
How to Create the Perfect Password

Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more
With more and more of us shifting everyday tasks—banking, education, social interaction, even shopping for groceries—to the virtual world, securing our personal information has become more important than ever.
Strong Passwords Are the First Line of Defense
One of the simplest ways to help protect our financial and other info from prying eyes and would-be identity thieves is to use a strong password. Yet many people take a decidedly casual approach to choosing a password, with potential disastrous results.
Having your password compromised is no laughing matter. More than half a million hackers have a go at cracking Facebook passwords every single day. In an effort to protect its users, the site gives specific tips for protecting both your Facebook account and any financial information you may have saved on the site—unsurprisingly, choosing a strong password is high on the list.
Banks Are a Big Target
Facebook’s not the only place you have to worry about securing your financial info, of course. A 2013 investigation by Verizon found that, across 27 different countries, attacks on banks and other financial institutions account for a full 37% of data breaches.
In 76% of these intrusions, the hackers simply used a weak or stolen password to access the system. Password theft is one thing, but if all that separates a would-be thief from millions of dollars is the name of someone’s pet gerbil, it may be time to beef up password protocol.
What Constitutes the “Perfect” Password?
If you’re serious about security, a strong password will include a mix of upper and lower case letters, numbers, symbols, and even non-keyboard characters. It will be unique (using the same password for everything might be common, but it’s also spectacularly unsafe).
It’s also greater than eight characters in length, contains arbitrary phrases made using numbers and letters (e.g., “b4D P4S$W0Rd”), but no complete words. And no matter how secure your password is, it’s made more secure by changing it regularly.
Strong, adequate, or weak, no password can protect against every possible threat. But by following our tips, you can help keep your social media accounts in your own hands, make your financial info safer, and encourage meddling thieves and hackers to seek easier prey.
If you like illustrated guides, be sure to check out the Ultimate Guide to Web Hosting, and our other resources for webmasters.
Keep up with posts like this by subscribing to our RSS feed, or following @WhoIsHosting on Twitter.
Transcript: How to Create the Perfect Password
16 minutes – The time it took Jeremi Gosney, CEO of Stricture Consulting Group, to crack 10,223 passwords.
600,000 – The number of hackers that log into Facebook every day trying to breach users’ personal security.
$1 billion (£607 million) – The amount hackers take from small to medium sized bank accounts in Europe and the U.S, every year.
Don’t let your accounts be easy targets. Read below to learn how to produce the perfect password.
Weak Passwords | Medium-strength Passwords | Strong Passwords |
Made up of characters only | Mix of characters & numbers | Combination of upper & lower case letters, numbers & symbols |
1 – 6 characters long | At least 8 characters long | 8+ characters long |
Entirely lowercase | Both lowercase & uppercase | Upper & lowercase, numbers, symbols |
Use your name, your pet’s name, your birthday, other common names | Include a number or symbol | Contain made-up phrases |
Incorporate dictionary words | No dictionary words | No complete words |
Repeat previously used passwords | Changed regularly to prevent hacking / exposure | |
Contain keyboard patterns or swipes e.g. ‘QUERTY’ or ‘123456) |
How to Create the Perfect Password:
- Use lower and upper case letters, numbers and keyboard characters.
George Shaffer, a password expert, says that a password of eight characters in length, and one which utilises numbers, letters and keyboard characters, won’t be cracked for two years.
- Go for length over complexity . Use 15 characters or more.
1 Week – The average time it takes a hacker to ‘brute force’ crack a ten-character password.
1.49 Million Centuries – The average time it would take a hacker to ‘brute force’ crack a fifteen-character password.
- Don’t use dictionary words. Nor slang, nor names (particularly your own), nor variants of email addresses.
Instead use a passphrase that represents the password. For example, ‘Derek jumped for glory and failed miserably’ could be translated into ‘Dkjf9+fldmsrb1y’.
The advantage of passphrases is that they are far easier to remember than passwords made up of a nonsensical mesh of random characters such as ‘b4x87g-m’.
