Keeping passwords safe is really important. It is indeed especially critical considering the increasing number of cyberattacks worldwide. We have passwords for many of our daily activities — social media, emails, bank accounts, etc. Therefore, using strong passwords must not be an option, as it is the simplest way to protect our devices and information.
Let’s see the best practices to keep passwords safe in detail!
Best practices and rules for a strong password
Use at least 15 characters
Creating long passwords, of at least 15 characters (whenever possible), minimizes the risk of cyberattackers breaking into your devices and accounts. Short passwords are easier to crack.
Password length is one of the most critical factors to keep passwords safe from brute force attacks.
Never use personal information
It is also important to avoid passwords that might be easily guessed. So, never using personal information — such as hometown, birthday, phone numbers or addresses — is a simple, basic way of keeping passwords safer. Moreover, you should also avoid using real words — such as proper nouns or dictionary words — to prevent cyberattackers from cracking your passwords using malicious software.
Combine letters, numbers and symbols
Randomly combine upper-case letters, lower-case letters, numbers and symbols to create stronger passwords. Besides, you should also:
- Avoid using sequential numbers or letters, such as “123456”, “abcdef” or “qwerty”.
- Avoid using common substitutions, such as replacing “PASSWORD” for “P455W0RD”.
- Opt for rarely used symbols such as curly brackets {}, square brackets [] or parentheses ().
Placing characters randomly is one of the most effective ways of keeping passwords safe from a cyberattack.
These tips might seem obvious but, according to a research study by NordPass, these were the top 10 most used passwords in 2021 around the world.
Top 10 most used passwords in 2021
| Position | Password |
| #1 | 123456 |
| #2 | 123456789 |
| #3 | 12345 |
| #4 | qwerty |
| #5 | password |
| #6 | 12345678 |
| #7 | 111111 |
| #8 | 123123 |
| #9 | 1234567890 |
| #10 | 1234567 |
Pick the first initials in a phrase
Creating long and complex passwords sounds good, but keeping track of all of them can become overwhelming. So, a tip for creating strong passwords, that you can easily remember, is taking the first initial letters of a phrase that means something to you.
For instance: “My first trip to Japan with Maya back in May 1990 was unforgettable”.
So, the password would be: “MfttJwMbiM1990wu”.
This method is known as “the sentence method” or “the Bruce Schneier Method”.
Use a password manager
Considering the large amount of accounts and devices we use, creating and managing complex and long passwords can become truly overwhelming. So, using a password manager to generate stronger passwords and store them safely can be helpful. Besides, password managers usually suggest strong passwords when creating a new login.
To generate strong passwords, you can also use a random password generator. For example, some of the top browsers nowadays include strong password generation and password management tools.
Never reuse or duplicate passwords
Never reuse the same password for different logins. This is particularly important when protecting devices or accounts where you keep sensitive information.
Having unique, complex passwords is easier using a password manager.
Use two-factor authentication
Whenever possible, use two-factor authentication, also known as multi-factor authentication, to further protect your accounts. Multi-factor authentication adds an additional layer of protection.
Be aware of password-cracking techniques
Being aware of the methods cyberattackers use to break into an account or device is helpful to outsmart attacks. By understanding how passwords get hacked, you can also better understand the best practices to have strong passwords.
Cyberattackers use diverse techniques to hack passwords:
- Brute force attacks. It consists of a “trial and error” method. Cyberattackers enter all common passwords until one works.
- Dictionary attacks. It consists of trying all dictionary words in order to crack a password.
- Rainbow tables attacks. It consists of using precomputed lists of password combinations together with their associated hashes.
- Phishing scams. It consists of tricking, intimidating or pushing an user into doing something through social engineering.
Change passwords periodically
There is no need to change passwords every month, but regularly modifying your passwords is a good technique to stay one step ahead of cyberattackers.
Additional password security best practices
Beyond the best practices to create strong passwords, you can also protect your login by following these additional security advices:
Use a VPN when connecting to a public Wi-Fi
When connected to a public network, use a VPN to make sure nobody can intercept your credentials.
Choose hard-to-guess security questions
When signing in into a new website or app, choose hard-to-guess security questions. Besides, make sure the answer to the security question cannot be found in your social channels.
Last but not least — and even though it might seem obvious —, do not share your passwords with anyone, not even your family.
According to Check Point, in 2021, there was a 50% increase in overall cyberattacks per week on corporate networks, compared to the previous year. So, remember, keeping your passwords strong and safe is the first step to avoid being a victim of a cyberattack or data breach.
Sources: NordPass and Check Point.
