Password security: How to create strong passwords in 5 steps (2024)

If you look back onthe first time you created apassword— be it for an email account or social mediaplatform — you were probably told to think of a unique and complex password tohelp protect your information. Password security has always been relevant, butit has become even more so today as cybercriminals continue to think of new andinnovative ways to hack accounts and get ahold of yourpersonal data.

To this end, onlineusers also need to follow new and innovative ways to create strong passwordsthat will keep theirpersonal informationprotected. That’s where this complete guide topassword security comes in. We’ll cover frequently asked questions, such as“How do I create a strong password?,” “Why is password security important?,”and “How does a password get hacked?” In addition, you’ll find how stolenpasswords have recently affected businesses and individuals, along withpassword security tips that will help you live a more Cyber Safe lifestyle.

How to create a strong password

Living in the 21stcentury means knowing that the words “password” and “security” go hand in hand.In order to keep your accounts, information, and devices Cyber Safe, you'llneed to know how to create a strong password. But you may be asking yourself,“What is a good password?”

Here are instructionson how to create a strong password that you can rely on:

1. Neveruse personal information:Strong passwords shouldn’t include references to personal information suchas names, birthdays, addresses, or phone numbers.
2. Includea combination of letters, numbers, and symbols: Secure passwords include a variety ofrandom characters, numbers, and letters to make the password more complex.
3. Prioritizepassword length: Safepasswords should be at least 16 characters long to lessen the chances offalling victim to adata breachorcyberattack.
4. Neverrepeat passwords:Reusing the same password for different accounts puts you at risk ofcredential stuffingattacks frequently used bycybercriminals.
5. Avoidusing real words:Hackers use malicious programs that can process every word found in a dictionaryto crack passwords. Stay away from using proper nouns and other standalonedictionary words that could lead to an unsecure password.
   

Why is password security important?

With68 percent of peoplereusing the same security password for differentaccounts, it's needless tonote that the majority of people need to rethink their password security.Hackers have been diligent in ideating new techniques to steal yourinformation, putting your data,privacy, and cybersecurity at risk.

Without havingpassword security best practices top of mind, individuals and businesses alikecould be leaving themselves open to cybersecurity threats. Some potential consequencesof weak password security include:

• Data breaches
• Identity theft
• Computerhijacking
• Blackmail
• Loss of privacy

Inadequate passwordsecurity could not only endanger the Cyber Safety of individuals and customers,but also could lead to financial troubles. Cybercriminals are often looking forways to access personal banking information or useransomwareto make themselves a profit. Businesses andindividuals within the U.S. lost nearly$4.2 billiontocybercrimes within the last year alone.

How does a password get hacked?

There are many waysfor cybercriminals to hack the security passwords you took the time to dreamup. Here’s a list of a few commonly used techniques to look out for.

Dictionaryattacks

Dictionary attacksare a type of brute force cyberattack. Hackers use malicious programs to scanand test every word within a dictionary as a person’s password. These types ofcyberattacks are why we emphasize the use of different letters, numbers, andsymbols when creating secure passwords.

• PASSWORDSECURITY TIP: Avoidreal words and incorporate a variety of letters, numbers, and characters.

Phishingscams

Phishingis a type ofsocial engineeringscam that tries to trick users into supplying theirlogin credentials online. Hackers use malicious links and cloned websites toimitate legitimate businesses, presenting a fake form to input your logininformation.

• PASSWORDSECURITY TIP: Alwayscheck the links you’re clicking on and take advantage of antivirus software.

Passwordspraying

Password spraying isa hacking technique that cybercriminals use to guess the passwords of theirpotential victims. The method uses an extensive list of frequently chosenpasswords to test against an individual’s username. If there is a match, thehacker will get access to the account information.

The remedy for thistype of cyberattack falls back on creating strong, unique passwords andavoiding easy-to-remember phrases, which makes password spraying incrediblydifficult for the cybercriminals at large.

• PASSWORDSECURITY TIP: Don’t fall back on commonly used passwords,such as “12345” or “qwerty.”

Keylogging

Keylogginginvolves the installation ofmalwarethat can track a person’s keystrokes as they type ontheir computer. Though these attacks are more difficult to pull off compared tophishing and password spraying attacks, it could lead to a hacker figuring outusernames and passwords if they pay enough attention.

Because the attackeris able to see what you’re typing, creating a strong password really won’t doanything to protect you. In this case, it’s a good idea to have cybersecuritysoftware installed that can alert you of a potentialthreaton your device.

• PASSWORDSECURITY TIP: Explore antivirus software you can haveinstalled onto your device.

Credentialstuffing attacks

Not to be confusedwith password spraying, credential stuffing uses known passwords to gain access to accountinformation. This differs from password spraying because the passwords testedduring credential stuffing attacks are stolen credentials obtained in aprevious data breach.

