How to Secure My Password

Tips
by Brandon Skies
October 28, 2024

What are the most important factors when it comes to protecting your virtual privacy and security? Adopting good digital hygiene practices? Definitely. Securing your system with a reliable and up-to-date protection software? Also yes. But what about your passwords – are they up to par with the accepted security standards? Maybe, but maybe not.

Did you know that “123456” still reigns as the most commonly used password, right next to the word “password” itself? As comedically weak as these passwords are, there are still millions of people who use them to protect their main email accounts or even their accounts on financial sites. In fact, many sites outright ban the use of such passwords in an attempt to encourage users to think of something that won’t take hackers mere seconds to crack.

And I get it, keeping track of many complex, random passwords at once is difficult and we don’t always have the mental bandwidth to deal with all that. But it’s also absurd how people always seek the best antivirus and worry about malware all the time, but rarely consider that the same password they use on all their accounts can be brute-forced by a hacker in under a minute.

So if you think you might also be guilty of using weak, predictable passwords, this article is for you. It will help you determine if and how strong (or weak) your password is and also assist you with forging new ones for all your accounts that matter.

ways to tighten your password and security

How Secure Is My Password?

The thing you must first understand is that passwords can be cracked even if a hacker doesn’t have access to your device or any of your online profiles. There are tools that simply run through millions of possible combinations in a short period of time until they “guess” a particular password.

This means that the shorter and more “guessable” your password is, the quicker such tools can crack it. But here’s the kicker: while a basic password can be cracked within mere seconds, a long and complex one can technically take millions of years to guess by such tools, which means it’s practically uncrackable (at least via such “brute force” methods).

Now that I’ve explained this, let’s see how well your password would fare in a brute-force attack.

password strength chart

Assessing the Strength of Your Password

There are two main factors that determine the “raw” strength of your password: complexity and length.

Complexity

A reliable password is more than just a random string of letters or numbers. It needs to be complex, which generally means two things:

  • The password must use a combination of uppercase and lowercase letters, numbers, and special characters.
  • The password must avoid common phrases, sequential numbers, or easily guessable information like birthdays or pet names. For instance, “Password123$” is far less secure than a complex alternative like “P@55vV0rdd!”.

Most reputable sites nowadays outright require you to have such character variety in your passwords when creating a new account. However, they generally don’t ban the use of sequential numbers or easily guessable info, so avoiding this mistake is on you.

secure password

Length

Password length must also not be underestimated. In fact, when it comes to brute-forcing a password, length generally plays a bigger role in the password’s strength compared to complexity.

  • A 10-character password can take millions of years to crack with brute-force attacks, while a 6-character password might only take seconds.

While eight characters have long been considered the minimum for password length, longer passwords are significantly more secure. Each additional character exponentially increases the number of possible combinations, and, as you can see, we are talking about a huge difference in password strength.

strong password

Complexity vs Lenght

Note that the password “MyPassword” (10 symbols) is categorically better than “Dr0v5@p” (7 symbols). Maybe the longer one will take more time to brute-force, but there are other methods to “guess” a password, such as dictionary attacks, where common phrases are used to try to break into an account. That is why your password must be both long and complex.

Pro Tip: How to Make Complex and Long Passwords Easy to Remember

One useful strategy that results in reliably-strong passwords is to use a phrase. It must be a sequence of words that are easy for you to remember but difficult for others to guess. For example, “BlueHorseTreeSky” combines unrelated words into a memorable phrase.

It will take you a couple of minutes to memorize it but it will take a huge amount of time for an automated tool to crack it and it will be nigh impossible to guess by a human.

And if you want to make it even harder to crack, just replace some of the letters with numbers or symbols like so: “BlUe#Horse7Tree$Sky“. Now this is a password that no one is brute-forcing within the next couple of million years.

How to Secure Your Password

Now you know what constitutes a strong password and you have an actionable strategy to make sure your passwords fall into this category. However, there’s more to securing a password than simply making it long and complex.

There are several other practical steps you can take to ensure that the entrance to your accounts is as possible:

Employ a Password Manager

Password managers are specialized tools that let you store all your passwords in one secure place that you can access through a master password – the only one you’ll need to remember.

These tools can be very helpful, but I am not saying that everybody needs one. However, in some cases, especially if you need to juggle multiple complex passwords for highly important accounts, it really makes sense to use such a tool.

  • Dependable managers such as 1Password or Bitwarden can generate, store, and autofill strong passwords for all your accounts. They use encryption to protect your data and often sync across devices to provide both security and convenience.
  • You’ll need to remember one strong master password to access the password manager. Make this password as secure as possible since it guards all your other passwords.
  • Avoid Browser Password Managers: While browsers like Chrome offer built-in password storage, they are nowhere near as secure as dedicated managers, so I don’t recommend using them to store your passwords, especially the ones for important accounts.

But as I said, not everyone needs a password manager, and the next tips will be enough for most users to secure their passwords without using one.

Consider Writing Passwords Down (on Paper!)

In a world where nigh all data is digitalized, going old-school and physically storing important info can give you an unexpected advantage. If password managers aren’t your thing, you can just write your passwords on a physical piece of paper and store it in a secure location (e.g. a locked drawer). Now let’s see how a hacker gets their hands on your password!

password paper

Obviously, you do need to make sure it’s kept out of sight, and only you know where it is. I agree this is notably less convenient, but if you need to remember a very long and complex password to an account on a financial site, then the inconvenience is definitely worth it.

DO NOT RECYCLE PASSWORDS!

As someone who’s been guilty of this, I am now telling you that you must absolutely not use the same password across several accounts, also known as recycling a password. Even if you are using a single very strong password, if it somehow ends up in the hands of a hacker, they’ll now be able to access all your accounts.

password recycle

And since it’s tedious enough to have to keep track of multiple complex passwords, I do not recommend gaming to update them all every 60 or 90 days as some experts advise. You’ll likely end up lowering the complexity of your passwords for the sake of convenience which, in turn, makes them easier to crack.

Come up with several very good passwords for your most important accounts (personal and work-related emails, financial sites, social media, etc.), remember them, and don’t change them unless there’s a specific reason to do it.

Enable Multi-Factor Authentication (MFA)

I get really annoyed every time I want to log into my Google account and am asked to confirm it’s me on my phone. However, this small inconvenience makes access to such important accounts infinitely more secure. Even if your password gets cracked, the rogue actor will still not be able to access an account that uses multi-factor authentication (MFA).

multi-factor authentication

It’s very rare for hackers to have the means to pass that second or third security checks. And, besides, even if they do, it’s hardly ever worth investing the time and effort to break through multi-factor authentication, unless there’s something super valuable on the other side.

MFA adds an extra layer of security by requiring additional verification beyond just your password. This could be a fingerprint scan, a security token, or a one-time code sent to your phone or email.

  • Use authentication apps for sites that don’t use them by default: Apps like Authy, Google Authenticator, or Microsoft Authenticator are all valid third-party options that let you use MFA on different sites.
  • Register Trusted Devices: Both third-party and built-in authenticators let you add trusted devices, which lets you log in from them by only using your password.
  • Remove Trusted Devices: If you lose your phone or laptop or if they get stolen, you must remove them from the list of trusted devices, so other people can’t use them to access your accounts.

Be Vigilant Against Social Engineering

Brute-forcing a password is only one way to break into your accounts. Another very common and effective technique is the use of different forms of social engineering scams. It is, therefore, essential to be able to recognize these scams and avoid sharing your passwords with disguised scammers.

  • Phishing Emails: Never click on suspicious links or download attachments from unknown senders. Also, never fill in your password or banking info after they’ve been requested from you through an email message.
  • Verify Requests for Information: Always remember that legitimate organizations will not ask for your password via email or phone. If someone asks for such info in those ways, it’s a scam!
  • Learn to Spot the Red Flags: Educate yourself on the main red flags typical for different types of social engineering scams.

The use of social engineering to gain unauthorized access to a user’s accounts heavily relies on the human mistake factor.

Often, these scams are blatantly obvious, and just by using common sense, most people should be able to spot them. However, they prey on people’s emotions and fears, which is why you must always approach strange online requests with a cool head and rational thought.

Check for Compromised Passwords

Yet another way hackers can get their hands on your passwords is through data breaches. Sometimes, large databases of different sites get hacked, and the criminal actors gain access to thousands, if not millions of passwords. And if yours is among those passwords, your account might get compromised.

That is why I advise you to regularly check if your passwords have been exposed in data breaches.

  • Use Monitoring Tools: Services like Mozilla’s Firefox Monitor, Google’s Password Checkup, and Have I Been Pwned can alert you if your email addresses or passwords have been compromised.
  • Act Promptly: If you discover a breach, change the affected passwords immediately and monitor the related accounts for suspicious activity.

It’s not necessary to always update all your passwords at regular intervals, but you should definitely do so if you learn that a particular password has been compromised in a data breach.

Pay Attention to the encryption of sites.

When you enter your password or other sensitive data (e.g. credit card number) on a website, you must make sure it is transmitted and stored securely:

  • Look for HTTPS: Ensure that websites use HTTPS which indicates an encrypted connection. A padlock icon in the address bar usually signifies this.
  • Trusted Networks Only: Avoid entering passwords or other sensitive data while using public or unfamiliar networks.

Most of the time, your browser will tell you when you are on a site that doesn’t securely encrypt the information you enter, but you should still be vigilant and always check the URL of unfamiliar sites before sharing important info.

The Importance of a Secure Password

It’s a very big mistake to underestimate the importance of strong and secure passwords. It’s also very irresponsible to use easy-to-guess passwords or a single one that’s the same for all your accounts. Huge chunks of our lives now exist in the digital world and are only protected by a short sequence of letters, numbers, and other symbols.

You wouldn’t want an intruder to break into your house, so you lock your doors. Similarly, you don’t want anyone but you to have access to your important online accounts, and the way to ensure this is to change that “123456” password to something more reliable. The tips in this post can help you with that, but it’s up to you to apply them.


About the author

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

View all posts

Leave a Comment