Guide to Creating Strong Passwords
Key Elements of a Strong Password
Important factors that contribute to a strong and secure password:
- Length: Longer passwords are typically stronger. Try to think of a password at least 12 characters long.
- Complexity: Use a mix of different characters, words, and phrases.
- Balance: Aim to have the number of uppercase characters close to the number of lowercase characters.
- Special Characters: Include special characters to boost password strength.
- Numbers: Use numbers throughout the password, such as an easily-to-remember number at the end or as substitutes for letters.
Password Strength Factors
My password strength tester gives its rating based on the following criteria:
- 0.5 points for each character in the password
- Up to 5 points for balanced use of uppercase and lowercase letters
- 2 points for each special character
- 0.5 points for each number
Tips for Creating Strong Passwords
- Use a passphrase: Combine multiple unrelated words. Example: "false horse ball staple"
- Add complexity: Substitute letters with numbers or special characters that look similar. These passwords are easily read by humans, but are much harder to crack for machines. Example: "F@ls3_h0rs3_baL1_st@pl3"
- Avoid personal information: Don't use birthdays, names, or any easily guessable information (everyone is guilty of this). For example, if you were born in 2006, having your password end in 06 is easier to guess.
- Make it unique: Use different passwords for different accounts. You don't every single one of your accounts to be compromised if hackers find a single password.
- Consider a password manager: These tools can generate and store complex passwords securely, as very strong passwords are almost impossible to remember.
Example of a Strong Password:
"0lH$_m@tH+Sci3ncE_@cAdemY!" scores a 25.5
This password is long, uses a mix of character types, balances upper and lowercase, and incorporates special characters and numbers. However, it is still readable to humans and is possible to remember, as it contains real words, not just gibberish.
Common Mistakes to Avoid
- Repeating characters or patterns
- Using keyboard patterns (e.g., 'qwertyuiop', '1234567890')
- Relying solely on length without complexity. If your password is 20 characters long but is just a sentence with all lowercase letters and no numbers or special characters, computers can brute force it very easily.
Remember: While following these guidelines will aid in creating a strong password, it's equally important to practice other good security habits, such as enabling 2FA (two-factor authentication) when available and regularly updating your passwords (every month to every 6 months depending on what information you are trying to secure).
Two-Factor Authentication
Two Factor Authentication (2FA) adds extra security to your private information by requiring two forms of identification to access an account. Examples include:
- An Email with a confirmation link or code
- A text with a confirmation code
- Personal Questions/Symbols to answer/pick correctly (like classlink)