What is a Strong Password?

No doubt you’ve heard this before, particularly from those in IT, that your password for any online account and activity should be strong or else there is always a risk that you might be swindled of your money, your identity, and many other versions of the same story.

Having strong passwords for all of your online accounts is essential, and we’ll cover the whys and hows of creating strong passwords to be more secure online.

Why Strong Passwords Matter

Did you know that an average person spends around 4 to 6 hours online every single day, and this time is on an upward trend? The time spent online is mostly due to various tasks such as online shopping, Facebook and other social media platform engagement, net banking, applications, claims and many more. It is good that almost all tasks today can be done online, but the most concerning part is the abundance of vulnerable passwords that are used across online platforms.

On average, every user has 15 – 30 online accounts, profiles or sign-ins. This is what creates the tricky situation where it’s simply not easy to remember passwords for every single possible online account you can have online. So, what do users do to account for this?

Common Weak Passwords

Users either end up using one password for every account, or they keep 3-7 passwords on a rotating basis across all platforms. Now, this poses a great cyber security threat as there is the potential of losing one password and giving up access to 10 accounts. Moreover, if you Google ‘most commonly used passwords’ you would be surprised that millions of people are still using the following as their password. Get ready to be shocked (or not)!

1. Password
2. Password1234
3. 123456
4. 12345678
5. Qwerty
6. Letmein
7. Football
8. Iloveyou
9. Admin
10. Administrator
11. Welcome
12. Abc123

Creating Strong Passwords

While it’s tempting to opt for easy or memorable passwords, the simple issue is that if they’re easy for you to remember or they’re basic by design, it also makes it much easier for cybercriminals to crack these passwords. With the rise of AI-assisted programs that can help nefarious players expedite their efforts, having complex and unique passwords for your accounts is more important than ever for data protection.

With this in mind, what do you do to enhance the strength of your passwords and create more barriers for hackers to navigate?

Characteristics of a Strong Password

Here are some essential tips for what makes a strong password. Be sure to take note of all of these.

• It must be unique for all different accounts
• 12 – 16 characters including alphabets, capital letters, numbers, special symbols
• Do not store it anywhere in a plain text file or as an image – such a file should at least be protected with its own unique, complex password or through biometric identification, which is much harder for others to crack.
• Enable two-factor authentication (2FA) on all of your accounts. Where possible, go with the most secured forms of 2FA, such as randomised code generators, biometric confirmation, or receiving a call directly to your own phone number (not a work number).
• Passwords should never involve commonly used usernames, your date of birth, name of a family member, name of a pet, your favourite song, etc. In short, it should not include any information about you that is available in your public domain.
• Apart from these, use a password manager to create and manage your passwords. Just remember that password managers will still require you to access your password list with the use of a master password – so make sure your master password is particularly complex and hard for anyone to ever crack.

Best Practices for Regular Password Updates

Along with creating strong passwords for every account, it’s also in your best interest to regularly update passwords. For your more sensitive accounts (those that contain more consequential information like bank details, credit card numbers, addresses, etc.), we strongly recommend updating these passwords every three months. 

For other accounts, we’d certainly recommend password updates at least every six months. Even if specific accounts have limited information, they could still contain enough revealing information that could enable hackers to surmise how to answer security questions or find other ways of hijacking an account (such as password reset requests).

Here are some best practices we recommend for updating your passwords:

• Make use of password managers. These can provide strong, randomly generated passwords that will be near-impossible for anyone to crack. If using a password manager, make sure that you update the master password you use to access the manager every two to three months.
• Similarly to a password manager, you can use a password or passphrase generator. You’ll find these online, and they can suggest complex passwords to use. You can then choose which password to use on any specific account as you see fit. Unlike password managers, the passwords won’t be saved for you, so you’ll need to make sure you take the necessary steps to remember them.
• If you decide to personally create all your passwords, then make sure to avoid the use of predictable patterns in your updates. For example (and this is purely an example, don’t use this), if you used the password ‘Pa55w0rD*731^’, you’d want to avoid using similar logic the next time: so, avoid the use of ‘Pa55w0rD’ in the new password. Change it to a completely different word/number combination or use a different sequence altogether.
• However often you update your password, it should always be backed up with additional security measures such as 2-factor authentication. Don’t just rely on a password alone – you want to make breaches as difficult as possible to any potential hacker or cybercriminal.

Get in Touch with Setup4

If you’d like help securing your business’s passwords and maintaining company-wide security, Setup4 can help. Get in touch with us online or call us at (03) 9123 0123.