Protecting yourselfa*gainst credential stuffing mainly involves remembering to never reuse the samepasswords for different accounts — no matter how unique it may seem. Thisendangers your most sensitive data, which could put you in an undesirable situation.

• PASSWORDSECURITY TIP: Create unique passwords for each of youronline accounts.

The effects of stolen passwords

To help youunderstand the true danger of not knowing how secure your passwords are,consider these recent statistics underscoring how relevant password securityreally is.

Individuals andstolen password consequences:

• 4 out of 10 people have hadtheir data compromised online. (Google, 2019)
• There were over 240,00 phishing scam complaints reported in 2020. (FBI, 2020)
• 80 percent of data breaches involving hacking are connected topasswords. (Verizon, 2020)
• 63 percent of consumers fear theiridentity will be stolen. (Norton, 2021)

Businesses and stolen password consequences:

• Across all industries, it took 280 dayson average to identify and contain a data breach. (IBM, 2020)
• 59 percent of U.S. consumers are likelyto avoid businesses that have become a victim of a cyberattack within the pastyear. (Arcserve, 2020)
• 57 percent of all companies haveexperienced a mobile phishing incident. (Wandera, 2020)
• 68 percent of business leaders feel theirrisk of experiencing a cyberattack is increasing. (Accenture, 2019)

10 password security tips

Now that youunderstand the importance of password security and how to make strongpasswords, pore over this full list of password security tips to improve yourcyber hygiene.

1. Don’tuse personal information:Using names, birthdays, addresses, or phone numbers in your password couldjeopardize its effectiveness against cyberattacks.
2. Randomizepatterns and sequences:Randomizing the patterns and sequences of letters, numbers, and characterscan protect you against password spraying attacks.
3. Neverreuse passwords:Recycling old passwords leaves your accounts vulnerable to credential stuffing
   efforts made by lurking cybercriminals.
4. Prioritizepassword length: Thelonger your password, the more difficult it will be for hackers to guess.
5. Nevershare your passwords: Sharingyour passwords with friends or family compromises the Cyber Safety of yourpersonal accounts.
6. Avoidpublic Wi-Fi: Usingpublic Wi-Fiwithout aVPNallows hackers to track your onlinepresence and potentially expose your device’s data, including savedcredentials.
7. Use avariety of numbers, letters, and characters: Hackers are less likely to gain access toaccounts with complex passwords incorporating a variety of numbers,letters, and characters.
8. Downloada trusted password manager:Password managersare an excellent tool for peoplestruggling to ideate and organize their own passwords.
9. Checkyour password strength: Passwordstrength checkers , likeLastPass,allow people to validate the effectiveness of the password they created.
10. Changepasswords periodically: Switchingup the passwords you created for your different accounts can reassure youthat you’re taking all the necessary steps to keep your accounts and datasafe.

Password security isimportant, but it’s only one part of your cybersecurity puzzle. To create areliable cybersecure ecosystem for yourself, you’ll want to think about all theways you can protect your devices, from using afirewallto consistently monitoring your network forsuspicious activity. Adopting this kind of mindset will make you a tough matchagainst the tricks cybercriminals have up their sleeves.

Frequently asked questions

Keep reading foranswers to frequently asked questions regarding password security.

What ispassword security?

Password securityinvolves using cybersecurity tools, best practices, and procedures to createpasswords that can better protect personal information.

Why ispassword security important?

Creating a securepassword is the first step a person can take to safeguard their personaldevices and information.

What arethe safest types of passwords?

The best types ofpasswords include a wide variety of numbers and characters with a mix ofuppercase and lowercase letters. They shouldn't reference personal information,such as names, addresses, or phone numbers.

How do Imake my password secure?

Follow these fivetips for creating a secure password:

• Never use personal information.
• Include a combination of letters,numbers, and characters.
• Prioritize password length.
• Never repeat passwords.
• Avoid using real words.

What is anexample of a secure password?

A strong passwordincludes a mix of numbers, symbols, and letters while also prioritizing length.

An example of asecure password would be: Wb%liYrLVNip*7lv

What arethe five most common passwords?

The five most commonpasswords used today include:

1. 123456
2. 123456789
3. qwerty
4. password
5. 12345

How dohackers get your password?

There are a number ofways hackers can get ahold of your password. Some methods hackers commonly useinclude credential stuffing, password spraying, keylogging, phishing scams, anddictionary attacks.

Doeschanging your password stop hackers?

Yes, changing yourpassword can prevent hackers from getting their hands on your sensitiveinformation.

Can a password be attacked by brute force?

Yes, some passwordsare susceptible to brute force techniques. Credential stuffing, passwordspraying, and dictionary attacks are common methods seen on the internet.

Can apassword be dictionary attacked?

Yes, passwords usingone single word are susceptible to dictionary attacks. Using a complex passwordwith a variety of letters, numbers, and characters is a quick solution.