The science of setting strong passwords
Coming up with a secure password is a science. It’s almost a no-brainer to follow the on-screen instructions and spew out @#37KTmmY2%. But it takes skill to create a password that you can memorise easily, and not take 27 attempts to key in when fumbling on your phone (and get locked out of your accounts in the process). That’s why we decided to unravel the science (and art) of setting robust passwords by learning from the best and worst passwords of all time.
Top 10 Worst Passwords Of All Time
Starting with the top 10 worst passwords of all time…
#10: No password
#9: Your username or actual name
#8: (You can’t see anything because we just hit the spacebar ten times. The password is all spaces. Which may seem clever, but it’s really easy to crack).
#7: Incorrect (The idea is that, if you ever enter the wrong password, the system will say “your password is incorrect” and thus “remind” you. Yup.)
#6: Your PIN number, or any password that is being used for your other accounts
#5: Admin, or any variation thereof, like admin123
#2: 111111, or any single repeated digit or letter
Why are these passwords bad choices to secure your account?
They are too common and easily exploited
What makes these passwords bad? Well for starters, a lot of them are already very common. And according to MIT Technology Review, password generating software has begun to take advantage of this.
These type of software used to endlessly try multiple passwords, letter by letter or word by word (assuming the system doesn’t limit password attempts). But today, they no longer just guess at random. The software is able to guess the most likely passwords, based on data of previously leaked information. And everything on the list above is commonly used, so they’d be the first to be tried.
In fact, if you use a common password, a hacker may not even need password generating software to break into your system. If you went around a typical office and typed “password” into every system, we’re willing to bet you’ll get into more than a few.
Hackers will thank you for using repeat passwords
Besides using common passwords, you should never repeat passwords for different accounts. One of the first things a hacker typically tries, after cracking one of your accounts, is to apply the same password to others. So, if your email password is also your PIN number, you’re giving the hacker a two-for-one access.
How to set a strong password
If your password looks uncannily similar to the top 10 worst passwords of all time, it’s time for a change. You need a hackproof password. So, what makes a strong password? Well, it’s easier if we show you some solid examples of a strong password.
But first, here are some key principles you need to know when creating a strong password.
Be random, don’t use common sayings or clichés
Avoid common combinations of words, such as “end of the day” or “she sells sea shells”. The more random the combination, the better. Making the combination grammatically incorrect can help make your password combination more random.<
Substitute letters with symbols
Be creative here, and avoid substitutions that are too obvious, such as replacing “loose” with l00se”. Random character types and symbols make it harder to guess your password.
Use at least 12 characters
Password generators fire off thousands of potential combinations per minute. But even adding a single other character can result in the generator having to search thousands more combinations; so the longer the better. At the very least, you want 12 characters.
Don’t reuse old passwords
Besides obvious details like your name, or “password”, one of the first things hackers try is a previously leaked password. Many people, after forgetting and recovering their password, go back to the old one as it’s easier to recall. Don’t be one of them!
Examples Of A Strong Password
Example 1: Iron Crane Bell Kite
(Iron Crane Bell Kite)
The above can be recollected as four words: Iron Crane Bell Kite. But it uses substitutions too, such as “3” for “e”, so it’s not using a word straight from the dictionary. Along with the character length, this will make it harder to crack with a password generator (12 characters should be the minimum).
While you may have trouble remembering the exact characters, you can at least recall the overall phrase (Iron Crane Kung Fu is awesome). This is better than a completely random jumble of characters that, while strong, may be nigh-impossible to memorise.
Even if you forget your password, it’s better to have to reset the password than to have someone break in, right?
Example 2: Calendar Trinket Dock Shipwreck
Here’s another example of a strong password that isn’t easily cracked:
(Calendar, Trinket, Dock, Shipwreck)
Apart from disguising the dictionary words, this strings four random items together. It’s a little harder to remember than a phrase, but definitely easier to recall than a string of gibberish (Just visualise the four items and they’ll “stick” after a while).
Note that you can also deliberately misspell certain words -such as shipwreck- to throw off the pattern.
Strong password is the first step to improving your online defence
Staying safe online should not be taken for granted. Here are some other tips on how to #BSHARP and protect yourself in the digital space so you can live more, worry less.
That's great to hear. Anything you'd like to add?
We're sorry to hear that. How can we do better?