- Get yourself a password manager such as LastPass, KeePass or 1Password.
It can be hard to remember complicated passwords. A password manager will store all of your passwords.
None of the major password managers have suffered any breaches, except for LastPass which was possibly breached in 2011. As a result, they have incorporated many new layers of security.
LastPass and 1Password also offer password security for your mobile phone, so consider a password for your mobile too.
- Don’t disclose your password details to anybody.
And don’t write your password down on a post-It note for all to see. Record it and leave it hidden- away at home.
Think about it this way: you wouldn’t leave your front door unlocked if you went on holiday, so why choose to stick your password to your monitor at work? You’re potentially just as vulnerable.
- Be vigilant. Wherever you are watch out for people looking at your laptop screen over your shoulder. Don’t leave your laptop alone for any period of time.
Even if you are alone physically using a free Wi-Fi connection, that doesn’t stop somebody else in a nearby building potentially on the network looking to steal your data.. So, it’s all the more reason to opt for a password which follows the conventions as set out above.
Best Password Managers
1Password:
Cost – $40 (£24)
Benefits – Multiple vault capacity / Separate profiles for private & work / Password audit which detects passwords that haven’t been altered for a while..
LastPass:
Cost – Free
Benefits – Super-strong encryption (even LastPass can’t read it) / more authentication than any other password manager.
KeePass:
Cost – Free
Benefits – Available for all platforms mobile and desktop / Includes a random password generator / protects against ‘keylogging’ (when an application or dongle is connected to your computer which logs every keystroke you type; the information then being sent on to a hacker).
Follow these steps and you can be safe in the knowledge that your new password is secure… for now.
Sources
- Tips for creating the perfect password – abc15.com
- Password Strength – azteenchallenge.org
- Webscape: Perfect passwords – bbc.co.uk
- What is Internet Security? – bbc.co.uk
- Hackers Take $1 Million a Year as Banks Blame Their Clients – bloomberg.com
- Anatomy of a hack – arstechnica.com
- How to Create and Remember Strong Passwords – forbes.com
- Passwords – getsafeonline.org
- Why Post-It notes are not a safe way to store passwords – insidetechnology360.com
- Do I really need to worry about security when I’m using public Wi-Fi? lifehacker.com
- 1 Password 4 for Mac review: State-of-the-art password management for everyone – macworld.com
- How Strong is your Password? media.navigatored.com
- 5 Tips for top-tip Password Security – microsoft.com
- How to Create Strong Passwords and Passphrases – movements.org
- KeePass Review – pcadvisor.co.uk
- LastPass 3.0 – pcmag.com
- Password managers: Are they Safe? Which is the Best? – pcpro.co.uk
- Password managers: Are they Safe? Which is the Best? (Page 4) pcpro.co.uk
- Password Complexity Policy – portalguard.com
- The Simplest Security: A Guide to Better Password Practices – symantec.com
- How to Write the Perfect Password – technewsdaily.com
- Hackers go after Facebook sites 600,000 times every day – telegraph.co.uk
- Tips for Creating a Strong Password – windows.microsoft.com
Joe Vinsik
February 28, 2014
Phenomenal article. I’ve been using pass phrases for years without knowing it to great success. The only thing I would add to this is to include the site or product that the pass phrase is for within your pass phrase. For example, instead of using Dj4g+fldmsrbly (Derek jumped for glory and failed miserably) try Dj4LI+fldmsrbly (Derek jumped for LinkedIn and failed miserably. In this way, your password will defer for every site/product you use it for while still being easy to remember.
How to Create the Perfect Password [Infographic] – SocialTimes
May 12, 2014
[…] via whoishostingthis.com *featured image credit: Aurich Lawson / […]
Nerevar
January 25, 2015
An amusing article. Recalled another article.
George Hilman
February 21, 2017
Why do networks (e.g. ChaseBank.com) allow a hacker, who is targeting a particular customer’s account, to use an app that tries zillions of password combinations per hour in an attempt to crack that customer’s account?
It would seem that that kind of activity would be simple to detect and block.