How to Create a Strong and Secure Password

/

For many, a password is just something simple to remember to get into an account. The most popular include “123456,” “password,” “qwerty,” and “letmein.” These are horrible passwords hackers will guess almost instantly. How can you create and remember passwords that will protect you or your company from hackers? Let’s look at some strategies and best practices for keeping your information safe and secure behind a strong password.

Stop Being Predictable

Now that you know you have to have a variety of passwords, how can you come up with strong passwords? It’s easier than you think.

First, know that humans are predictable. You might think you are clever for substituting an “a” with a “4” or and “s” with “\$,” but hackers have long since caught on to this. While Bill Burr, who created the original password recommendations, once said this was best, he no longer thinks so.

He once said a password should have a combination of upper- and lowercase letters, and special characters, as well as change passwords every 90 days. The first rule is too common, and something like “p4s\$W0rd” looks like it would be hard to crack, but brute-force programs hackers use will still guess it fairly easily. With the second rule, people tend to use the same password with a minor modification, negating any benefit.

Use a Passphrase

Randall Munroe, a former NASA roboticist, found that having four random words — “correct horse battery staple” — ended up with 44 bits of entropy (which in this case means the “average information content” of the data). For reference, a single word from the dictionary, however long, is usually about 16 bits of entropy. A brute force attack at 1,000 guesses per second against 44 bits of entropy would take 550 years to guess. As a side note, because of the comic, “correcthorsebatterystaple” as a password no longer has any bits of entropy, as it now widely known to hackers.

Meanwhile, using Burr’s old method, “Tr0ub4dor&3” only had only 28 bits of entropy. At 1,000 guesses per second, it would take only 3 days to guess. It’s also harder to remember than four simple words. The longer the password, the longer it will take for a computer to guess.

While changing your password every 90 days can be a good idea, it’s better if you change it frequently and use a completely new password. This is especially important in business, as it could be more than just your information at risk.

Two-Step Verification

Where possible, also use two-step verification (2SV). This often means, when accessing your account from a new location, such as a new computer or phone, you will get an email or text message with an additional, one-time password you also have to put in. If you receive one out of the blue, you know you are being hacked. Using 2SV is part of a push for multi-layered authentication, where a single password is no longer enough to keep hackers at bay. Another type you might see is a pin number, much like a debit card, that you have to enter after correctly entering a username and password.

While 2SV and multi-layered authentication can be countered by hackers attempting to phish details from you, or by hacking into your Wi-Fi and sniffing the data that’s being sent to and from your computer, it’s still safer than having just a single password.