cyberprotect IT logo
how to create strong passwords

How to Create a Strong Password: Tips for Setting Smart Passwords

Cybersecurity Basics

Patricia Espinoza

Patricia Espinoza

The Guide for Creating a Strong Password 

how to create strong passwords

The importance of strong passwords for online security

Would you agree that passwords play a pretty important role in the safety of your business assets? 

Passwords safeguard your computers, bank balances, e-commerce website, 401K savings, health records, private documents such as photos, videos, writings, business papers, investments, trade secrets, intellectual property, and plenty of other critical assets.

In short, passwords protect an ever-growing stock of sensitive information.

Needless to say, you should use smart passwords to protect your online assets from cyber danger. 

Passwords Safeguard Your Life and Business

Passwords that worked in the early 2000s and 2010s, like fido123, do not work in the era of cyber breaches. Those leaked passwords are in the public domain now and can be cracked in seconds.

Will your business online accounts be safe from cracking algorithms?

Common mistakes people make when creating passwords

The human brain has a hard time developing countless different and inventive passwords one needs to use the Internet nowadays. 

It’s challenging to create passwords using a new random string of characters each time, let alone expecting you and your team to remember all of them by heart.

Still, it’s a good idea not to make these mistakes when creating and using passwords. They will put your personal and business assets in a vulnerable position:

1. Using Data that Identifies You

It is not a good idea to set passwords based on personal information such as your birthday, anniversary dates, the names of your loved ones, or even your favorite sports team that happens to be posted on your Facebook or LinkedIn profile.

Millions of Personal Identifiable Information (PII) have already been leaked from major sites such as Equifax, LinkedIn, Marriott, Target, AT&T, and more, and it’s been made public on the Dark Web for cybercriminals to abuse.

This puts your online accounts at significant risk of being breached by automated tools that use the leaked PII in their cracking algorithms.

2. Reusing Passwords

And think twice about using the same password across multiple accounts, please! 

Yes, it is convenient to have one password for everything. But if one account gets compromised in a data breach, all your other accounts become vulnerable immediately. Most cyber-attacks are automated, so sending a hacker bot to probe other accounts is easy once one password is known.

Wouldn’t it be preferable to have unique passwords, reducing the risk (at least some) of your business accounts being breached?

The good news is you can enlist the help of a password manager to effortlessly remember those countless of long, strong, and unique passwords.  (More about password managers below.)

3. Using Patterns or Common Passwords

Patterns might have worked well in the 90s and even 2000s, but not anymore. After considerable data breaches, all those passwords are now public knowledge and are readily available for cracking algorithms. 

Here’s a list of the 20 most common passwords analyzed by NordPass and published by the World Economic Forum. If you’re using any of these, change it immediately. It will be cracked in less than one second:

1. 123456

2. admin

3. 12345678

4. 123456789

5. 1234

6. 12345

7. password

8. 123

9. Aa123456

10. 1234567890

11. UNKNOWN

12. 1234567

13. 123123

14. 111111

15. Password

16. 12345678910

17. 000000

18. Admin123

19. ********

20. user

In the Crosshairs

Commonly used patterns like numbers and letters above, and keyboard patterns like “qwerty” are old news. These days, it takes hacker-bots a matter of seconds to crack them.

4. Storing Your Passwords in Plain Sight

Writing passwords down on a text file or Excel sheet on your computer or a Google Doc or GSheet is unsafe.

Writing passwords down on paper or posting them on sticky notes on your monitor for everyone to see is unsafe, too.

You could write them on paper if you keep them in a safe or a cabinet under lock and key. This approach would be okay for critical accounts you seldom access. Otherwise, it isn’t practical or sustainable. You or your team would soon quit all good intentions if you had to unlock the cabinet multiple times daily to access your passwords.

5. Your Team Uses Unsafe Sharing Practices

Having your team pass around pieces of paper, copy-paste, or snap photos of passwords to text or email each other is unsafe. Not only does it hurt your team’s productivity, but it makes your business vulnerable to cyber threats.

6. Storing Passwords on Your Browser

The major web browsers like Chrome, Edge, and Firefox prompt you to save passwords there. It is convenient, but unfortunately, it is a terrible safekeeping idea for these reasons:

  • Web browsers are not designed to keep your data locked securely. They’re designed for, well, browsing the web. Your passwords will be vulnerable and much too exposed to the very thing they’re to be protected from.
  • A browser is vulnerable to hijacking. When browsers sync bookmarks, browser sessions, extensions, and passwords across your devices, they do so through the cloud. This makes it easier for anyone to get inside your accounts using a different computer and access your passwords.
  • A browser does not let your team access passwords for shared online accounts in a secure way

Witness password vulnerability when stored in web browsers:

YouTube video

How to Create a Strong Password

Now that you’ve read about the importance of strong passwords and the common mistakes to avoid let’s learn simple and practical tips for creating robust passwords:

  • Make it long: Aim for a password at least 13 characters long. The longer the password, the more difficult it is to crack.
  • Mix it up: Combine uppercase and lowercase letters, numbers, and special characters to make your password more complex.
  • Avoid using personal information:  Do not include personal information such as your name, birthdate, address, or information accessible on social media, such as your favorite singer or sports teams.
  • Don’t use popular phrases: Avoid using common phrases or quotes, particularly if you are known to use or quote them.
  • Think of a passphrase rather than a password: On the point above, we encouraged you to avoid using phrases, common phrases, that is. Instead, join three to five random words with numbers and symbols. For example phrase%JOINed458together 
  • Don’t start with a capital letter. Rather, include a few capitals in the middle or interspersed around your passphrase.
  • Don’t end with a period or a question mark or an exclamation point, but do include them anywhere else within your passphrase.
  • Invent your own “key” to cipher your passwords. Keep your “key” under lock and key. No pun intended.
  • Use a password manager: Password managers are tools that generate and store complex passwords for you. They can help you create unique passwords for each account and store them securely so you and your team can “remember” them whenever needed. Read more about password managers below.
  • Password managers are designed for both personal (family) and business use. This means your team can easily and securely create, access, and manage passwords.

