Introduction
In today’s digital age, passwords are essential for securing our online accounts, from social media to online banking. Many people still use weak passwords that are easily guessed by cybercriminals, leaving them vulnerable to hacking and identity theft. This is probably due to the fact that many people find it hard to manage and remember a lot of complex passwords. However, the importance of using and managing strong passwords cannot be stressed enough. According to the Verizon 2020 Data Breach Investigations Report, compromised or stolen passwords are responsible for 80% of hacking-related breaches. Also, a study by the UK National Cyber Security Centre found that the most common password in breaches was “123456”, which was used in 23.2 million breaches. So, creating strong passwords and remembering them can be challenging, but it is very crucial for protecting our sensitive information.
This article will provide you with a guide on how to create strong passwords and remember them. We will cover the basics of password security, including why strong passwords are important, the common types of cyberattacks that target weak passwords, and the principles of creating strong passwords. We will also discuss some of the most common mistakes people make when creating passwords and offer tips for avoiding them.
In addition, we will explore the various tools and techniques that you can use to manage your passwords, such as password managers and two-factor authentication. By the end of this article, you will have a thorough understanding of how to create strong passwords that are difficult for cybercriminals to crack and strategies for keeping them safe and secure.
Characteristics of Strong Passwords
A strong password is the cornerstone of your online security. It can protect you from hackers and cybercriminals, and safeguard your personal and financial information. But what makes a password strong? There are three key characteristics that define a strong password: length, complexity, and randomness.
Firstly, length is one of the most important factors when it comes to password strength. The longer your password is, the more difficult it is for a hacker to crack it. Passwords should be at least 12 characters long, but even longer passwords are better. A password that is 20-30 characters long is ideal.
Secondly, complexity is another important factor to consider when creating a strong password. Your password should contain a combination of uppercase and lowercase letters, numbers, and special characters such as !, @, #, $, %, ^, &, *, (, ), -, _, +, =, {, }, [, ], ;, :, ", ', <, >, ?, and /. The more complex your password is, the harder it is to crack.
Thirdly, randomness is the final characteristic of a strong password. Avoid using predictable patterns or easily guessable information such as your name, birthdate, or pet’s name. Instead, use a combination of random letters, numbers, and characters. The more random your password is, the more secure it is.
Here are some examples of strong passwords:
u9E%t7$Pf5Q#
3qJ@r5fVx#K*
G7#sM9$t2Fh6
L5d#k9Kj2&h@
2#sTm4dRf7Q$
It’s important to note that password strength can be measured in terms of entropy, a measure of the randomness and unpredictability of a password. The higher the entropy, the stronger the password. Password entropy can be calculated using mathematical formulas that take into account the length of the password, the character set used, and the frequency of each character. One common formula used to calculate password entropy is:
entropy = log2(N^L)
Where N is the size of the character set used and L is the length of the password. The log2 function is used to convert the result to bits of entropy. For example, a password with a length of 12 characters and a character set of 62 (upper and lower case letters, digits, and special characters) would have an entropy of approximately 71 bits, calculated as:
entropy = log2(62^12) = 71.6 bits
According to the National Institute of Standards and Technology (NIST), a password with an entropy of at least 80 bits is considered strong. There are also online password entropy calculators that can help calculate the entropy of a given password. It’s worth noting that while entropy is an important factor in password security, it’s not the only factor to consider, and there are other ways that passwords can be compromised, such as through phishing attacks or other forms of social engineering. To learn more about password entropy, read “Entropy and Information Theory” by Robert M. Gray and “Information Theory, Inference, and Learning Algorithms” by David MacKay.
To sum it up, a strong password should be long, complex, and random. The higher the entropy of your password, the stronger it is. Remember that the more unique your password is, the less likely it is to be cracked by a hacker.
Techniques for Creating Strong Passwords
Passphrases are a popular technique for creating strong passwords that are easy to remember. A passphrase is a sequence of words that are strung together to create a long password. Passphrases are typically at least 15 characters long and can include spaces and special characters. The advantage of using a passphrase is that they are easier to remember than a random string of characters while still being highly secure. For example, a passphrase like "CorrectHorseBatteryStaple" is much more secure than a short password like “1234” and easier to remember than a random combination of letters, numbers, and symbols.
Random word combinations are another technique for creating strong passwords. This technique involves combining unrelated words to create a long and complex password. This approach can result in passwords that are more difficult to guess or crack than shorter passwords that use complex characters. An example of a random word combination password is “PurpleMonkeyDishwasher”.
Password generators are another option for creating strong passwords. Password generators create passwords that are truly random and highly secure. They are typically built into password management tools and can generate passwords of varying lengths and complexity. While this is a convenient way to create strong passwords, it is important to use a reputable password generator to ensure that the generated passwords are truly random and secure. One example of a good password generator tool is this one by AMZ IT Solutions.
