For the longest time, passwords have closely guarded our online accounts and personal information, serving as the first line of defense against cyberattacks. From banking to social media, we use passwords for almost everything in our digital lives, but without careful consideration, these passwords could be our greatest vulnerability.
Cybercriminals are only becoming more proficient at stealing and cracking passwords. That means what was once considered a strong password might no longer suffice in 2024 and beyond. Let’s dive into what constitutes a strong password today and explore best practices to ensure your digital defenses remain unbreachable.
Aim for longer passwords
Many online services will typically require a minimum of eight characters in a password. However, no matter how complex you make an eight-character password, it will always be weaker than a longer one. Cybercriminals use brute force attacks, which systematically attempt every possible combination until the correct password is found. The most sophisticated kinds of brute force software are capable of cracking an eight-character password in a matter of seconds. However, a longer password is significantly harder to crack because it requires the testing of more combinations.
In fact, the time it takes to crack a password increases dramatically with every additional character. A 12-character password containing simple words can take a few hours to crack, but having 16 or more characters can take days, months, or even years. By making your passwords more time-consuming to crack, you increase the chances hackers will give up and move on to easier targets. This is why you should always aim for passwords that are at least 16 characters long.
Consider passphrases
An easy trick to get your passwords above that 16-character threshold is to think of passphrases instead of unrelated character combinations. A random string of words, such as “SunsetbananaBarricadebottle,” is harder to crack than a shorter sequence with random letters. Plus, it is much easier to remember a phrase than a complicated combination of characters.
Keep in mind that when using passphrases, it’s important to opt for a combination of seemingly random words that have no connection to each other. Avoid common phrases or song lyrics, as these can be easily guessed by cybercriminals using social engineering tactics.
Pad with random characters
Despite length being the most important factor, you shouldn’t completely dismiss complexity. A password containing a mix of uppercase and lowercase letters, numbers, and special characters is still harder to crack than one with just letters.
To make your passphrases even stronger, you can pad them with random characters in between words. For example, “Sunset24banana!Barricade_bottle” is much more secure than a version that only uses letters, and it adds more characters to your password. This padding technique can also make it harder for hackers to use dictionary attacks, where they try commonly used words and phrases to crack your password.
Don’t include personal information
It’s not uncommon to see individuals use personal information, such as their birthdate or pet’s name, as part of their passwords. While this may seem like a clever way to remember your password, it also makes it easier for cybercriminals to guess or obtain your password through a quick online search. Therefore, never include any personal information in your passwords, especially details that can be found on your social media.
Steer clear of sequential or repeated characters
Brute force software has also become advanced enough to recognize patterns and rules that some users follow when creating passwords. For example, using sequential characters (e.g., 123456) or repeating the same character multiple times (e.g.,aaaaaa), may seem easy to remember, but it makes your password extremely weak and easy to crack. Make sure your password does not contain any obvious patterns or easily identifiable sequences.
Set unique passwords for each account
Reusing passwords for multiple accounts is a common mistake that many people make. If a recycled password gets compromised, it puts all other accounts that use the same password at risk. To avoid this, set unique passwords for each account. This doesn’t mean slightly changing the same password, but creating entirely new and different passwords. Use a combination of length, unique phrases, and random characters to create a strong password and update them quarterly to reduce the risk of a data breach.
Use a password manager
If you manage dozens of accounts, it can quickly become overwhelming to remember all your passwords. Fortunately, password managers such as LastPass and Dashlane can help you securely store and manage all your passwords in one place. These passwords are locked in a highly encrypted vault, only accessible through a master password that you create and remember. This way, you only need to remember one strong password instead of multiple complex ones. These tools also generate random, strong passwords for you to use, eliminating the need to come up with unique ones yourself.
Creating a strong password is all about building good habits and using the right tools. For more personalized guidance and comprehensive cybersecurity solutions, reach out to Info Advantage today. We can provide the resources and expertise you need to keep your digital assets and operations secure.