Good Passwords To Use For Online Safety {With Detailed Info}
Easy-to-remember passwords can resist brute force and dictionary assaults. Try our expert's tips about easy to remember and hard to crack, good password to use for impenetrable accounts.
Identity theft, fraud, breaches. These remarks are in the headlines and have hurt millions. These crimes will persist.
In this information age, we need passwords. Weak passwords can compromise our privacy, financial, and other security. Thus, strong passwords are crucial. Strong passwords are lengthy and difficult to remember. Even with a good memory, remembering a strong, complex password is challenging. How do you create a strong, easy-to-remember password? Two basic techniques to generate a strong, easy-to-remember password.
Do you consider password security? Do. Passwords secure bank accounts, credit cards, and home computers. Because of that, remembering several passwords can be stressful.
The list of easy to remember but hard to guess password suggestions below will help you stay one step ahead of hackers. We also describe the distinction between strong and weak passwords, offer good password ideas for making current one stronger, and outline the primary techniques employed by hackers to break passwords.
Passwords That Are Easy To Crack
Every year, global cybersecurity firms evaluates millions of leaked passwords to compile its annual list of the worst passwords. According to the most recent report, the same predictable, easy-to-guess passwords that are easy to crack top the 2018 List of Worst 100 Passwords:
- 12345
- 123456
- 12345678
- 123456789
- Password
ad
1111, admin, 123123, iloveyou, welcome, and 123abc are some other bad passwords. According to SplashData, nearly 10% of computer users in North America and Western Europe have used at least one of the 25 worst passwords on this year’s list.
Easy To Remember – Hard To Guess Password Ideas
Developing a method/scheme to generate passwords that are easy to remember yet difficult to guess is one solution to this problem. Here are a few suggestions for password creation.
- Use a password characters that combines common and unique characters. For example, if you’re a dog lover and you use the stock symbol (or another way to represent the company), your Yahoo password can be “yhoodog2015.”
- Transform a passphrase into a password. “A Coke and a grin” could also be written as “aCokeAndASmile.”
- Create a compound term by combining several simple words. “My dog Odie” can become “MyDogOdie.”
- Take a word or phrase and eliminate its vowels. Fly like an eagle is shortened to “flylkngl.”
- Choose a memorable word or name and a number with the same length as the word, then combine them. Kennedy plus 1234567 equals K1e2n3n4d5d6y7.
In addition to these tips, it’s always a good idea to mix capital and lowercase letters in your password and include special characters (@, $,!, etc.) to make it more difficult to guess or hack. Simply do it in a way that is simple to remember, such as replacing each letter S with a $ or a 5. To make your password even more secure, keep in mind that longer is superior.
The following table explains how various techniques can be used to strengthen your password. It details numerous passwords and the amount of time required to crack them.
| Password | Time to Crack | Method to Strengthen |
|---|---|---|
| Password | < 1 second | No method |
| P@55w0rd | 3 days | Replacing letters with symbols and numbers |
| wbmidog01 | 7 hours | Company representation, a word, and a number |
| Wbmidog01 | 39 days | Same as above, but added an uppercase letter |
| 1Xa5jK@9# | 275 days | Random 9 character password |
| Du4*fB9$0t | 58 years | Random 10 character password |
| T4@nk$J04n@bil | 2 billion years | Using mixed case and replacing letters with numbers and special characters. (Says Thanks John a Billion) |
| K1e2n3n4e5d6y7 | 98 billion years | Intermixed letters and numbers |
READ MORE:
- Everything you need to know about how to generate random password online
- Learn how to reset TikTok account password
As demonstrated, there are methods for creating passwords that are simple to remember but difficult for others to guess. You won’t need to write them down on paper and adhere it to your keyboard if you do this. What ideas do you have?
How to Create a Good Passwords
A strong password is a unique word or phrase a hacker cannot easily guess or crack. Here are the main traits of a reliable, secure password:
- At least 12 characters long (the longer, the better).
- Has a combination of upper and lowercase letters, numbers, punctuation, and special symbols.
- Random and unique.
While complexity improves password security, length is the key characteristic. The best way to make a password strong is to make it long. For example, look at these two passwords:
- 89&^598
- ILoveMyCatLordStewart
While 89&^598 is entirely random, the first password is less secure than the second one. A password-cracking program could guess the 89&^598 in about 44 hours while cracking ILoveMyCatLordStewart would require 7 years of constant processing.
However, even the 7-years mark is not enough to call a password safe, which is why all strong password ideas below lead to phrases that take significantly longer to crack.
Generate Good And Hard To Crack Password With The 4 Random Words Method
One of the simplest yet most effective strong password ideas is to throw 4 or more seemingly random words together. Just make sure that:
- The password is at least 12 characters long.
- The words do not have any natural flow to them (such as My Name Is Steven).
- You separate words with either spaces, punctuation, or special symbols.
Some examples of these passwords (and how to remember them) include:
- Phoenix Drive Cafe Office (“I work in Phoenix and drive by a cafe every day on my way to the office”).
- Seattle, Kindle, Coffee, Planes (“Seattle is the birthplace of Amazon, Starbucks, and Boeing”).
- Minnesota Airplane Boston Christmas (“I live in Minnesota but fly back home to Boston every Christmas”).
The time needed to crack the Phoenix Drive Cafe Office password: 2 million years
Use an Entire Phrase
A custom phase can be used as a password if you don’t want to remember a random string of words. However, you shouldn’t rely on a well-known saying or quote. Words within a phrase flow together better than random words and are simpler to remember.
Whether to insert spaces between the words is up to you (if the website accepts spaces within passwords). