Make stronger passwords
Note: This article was first published in January 2017 and it was updated and republished for World Password Day 2023.
With identity theft becoming too common, there are two things you need to keep yourself safer online: strong passwords that are easy to remember, and unique passwords that aren’t reused from site to site. Here’s how to do both.
Read this first: Use a password manager
Before you go on, here’s our best advice. If you want strong passwords without fuss, we suggest you use a password manager, like 1Password or Bitwarden. These apps generate unique and robust passwords for each site, like ‘j44A982}3z+n>i[8P8{T,’ and save them for you. All you need to do is enter your single master password to get all your logins.
Password managers used to be pricey to get into, but Bitwarden is free and the premium tier is just US$10 a year. However, while password managers score high on convenience, you’ll need a bit of technical know-how as well to implement them on all your devices.
We’d still highly recommend you go through the learning curve, as password managers provide a secure and easy (once mastered) way to manage your passwords. Even passwords that are 11 characters can be easily cracked these days, thanks to ever-faster processors. The practical way to create stronger passwords is to generate truly random and long passwords that are impossibly hard to remember, using a password manager.
But if a password manager still doesn’t sound like something you want to get into right now, read on.
**Update on 4 May, 2023**
One password manager that we used to recommend was LastPass, but we would avoid using it in light of the security breach the company suffered last year. It was discovered that the hackers got away with customers' encrypted backups which, according to reports, may include account usernames, salted and hashed passwords, and a portion of multi-factor authentication settings."
In short, if you are an existing Lastpass user, you should consider everything that you store in Lastpass compromised.We recommend changingall your passwords and consider using another password manager.
For those new to password managers, consider using another password manager like 1Password or Bitwarden. Your passwords are too precious to be managed by a service that has a history of serious breaches.
Use passphrases to make passwords
You’ll need a way to create a password you can remember, and one way to do that is by using a passphrase.
Start with a phrase of random words like; like “winter agile”. Common and sensible passphrases, like “winter is coming,” are easily cracked.
Include a list of numbers you can remember, but not numbers that can be linked to you like your birthday: “winter agile347”.
Some sites will now insist you also have at least one capital letter and special symbol (in our case, the space between the words is a special symbol): “winter Agile347”.
Use website names to make unique passwords
Now that you have a base passphrase, here’s how to make unique passwords for each site.
Add the first two to four letters of the website to finish your password. For example, to log into Facebook, your combined password will be: “winter Agile347fac”.
You can also use the last two to four letters: “winter Agile347ook”.
And you can insert them into your passphrase anywhere you want, or even add capital letters: “winterFac Agile347”.
The key is to always stick to the same strategy so you can remember your passwords. If you use the first three letters, always use the first three. If you add them at the end, always add them at the end: “winter Agile347HWM”.
Password cheat sheet – the ‘dos’ and ‘don’ts’
How to create strong passwords:
Do create long passwords, at least twelve to sixteen characters. The longer a password, the harder it will be to crack.Do create passwords you can remember. The best password is useless if you forget it.Do create complex passwords with a mix of letters, numbers, punctuation, and symbols. In other words, use the entire keyboard.Do create separate passwords for separate vital accounts.Do make your passwords as random as possible, for example, ‘paswerd FFFac@239!’ is better than ‘passwordFacebook239!’.Do run your passwords through a tested strength tester, like Dan Wheeler’szxcvbn test or GRC’s password haystacks(for security’s sake, you can run your password pattern through the test instead of your real password).
How not to create passwords:
Don’t use passwords that use your personal information because they can be guessed. For example, your name plus your birthday.Don’t use repeating characters or characters in sequence. For example, ‘QWERTY’ or ‘12345’. Not even ‘1qaz2wsx’, which seems complex but follows a clear sequence on the keyboardDon’t use common passphrases that can be easily guessed, like “winter is coming” or “let me in”.Don’t use the same password for more than one site, because if one account is hacked, your other accounts can be stolen as well.Don’t email your passwords or store them in an unencrypted document.
< PrevPage 1 of 1 – Make stronger passwordsPage 1 of 1 – Make stronger passwordsPage 1 of 1 Page 1 of 1 – Make stronger passwordsNext >