In discussing security, one topic always comes back to passwords – those problematic keys to your digital ‘houses’.
Key to security (sorry, couldn’t resist), passwords are a paradox – the best, most secure passwords are random and hard to remember, but then they make it hard to remember for the owner, too.
In the end, a hard-to-guess password is TOO hard, and they have to be stored somewhere or written down (which makes them perfect for ’social engineering’, otherwise known as snooping or dumpster diving).
Once a scrap of paper with your password on it falls into the wrong hands, it doesn’t matter HOW secure it was supposed to be – your security is now toasted.
Of course, sometimes you have a good storage location. For example, the Open Source program Truecrypt allows you to create secured ‘drives’ where you can put anything in (including your passwords) – so in this case, random works quite well, and you can use anything that sounds good.
Table of Contents
Why Choose Secure Password?
We’ve all heard horror stories of hackers breaking into some stranger’s online account and stealing private information.
Maybe you don’t believe it can happen to you, or maybe you do – either way, it’s not something many people would want for themselves or their family members.
A strong password is one of the best ways to protect your accounts and personal information from these sorts of attacks that are known as ‘hacking’.
The truth is that even though most websites are safe, there will always be a small chance someone may break-in. This type of hacking is commonly known as ‘breaching‘.
Going with an easy-to-break password choice like “1234” may seem clever at first glance but there are so many easier passwords out there that it will be trivial for hackers to break into your account.
Another great reason to pick a strong password is that you wouldn’t want someone else gaining access to your account and using it without your permission, right?
In this case, a strong password would also protect you from friends or family members who may try to access your accounts. A strong password would keep them out too!
For example, here’s a simple generator below you can use for a 16 character password composed of upper and lowercase characters, plus digits:
6 Ways To Create A Secure Password In 2023
1. Simple Password Generator
Click to get a random password you can copy and use.
Of course, these solutions still have one flaw – you need a master password to hold these password vaults – and that password needs to be stored somewhere. What to do?
Here’s a trick for easy passwords – while not as secure as the random kind, it benefits from being easy to remember, but hard to guess. And the result is you don’t write them down, so they end up perhaps being better than other passwords.
Take a phrase you know from a poem or book, and take just the first letter of each word for your password.
For example,
it was the best of times, it was the worst of times
gives us
iwtbotiwtwot
A few notes about this trick:
- Avoid phrases that come from your interests. If you’re a Dickens fan, the above password is a bad idea. If you’re a religious person, don’t quote the Bible. And if you are a poetry major, avoid poems!
- The more obscure the better. As long as YOU remember the phrase, then you’re doing good.
- Longer is better. doubling a password doesn’t just double the number of choices – it increases them exponentially. For example, a 2 (bad) character password composed just of digits has 10*10 or 100 possible choices – taking it to 4 digits doesn’t double (to 200) but squares (to 10,000) the choices – much better.
- Shorter can sometimes work, too. I once added a long password to PayPal – and it broke. It turns out they limited their passwords length, and my password was a character or two longer than that – so my 17 character password was truncated silently, and I couldn’t log in. I’ve noticed many sites don’t bother to warn you about maximum password length, so be aware of that if you try a really long password and it goes funny. In my experience, 15 characters maximum usually works.
- The first letter isn’t sacred. For example, your password could be the last letter of the phrase, or the second, or alternating between first and last:
tsetfstsetfs
tahefitahofi
isttosisttos
– or any other pattern you want – only you have to remember what it is.
Creating passwords this way can help improve your security while making it easier to remember and change them. Because they are so easy to come by, you can change them often – perfect for security, since passwords should be changed frequently.
2. Do Not Reuse Password
A lot of people share their passwords with co-workers or friends, but this is a security risk.
It may seem convenient to use the same password for your work and personal accounts, but this will lead to cyber criminals accessing all your passwords if they ever guess one of them.
Remember never to share your passwords with anyone. This includes your colleagues, the IT/support team, customer service/helpdesk personnel, family members, and friends.
Also be aware that phishing emails, smishing texts, and vishing calls that ask for your password information can occur any time – do not reply or provide any personal information in response to these requests.
When you change your password, do so for all accounts and services. A good technique is to use a phrase or sentence and take the first letter of each word.
That way, every password is unique and strong. For example, if your phrase is “I go running on Mondays,” you can create a password such as “igomonday1”.
3. Things You Should Always Avoid While Choosing Password
One of the pieces of information that you should never include in your passwords is your pet’s name, birthday or that of family members, any words related to your hobby, job, or interests, part of your home address including city/town, street, house/apartment number, or country. Your name or the name of a family member.
Cybercriminals research their victims online looking for clues that can help them hack their passwords.
And they will use any clues about you online to help them get into your email accounts and other websites where you’re signed in with the same username and password.
4. Do not Respond to Fake Friend Requests
I’m guessing you’re reading this because you’re wondering if the same thing has happened to you. Has someone sent you a friend request that doesn’t seem right?
Did they message or chat with you? I’m glad I found this page, hopefully, it will give me some peace of mind.
No one in my life would ever send me a friend request without warning beforehand. I always make sure to verify the person before accepting the friend request.
However, after someone sent me a friend request that seemed suspicious, I figured there must be other people who are in the same situation that are reading this article looking for advice on what to do next.
5. Use Password Manager
A password manager can store all your passwords for you and help you remember them. It will keep them securely online and never ask for your master password.
Instead, it will use another password that only you know.
Your passwords are kept in a database. To fill in your username and password when you visit a website, the manager will ask you for your master password or an authentication code if one is available on your mobile device.
Then the manager will fetch your corresponding login information from its database so that you don’t have to remember it yourself.
Some password managers can even generate strong, unique passwords for you on the spot, which means that you won’t have to come up with good passwords all by yourself.
Password managers are pretty useful nowadays when lots of people want to make accounts on different websites. Here are some examples of popular services you can store in a password manager:
Facebook, Twitter, Gmail, Yahoo! Mail, etc.
6. Find If Your Password Is Stolen?
In today’s world, your email address and password can be exposed in a data breach, either from a malicious hack or from an unsuspected third party.
It is important to know that these services exist that can help you find out whether your email addresses and passwords have been leaked to the public eye.
After finding out if your account has been compromised, see our guide on how to protect yourself.
1. Firefox Monitor
Mozilla’s Firefox Monitor is a free service that will tell you if your email address has been exposed to any known data breaches.
It also offers to change your password for you, so you can ensure it’s secure to use again. To check if your email address has been exposed using this service, go to firefox.com/monitor.
2. Google Password Checkup
While Firefox Monitor will only show you if your email address has been exposed in a data breach, Google’s Password Checkup is another free service that will let you know if any of your passwords have been compromised as well.
If it detects that one or more of your passwords have been compromised, it will let you know so you can change them.
After changing your passwords, Google Password Checkup will automatically update to ensure they are secure in the future.
To check if your password has been compromised using this service, go to myaccount.google.com/securitycheckup.
3. Have I Been Pwned?
Have I Been Pwned is another free service that will tell you if your email address has been exposed to any known data breaches?
It also offers other security services, like password generation, to keep your accounts safe. You can see which sites use the same passwords here to ensure you are using unique ones for all of them.
Quick Links
