10 best practices for creating and securing a strong password

SecurityCategory
6 min read
Kenny Kline

There’s never been a better time to beef up your security with a strong password. A Consumer Reports survey found that more than 50 percent of U.S. adults have six or more password-protected accounts online. Other research suggests that by 2020, there will be 100 billion online passwords in use all around the globe. Each one of these accounts is a potential target for hackers — and needs a strong password.

Consumer Reports research suggests that poor website security is a major concern across the web, which makes it easier for hackers to gain access to highly personal information. (Take the recent Macy’s data breach as just one example.) Meanwhile, better hacking tools and lower hacking costs mean there are more hackers than ever before.

While there is no way to guarantee that your accounts won’t be hacked, one of the best lines of defense is to create a strong password.

10 tips for a strong password

Here’s how to craft a strong password that will help stave off malicious actors on the web:

  1. Never use the same password for multiple accounts.

  2. Don’t use personally identifiable terms.

  3. Avoid using common words or phrases.

  4. Use different types of characters.

  5. Make it long.

  6. Consider spelling things wrong.

  7. Utilize multi-factor authentication.

  8. Change your passwords regularly.

  9. Never save or share passwords.

  10. Use a password manager.

Ready to stay safer online? Let’s take a deeper dive into each password strategy.

1. Never use the same password for multiple accounts

Using the same password across different sites is a surefire way to decrease the security of said password. If a hacker determines your password for one site, they’ll be equipped to hack more of your accounts without any extra work on their part. The simplest way to avoid this disastrous scenario is to utilize not just stronger passwords, but distinct ones for each and every account.

Related: Why is website monitoring a must-have tool?

2. Don’t use personally identifiable terms

Sure, using your son’s nickname, your favorite movie, your pet’s name and so on in your passwords makes it easy to remember them. But it makes them easy to hack, too.

A strong password does not have personal ties.

Hackers can find out these tidbits by mining your social media profiles, and odds are good that personally identifiable information will be the first thing they try if they’re attempting to log into your accounts. Avoid using this info in passwords and opt for something that’s harder to guess instead. (More on that in the next point.)

On a related note? Always be mindful of what you share online. Giving away too much personal information via your social media presence makes it all the easier for hackers to gain access to your accounts.

strong password numbers

All right, it’s time to get into the nitty gritty of what makes for a stronger password — make passwords long and unusual. To craft stronger passwords, keep the following tips in mind.

3. Avoid using common words or phrases

In other words? “Password,” “12345” and “qwerty” are out. Also remember to avoid using easily identifiable information such as your spouse’s name, your wedding date and so on.

4. Use different types of characters

Instead of opting for just letters or just numbers, opt for a mixture of characters — including ones such as %, @, $, numbers, uppercase and lowercase letters, and so on.

Using lots of different character types makes it harder to guess your password.

It might help to think of a phrase in words, and then identify places to add in different characters. For example, “I am a fly fishing fanatic” might turn into iAm@fLyf!sh!ngF@n@t%c.

5. Make it long

The same Consumer Reports survey cited above found that 29 percent of people who use passwords for sensitive accounts utilize a password that has seven or fewer characters. That’s bad news, because the report also found that longer passwords take significantly longer to crack. (We’re talking the difference of weeks or even years!) Opt for eight characters at an absolute minimum; somewhere in the neighborhood of 15 is even better if you’re serious about stronger passwords.

6. Consider spelling things wrong

Intentional spelling mistakes can make it harder to guess a password. For example, the word “fantastic” might be guessable, but the word “fentestic” would be harder to crack.

Related: 10 ways to stop hackers from touching your eCommerce website

7. Utilize multi-factor authentication

As the landscape of digital security evolves and stronger passwords become less of a sure thing from a security standpoint, multi-factor authentication is emerging as one potential solution.

Two-factor authentication requires that you both know the password for an account and possess a device that is linked to that account in some way.

For example, after trying to log into your account, you might receive a text on your phone with a code that allows you to complete the login process. Unless you have both the password and the extra security code, it will be darn near impossible to log in. Enabling two-factor authentication can make it much more difficult for hackers to access your account.

Related: Setting up two-factor authentication for WordPress

8. Change your passwords regularly

Passwords degrade in quality over time, because the longer a password is in use, the more time hackers have to attempt to crack it. Stay one step ahead of cybercriminals by changing your passwords on a regular basis.

As a general rule, it’s a good idea to change out all of your passwords at least every three months. Make sure to never reuse old passwords.

strong password change

Even a strong password won’t protect you if you don’t protect it.

9. Never save or share passwords

Never save your passwords or check the “remember me” box when you’re using a public computer. Better yet, try to avoid logging into personal accounts unless you’re on a private device.

Avoid sharing your passwords with other people whenever possible.

Never share your password unless you are sharing it in person with someone you deeply trust. If you have a written list of passwords to help you remember them, avoid storing this list on your computer or phone.

Because electronic devices are hackable, this means you could potentially put all of your accounts at risk. If you must keep a list of passwords, use pen and paper and store the list in a secure place. Whenever possible, avoid writing down your stronger passwords — period.

10. Use a password manager

If you’re struggling to manage your stronger passwords (now that you’ve got them), consider using a password management system such as LastPass.

Stay vigilant

Regularly crafting stronger passwords (plus having to remember them) can be a real pain. But taking the time to create a strong password is undoubtedly less of a hassle than dealing with the fallout of being hacked. Follow these 10 basic tips for stronger passwords to stay safer online.