy Expert at OneRep | LinkedIn