Example of a Strong Password

A strong password consists of all three elements: a long string of mixed characters that is unique per account.

A password must consist of at least 13 characters, including numbers, upper- and lowercase letters, and symbols, to be in the green.

example of a strong password

Image reposted with permission of Hive Systems

To come up with excellent passwords that will take billions of years or longer to crack, even with super-duper hardware, use a trusted password generator:

Use a Password Manager to Protect Your Accounts

Remembering multiple complex passwords is challenging. There’s no denying that. Thankfully, password managers come to the rescue.

A password manager is a digital vault that stores all your passwords in a secure, encrypted environment. It helps you generate strong, unique passwords for each account, eliminating the need to remember them all.

Think of a password manager as your bank’s vault where you store precious valuables that require tighter security. Using them offers lots of advantages:

  • Password managers encrypt and store your passwords in a secure database or vault.
  • You only need to memorize one master password: the password manager’s.
  • They allow you to create as many vaults as you wish, such as work, home, financials, personal, etc.
  • You may share vaults and revoke permissions as needed.
  • They offer the auto-fill feature, which automatically populates your login credentials when you visit a website or app only if it matches its legitimate address. This saves you time and reduces the risk of spoofing attacks, where hackers create fake login look-alike pages to steal your credentials.
  • They allow you to sync across platforms to access passwords from your computer, smartphone, and tablet. 
  • They provide an extra layer of security with features like multi-factor authentication and biometric authentication, adding a barrier of protection to your online accounts.
  • They have built-in password generators with several options, from “smart” passwords, which match the website’s requirements, to hard-to-follow randomness to brain-friendly options.
  • Some popular password managers, such as 1Password, offer a “Watchtower.” This feature alerts you when it detects a data breach or vulnerability so you can change your password quickly at that particular website.
  • Password managers allow you and your team members to share passwords securely. No more unsafe copy-pasting or sending photos of them via text message, WhatsApp, or email.
  • Some password managers allow you to set “Travel” mode and lock some or all of your vaults while traveling.

Password Manager Apps

Make sure you pick a trusted password manager. Here are some top picks:

  1. 1Password

2. NordPass

3. Dashlane

Food for thought

Would you entrust the security of all your business accounts to a free password manager app?

Install your selected choice on all your devices. Download their mobile app directly from their website, ensuring you triple-check that you’re downloading from their legitimate URL.

If you have an iPhone or iPad, you can download their app from the App Store. However, you must ensure you’re downloading the legitimate app. Triple-check the name and look for similar spellings, typos, or lookalikes.

The last thing you want is to install an imposter Password Manager, which is known to have happened. (Malicious apps may lurk everywhere, even in the App Store.)

Two-Factor Authentication and Its Role in Your Security

Use two-factor authentication (2FA) or multi-factor authentication (MFA) wherever possible. It makes your account much more secure.

Two-factor authentication adds an extra layer of security to your accounts by requiring two forms of verification:

  1. something you know (your password) 
  2. something you possess (a fingerprint, a one-time code, or a hardware token)

MFA Security

If available, choose to receive your 2FA codes at an Authenticator App such as Google Authenticator, Microsoft Authenticator, or Authy.  This method is safer than getting the codes in your email or text message (SMS). Of course, if an authenticator app is not an option, then email or SMS is better than nothing.

By enabling 2FA, even if someone can obtain your password, they won’t be able to access your account without the second verification factor. This significantly reduces the risk of unauthorized access.

Start enabling 2FA with your most important accounts: business email, business financial accounts, e-commerce store, merchant accounts, Amazon or other vendors where your credit card might be stored, healthcare providers, etc. Then, add 2FA to other accounts as you go along.

Passkeys: The Future of Passwords is Here

Christian Brand, Google Security

Yes, passkeys will replace passwords. It’s even broader than that. I’d say our vision for passkeys is to not only get rid of passwords, but also eliminate all the Band-Aids the industry has designed to make up for the fact that passwords are so vulnerable.

(…)

Passkeys will replace even more sophisticated fixes like multi-factor authentication, SMS messages, or authenticator apps.

A passkey is a FIDO (Fast IDentity Online) credential stored on your computer or cell phone. Passkeys are a type of passwordless login that is much more secure and easier to use than a typical password.

Instead of creating a password, you let your password manager or authenticator app create the passkey. In cryptographic terms, the passkey’s public key is stored on the website or in an online account, and the private key is stored on your device, usually secured by MFA or biometrics (Face ID, Touch ID, etc.).

There is no password to remember. However, you still need a trusted password manager to store each website’s passkey. 

To Recap

Take the first step in strengthening your business online security by adopting strong passwords

Creating a strong password is the first defense against cyber threats. 

By avoiding common mistakes, understanding password strength, and following best practices, you can significantly enhance the security of your business online accounts.

Remember to create strong passwords: long, complex, and unique per account.

Avoid using personal or public information easily associated with you or your business.

Consider using a password manager for greater convenience, productivity, and security.

Enable two-factor authentication.

Embrace passkeys as soon as you’re ready. 

By taking these proactive measures, you take control of your online security and protect your personal and business information from potential data breaches.

Don’t wait until it’s too late!

Book a Cybersecurity Strength Assessment Call today to ensure your online accounts are secure and protected.

Patricia Espinoza

Patricia Espinoza

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *