Tips for Creating and Securing Strong Online Passwords

Table of Contents

Unless you happen to be living in the forest or in the 19th century, chances are that passwords play a critical part in your life.  They are the barrier between your intangible belongings – money, personal data, media – and the outside world.

Fortunately thanks to modern security measures, you don’t have to spend every waking hour sweating about the safety of your data.  95% of the time, anything that is meant for your eyes only, will remain that way.

But it only takes one breach to realise that having your online accounts hacked and information stolen isn’t just some hypothetical threat.  With improving technology, cybercrime is very much on the rise, and the chance of being a victim is increasing in kind.

Especially when you have weak or easily guessable passwords.  When it comes to securing all of your private data, ensuring that you have strong passwords is one of the easiest and most effective courses of action you can take.

Creating good passwords is only half the battle, however.  The strength of your password is only meaningful if you can effectively secure it.

In this article we’ll provide you with expert tips on how to go about first creating your password, and then ensuring that you’re the only one that knows it.

Creating Your Password

Use a Combination of Characters

The most noticeable characteristic of a strong password is that… it looks like an irregular mess of different characters.

In combining all the digits on your keyboard to create a gobbledegook phrase, you’re making it near impossible for your password to be guessed.  As a general rule, the more “random” a password, the better it is.  Here are a few recommendations for maximising randomness:

Include Uppercase and Lowercase Letters

You can increase your password strength by including both upper and lowercase letters.  The more variables in a password the harder it is to crack, so it only makes sense to liberally hit the shift button when forming your unique phrase.

Even if you wish to use a decipherable word or phrase, it’s still good practice to combine upper and lower cases.  For example, if you have “myconfusingpassword” as your password, you could change it to “mYcOnFusiNgPasSWord”.

(That said, you can still do much better – keep reading!)

Add Numbers Intermittently

Using numbers is a good way to add randomness to your password, but you can amplify the effect by using them non-sequentially.

Conversely, using sequences like “12345” or “98765” should be avoided at all costs.  Much like common phrases, these number arrangements are easily guessed.

Your best bet on incorporating numbers into a password, is to simply mash the number pad, or pick them at random.  If you’d prefer something more memorable, then using numbers that are meaningful – like a birth year or a lucky number – is an option.

It should go without saying, but you should never work sensitive numbers – like banking information – into your password. 

Incorporate Symbols or Special Characters

Symbols and special characters are commonly overlooked during the password creation process, but their inclusion allows for additional character combinations, and thus greater password security.

The most frequently used symbols are #,@, $, %, and !, but really any symbol is fair game.  In fact if you want to increase the strength of your password, you’re better off choosing lesser-known symbols.

A sneaky but clever way to use symbols and special characters is to work them into actual words or phrases, replacing similar looking letters and symbols.  For example:  “$Un$h!n€” or “p@$$w0rd” (although any variation of this word should be avoided).

Make it Lengthy

When creating passwords, length is a key component. The longer a password, the stronger it is. Of course, no one wants to be having to remember 35 character passwords, so the recommendation is:

Use at Least 12 Characters

Using at least 12 characters improves your password safety, giving you greater defence against even the most sophisticated hacking methods. This many characters usually means that you’ll be using multiple words with numbers and symbols.

If you are going to use less than 12 characters, be sure to implement as many of the other suggestions in this article as you can.

Don't Use Common Words or Phrases

Using common, easily guessable phrases and words as your password is a big no-no.  More specifically:

Avoid Using Personal Information (Pet Names, Birthdates) or Common Words

Passwords needn’t be a jumble of characters that you’ll never remember, but any words you do use should be unpredictable.

Opting for common, single words and phrases – think “football”, “princess”, and the most egregious of all: “password” – is a hacker’s dream, and should be avoided like the plague.  Even clever variations of these words are amongst the first a cybercriminal will try, so it’s best to forgo them entirely.

Using personal information like pet/family names and birthdays is also a bad idea, as this information can usually be found by hackers via your online footprint (mainly through social media and any online posts that you or others have made).  If you do wish to use such phrases, they should always be part of a longer password with other unrelated words, numbers and characters.  With that in mind:

Consider Using a Passphrase Instead of a Single Word

A passphrase describes a password with several words and numbers that can’t easily be guessed.  One or several of these words & numbers can be meaningful to you, making the phrase easier to remember.

For example, you might use a place you lived (Berlin), a small memory (an Aloe plant you had), an emotion (courage), an achievement (PhD) and the age you were (27) for form the passphrase: “BerlinAloecouragePhD27”.

This has the appropriate level of complexity, obscurity, and length, making it hard for anyone to work out.

If we’re adhering to password best practices however, it’s preferable to not use any personal information whatsoever.  Alternatively you can make a passphrase by picking several random and unrelated words that are easily memorised, such as “ObligatoryBarbequeJupiter”.

You can also create a passphrase by taking a sentence that may or may not be true and distorting it using the discussed tricks.  For example:  “I Love Sally Forever” becomes “iL0v£$@Lly4eVer”.

(This passphrase is especially good if you don’t know anyone called Sally).

Don't Reuse Passwords

Remembering multiple passwords is difficult, and so many people resort to using the same one for several accounts.

The risk of doing this should be fairly obvious:  if your password is cracked, then the hacker will have access to all of those accounts.

Instead of reusing passwords, you should:

Use Unique Passwords for Each Account

Having many passwords can be confusing and frustrating, particularly if you have dozens of online accounts (which most people do).  Even so, using the same password across multiple accounts isn’t a safe practice for anyone.  Once a hacker uncovers your password, it’s not unusual for them to try the same login details on other accounts

Therefore it is essential that you choose unique passwords.  If you’ve already used the same password multiple times, then you are strongly advised to go and change to a new one (for every account).

For a lot of people (including yours truly) remembering 20+ original passwords will sound like an impossible feat of brainpower.  Fortunately, there’s a solution…..

Consider Using a Password Manager

Password manager software stores all of your passwords, as well as generating new ones when you need them.  This tool solves the problem of having to memorise numerous unique strings of characters, and ensures every password you use is maximum strength.

It is a good option for many, though there are a couple of obvious shortcomings with this method:

Firstly having all your passwords stored in one place seems dangerous, and secondly putting your passwords in the hands of a third party company also seems dangerous.  (Not to mention that you still need to remember a strong password in order to access your password manager).

These are all very fair hesitations and the reality is that when it comes to password management, there are no perfect solutions.

However, any password manager worth its salt will have additional layers of security, such as two-factor authentication and biometric authentication.  And it’s worth noting that the entire business model of password management companies depends on keeping your information secure.  That isn’t a guarantee of safety, and it’s important that you do your research and opt for a reputable service, but on the whole password managers are a reliable and secure option.

Change Passwords Regularly

With hacking methods becoming more and more advanced, even the best passwords are susceptible to being uncovered.  Which is why it’s a good idea to change your passwords with some degree of regularity.

To ensure you stick with this practice, you should:

Set a Schedule for Password Changes

If you’re serious about your password protection, then scheduling regular changes is a sensible strategy.

How often?  That’ll depend on how much security you seek.  Passwords should be changed at least once a year, though security conscious individuals/organisations might consider doing it every few months.  Changing every month is probably overkill, but it depends on your circumstances.

When making a change, be sure to apply all of the recommendations in this article.

Securing Your Password

Avoid Public Wi-Fi for Password Entry

With public WiFi so widely available – in coffee shops, airports, shopping malls – it’s easy to just log on without giving two thoughts to security.  But these kinds of “open” networks are accessible to anyone, and thus can easily be compromised by hackers.  Not only can your device be accessed by intruders, but there is the threat of having your passwords stolen

To keep your device(s) safe while waiting for your flight/sipping on a latte, there are some uncomplicated security measures that you can take: 

Use a Virtual Private Network (VPN)

A Virtual Private Network encrypts your internet connection, offering an extra layer of security and privacy for your passwords (along with all online activity). VPNs are especially helpful when wading into the unknown waters of a public network, as they give you protection against hackers that might be roaming (with evil intentions) on the same network. 

VPNs come in all shapes and sizes, with varying levels of subscription fees.  This isn’t something you want to cheap out on though; your priority should be choosing a reputable service that offers strong encryption and compatibility across your devices.

Only Enter Passwords on Secure, Encrypted Websites

Securing your passwords isn’t just a matter of strengthening and concealing them, but also using them wisely. 

That means only using your passwords on encrypted websites.  This is something which can be identified in your browser bar – an encrypted website is typically represented by a lock symbol and the “HTTPS” address extension (HTTPS is a form of encryption).

If HTTPS isn’t used by a website – some older websites use the less secure HTTP – then you should avoid entering any passwords or sensitive information.  Without HTTPS, there is a greater chance of your passwords and information being intercepted.

The good news is that the vast majority of websites that deal with sensitive information are HTTPS encrypted.  So that’s one less thing to worry about.

(But do the smart thing and check, anyway).

Be Cautious of Phishing Attempts

Phishing is an age-old internet scamming strategy whereby cybercriminals will bait users into providing sensitive information like passwords and credit card details.  It most commonly happens via email, though phishing can be performed through text messages (including WhatsApp), social media, and even phone calls.

To protect yourself against phishing: 

Don’t Click on Suspicious Links

The majority of phishing attacks involve the use of fake links.  Many times these links will appear legitimate, but will actually direct you to an imposter website to collect sensitive information like your password.

As genuine as these links may appear, there is usually a giveaway within the URL that it is a bogus website.  If you cannot identify the difference between real and fake, the safest thing to do is to avoid clicking on links (and banish the email/message into the depths of your trash).

Be Wary of Emails or Messages Asking for Password Information

Phishers create convincing looking emails instructing you to “login” or “provide payment details”, which are of course just duplicitous ways to access your private information.

Thanks to their ability to imitate banks and online retailers like Amazon, phishing attacks of this variety are quite effective.  They prey on inexperienced internet users that won’t think twice when presented with a realistic looking email.

It’s hard to make phishing emails disappear from your inbox entirely, so it’s essential that you remain highly sceptical of any unsolicited emails.  Bear in mind that legitimate companies and banks never ask for sensitive information like passwords via email.  If unsure, it’s best to contact the real company by other means (give them a call) to check the authenticity of the request.

Other Tips for Keeping Passwords Secure

Don’t Write Passwords Down

For individuals that still remember how to use a pen, there may be a temptation to put your passwords to paper.

Recording and storing sensitive information on paper has its dangers/security concerns, so isn’t advised.  If you can’t memorise your passwords, then a password manager is a better alternative .

Consider Using Two-Factor Authentication

Two-factor authentication or 2FA, protects your accounts by requesting two forms of identification in order to gain access.  On top of your password, this is usually in the form of a code (with a time limit) that is sent to your phone.

2FA is now a common form of security used by online services, but in many cases is still an optional feature.  Make sure you enable it!

Use Biometric Authentication When Possible

Biometric authentication is a relatively new method that offers an additional, robust level of security to devices.  That’s because your biometrics cannot easily be stolen in the same way as passwords, and they are very difficult to replicate

Fingerprint and facial recognition scanners are becoming ubiquitous on phones, and such is their effectiveness that they are even rendering passwords redundant.

With that said, your best bet is to use passwords and biometric authentication, together.

In Conclusion

When you’re used to just using your Mother’s maiden name to access your online banking, the process of creating and securing strong passwords can feel a touch convoluted. Perhaps a bit unnecessary.

However, the exponential growth and development of cybercrime tells us that optimising and securing your passwords should be treated seriously, and with a matter of urgency.

By using a combination of the aforementioned password tips, you can rest assured that all of your accounts, data, and finances will remain safe, to be accessed by you, and only you.