When creating a password, it is important to avoid common mistakes, such as using personal information like birth dates, names, or addresses. Personal information can be easily obtained by hackers, making it easier for them to guess your password. Another common mistake is using a password that is easy to guess, such as “password” or “123456”. Such passwords are highly insecure and are easily cracked by attackers.
There are several techniques for creating strong passwords that are easy to remember and highly secure. Using passphrases, random word combinations, and password generators are all good options for creating strong passwords. You can also gain more ideas on how to create strong passwords by reading the book “Perfect Passwords: Selection, Protection, Authentication” by Mark Burnett. It is also important to avoid common mistakes when creating passwords, such as using personal information and using easy-to-guess passwords. By following these guidelines, you can create strong passwords that are highly secure and help protect your sensitive information.
Strategies for Remembering Passwords
This is probably the part you’ve been wanting to read most. Remembering passwords, especially strong ones, have always been the challenge for many. There are several strategies that can be employed to remember strong and complex passwords. One popular option is to use a password manager. Password managers are software applications that store and organize passwords, allowing users to create and use strong passwords without having to remember them. The password manager encrypts the passwords and requires a master password for access. Some popular password managers include LastPass, 1Password, and KeePass. However, remember that if you use a password manager, make sure that you only use it on your personal devices and not on a public device.
Another technique for remembering passwords is the use of mnemonic devices. Mnemonic devices are memory aids that can help people recall information. A common mnemonic device for creating passwords is to use the first letter of each word in a sentence to create a memorable phrase. For example, the sentence “I have two dogs named Max and Lucy” could be turned into the password “Ih2dnMaL”. This technique can make it easier to remember complex passwords while still providing a high level of security. The more creative you get, the more complex passwords you can create and remember.
Personalized memory tricks can also be effective in helping people remember passwords. This could include using a pattern or shape on the keyboard to create a password, or associating the password with a specific event or memory. However, it's important to make sure that the personalized memory trick is not something that could be easily guessed or discovered by an attacker.
While it can be tempting to write down passwords to help remember them, this is not a recommended strategy as it can lead to security vulnerabilities. Instead, it’s important to focus on techniques that allow for strong passwords that can be remembered without needing to be written down. As security expert Bruce Schneier notes in his book “Secrets and Lies”, “Never write down a password. Instead, create a password that you can remember without writing it down.”
Best Practices for Securing Passwords
Creating strong passwords and remembering them is only one part of password security. To ensure the safety of your accounts, it’s important to follow best practices for securing passwords. One of the most obvious best practices for password security is to never share your passwords with anyone. Not even with people you trust or with family members, unless absolutely necessary. Passwords are a personal security measure and should be kept confidential. Even if the person you trust won’t betray you, they might not be able to protect your password with the same attention that you do (they do have their own passwords to worry about).
Another practice is to use two-factor authentication wherever available. Two-factor authentication is a security measure that requires an additional step to verify your identity. This can include a fingerprint scan or a code sent to your phone. By adding this extra layer of security, it becomes much more difficult for a hacker to gain access to your accounts.
You should also make it a practice to change passwords regularly, even if you don’t suspect any security breaches. By changing your passwords periodically, you are minimizing the chance that someone has gained access to your accounts. However, if there has been a security breach at a website or service you use, it’s very important to change your password immediately. This can prevent hackers from gaining access to your other accounts, especially if you use the same password across multiple sites (a lot of people do).
Conclusion
A strong password is essential to keep our digital life secure. In this article, we’ve discussed the characteristics of strong passwords, techniques for creating strong passwords, strategies for remembering passwords, and best practices for securing passwords. By following these tips, you can help ensure the safety of your personal information and prevent cyberattacks.
Remember, a strong password should be long, complex, and random. The longer the password, the better, and it should contain a mix of uppercase and lowercase letters, numbers, and symbols. Passphrases and random word combinations are excellent techniques for creating strong passwords, and password generators can also be used. Avoid using personal information such as your name, date of birth, or address as part of your password.
To remember your passwords, you can use password managers, mnemonic devices, or personalized memory tricks. But always avoid writing your passwords down. Remember to never share your passwords with anyone, use two-factor authentication, change your passwords regularly, and update them after a security breach.
Creating and remembering strong passwords is an essential step in protecting your online identity and personal information. By following the best practices outlined in this article, you can help keep your digital life secure. Don’t wait until it’s too late, take action today to improve your password security. As cybersecurity expert Bruce Schneier said, “Security is a process, not a product.” It’s up to each of us to take the necessary steps to keep ourselves and our information safe.
Naim Zulkipli
16 February 2023
-----
Develop internal information systems to increase data security. Contact us to learn more.