A Comprehensive Guide on Password Security: How To Set a Strong Password

The importance of password security in today’s digital landscape cannot be emphasized enough.

Statistics from Norton reveal that over 24 billion passwords were exposed by hackers in 2022! It gets scarier… 96% of the most common passwords can be cracked by hacking tools in less than one second. This includes passwords that feature your name, pet name, birthdays, etc. In a survey done by Beyond Identity, one in ten respondents believed that a random person who visits their social media profiles can guess their password. Little wonder, then, why more than 73% of respondents in that survey who tried guessing someone else’s password were correct!

Well, imagine if these weak passwords hold access to bank accounts, academic profiles, social media accounts, company databases, medical records, business secrets, etc. The potential consequences are too daunting to even consider. 

The big question is, how can you mitigate a password breach? The first step is to learn how to set passwords. In the next section, we will show you how to do that.

How Do You Create a Strong Password?

Firstly, it’s important to note that setting a strong, crack-proof password is something that anyone can learn how to do. It’s actually quite straightforward and simpler than you might imagine. In this section, we will walk you through the process of creating a password that is both secure and easy to remember. Let’s get started!

  1. Use a Passphrase

There is a reason why most experts often recommend this before any other step in strengthening passwords. It’s because passphrases are more difficult to crack than the traditional password. A passphrase is a phrase that grants access to an online account, computer, database, or other digital resource. A passphrase would read something like this: Peter-is-my-sister’s-bestie. So, instead of using Peter565# as a password, you use a passphrase such as “Peter-is-my-sister’s-bestie.”

Even without the special characters, it would be far more complex for a hacker to crack than for a regular 8 – 11-character password. This is an important password security best practice.

  1. Make It Long

If you still choose to continue with a password than a passphrase, you should make it long. The longer your password is, the more difficult it is to crack. You should be looking at making it at least 12 – 13 characters in length or as long as the system allows.

  1. Use a Variety of Characters

Using a combination of upper and lowercase letters, numbers, and symbols in your password makes it harder for hackers to crack. Remember, your passwords do not have to make sense.

  1. Avoid Using Personal Information

A recent study by Comparitech revealed that 59% of participants used personal information as part of their passwords. However, using personal details such as birthdays, names of family members, or close friends as part of your password can pose a potential security risk. To ensure password security, it is advisable to avoid using such information. This is an important aspect of creating a strong password.

  1. Don’t Reuse Passwords

Statistics from Dataprot show that 78% of  Gen Z users reuse the same password! Beyond Gen Z, it is common to find people who use the same password for two or more accounts on the internet. This is a big security risk for you, no matter how complex that password is. It automatically means that as soon as one account is compromised, other accounts with the same password are as good as toast.

  1. Password Refresh – Update Your Password Regularly

It is highly recommended to update your passwords periodically in order to enhance the security of your account. This proactive approach helps ensure that your personal and sensitive information remains protected against any potential threats. This is also why most online service providers prompt users to change their passwords at regular intervals. 

Image source

How To Store Passwords Securely

  1. Use a Password Manager

A password manager is like a trustworthy vault for your digital keys. It’s a clever tool that keeps your passwords safe and sound, so you don’t have to worry about remembering them all. With a password manager, you can effortlessly generate robust passwords, securely store them in an encrypted vault, and conveniently access them whenever needed. It’s like having a reliable guardian that simplifies the task of maintaining strong security across your various online accounts, all while ensuring your sensitive information remains protected.

Although several password managers are out there, we will recommend Bitwarden because it meets our critical privacy metrics, such as Open-source, cross-compatibility, encryption, and self-host-ability.

  1. Use a Password-Protected USB Drive

A password-protected USB drive is a portable storage device, typically a USB flash drive or an external hard drive, with security measures to restrict access to its contents. You can save your password on this device, secure it with a fairly easy-to-remember password, and then keep it in a secure place where unauthorized individuals cannot access it.

Password Security Best Practices

Here are a few password best practices you should know:

  • Avoid Password Reuse: Imagine you have one key for all your doors – if someone gets it, they have access to everything. Same goes for passwords. Avoid using the same password for multiple accounts. Each one should be unique.
  • Conduct Password Reviews: If you’re responsible for enterprise IT security, you must understand security audit and policy management. For individuals, regular password reviews are just as crucial as you might have been PWNED without being aware.
  • Use Strong Passwords: A strong password is like a complex lock, harder to pick. Use a mix of upper and lower-case letters, numbers, and special characters. Avoid easily guessable info like birthdays or “password.” Definitely avoid using personal information.
  • Keep Your Passwords Safe: Don’t write them down on sticky notes or share them casually. Store them in a secure location, like a password manager.
  • Use a Password Manager: These tools can generate, store, and auto-fill complex passwords for you. It’s a secure vault for your keys.
  • Enable Two-Factor Authentication (2FA): 2FA adds an extra layer of security. Even if someone guesses your password, they’ll still need another verification method, like a code sent to your phone.
  • Be Cautious with Password Entry: Only enter your password on trusted websites. Check for secure connections (look for “https://” and a padlock icon), and beware of phishing sites that imitate legitimate ones.
  • Keep Software Updated: Regularly update your devices and software. Updates often include security patches that fix vulnerabilities that hackers could exploit.
  • Beware of Phishing Scams: Phishing is a sophisticated social engineering attack. Be skeptical of suspicious emails or messages asking for your password or personal information. Verify the sender’s authenticity before responding. Avoid clicking on links, beware of malicious keyloggers.

Have your passwords been leaked?

After reading this, I guess you may be thinking that, perhaps, your password might be compromised!

Here are a few ways to find out if any of your accounts/passwords is compromised:

  • Check “Have I Been Pwned? The “Have I Been Pwned” service permits you to query a database of known compromised passwords and email addresses. If your email or password is identified in this database, it simply means that they have been exposed to a prior data breach.
  • Use a password manager: Bitwarden allows you to find out if any of your accounts are compromised. You can run a check using the Bitwarden Data Breach Report Dashboard.
  • Sign up for email alerts from websites and services you use: Enroll in email notifications provided by the websites and services you frequent. Some of these platforms furnish email alerts in the event of a data breach that potentially jeopardizes your password, ensuring prompt notification in case of a compromise.
  • Monitor your accounts for suspicious activity: If you notice any suspicious activity in your accounts, such as unauthorized login attempts or changes to your settings, it is possible that your password has been compromised.

If you notice that your password has been breached, the next thing to do is immediately change the password and the passwords of other platforms you access.

Conclusion

In a world where digital security threats are ever-evolving, strong password security remains a fundamental aspect of protecting your online identity and assets. By creating strong, unique passwords and managing them with care, you can significantly reduce the risk of falling victim to cyberattacks. Remember, just as you wouldn’t leave your front door unlocked, you shouldn’t leave your digital life vulnerable to those who would exploit it.