There are many things to consider when dealing with computer security. One that is often overlooked is password strength. Using strong passwords is the single most important thing you can do to protect your data. In recognition of Cyber-Security Awareness Month we have written this comprehensive article to explain why using a secure password is important and how to create a strong password for your own use.
To make passwords easier to remember, we often choose passwords that mean something to us, using personal information and common words. Unfortunately, these passwords are easy to guess, and if your passwords are easy to guess, your computer files, personal information and online accounts are at risk.
How do hackers do it?
A couple of simple tools hackers use are the Dictionary Attack and BruteForce Attack. A dictionary attack tries to discover your password by going through a list of known words. This is why you should never use a real word as a password. A Brute-Force Attack systematically checks all possible character combinations, so the longer the password, the longer it will take to discover.
If the hacker knows who you are, it’s even easier for them. They’ll find words particular to you. Let’s say you live in “New York,” have a son “Michael,” and your dog’s name is “Bone.” A hacker might take these terms and create wordlists from the results. Thus, “ekiMBoneNY” may seem like a fine 10-character password, but it will be cracked in minutes by a hacker who knows you.
Top eight rules for creating a strong password
Follow these to rules to create a secure password that is hard to hack.
Strong password rules
- To keep your identity safe, it is crucial to have a long, strong, secure password. When possible, use at least 16 characters. Never use less than 12.
- Avoid using real words from any language.
- Avoid using real words spelled backwards, abbreviations or common misspellings.
- Avoid using repeated characters or rows of adjacent keyboard characters.
- Never use personal information such as your birthday, driver’s license number, family member or pet’s name.
- Never use your username as your password.
- Even a secure password can be breached if you share it. Your password should be your personal secret. Keep it.
- Finally, test your password with an online password checker to determine its strength.
Having trouble coming up with a good password on your own? There are plenty of free online password generators that can help you create a strong password. Two that we can recommend are Bitwarden and LastPass.
If you’re on a Mac, running a recent version of macOS, your system comes with a built in password assistant. This tool can generate random passwords that are hard to crack. To access this tool, go to the Passwords app and lick the “+” button and click on the grayed out word password. Passwords generated this way will be gibberish and hard to remember, so you will need to use a password manager to store them. Fortunately, the macOS Passwords app is exactly that.
Top ten most common passwords
Sometimes having “the most popular” of something isn’t a good thing. I can’t say it any better than the NY Times did in their 2010 article, “If Your Password Is 123456, Just Make It HackMe.” According to the 2024 Nordpass Insights Research, these are the top ten most common passwords in the United States:
- secret
- 123456
- password
- qwerty123
- qwerty1
- 123456789
- password1
- 12345678
- 12345
- abc123
If you’re using something obvious, change your password immediately
October is Cyber-Security Awareness Month. Take this time to reevaluate your own data security. When you start using strong passwords, you and your data will be much safer and less likely to be hacked.
We are big believers in secure passwords. That’s why we follow our own advice and use long strong passwords and a password manager for everything we do. From website design and development to website hosting and security—every month is Cyber-Security Awareness Month in our office.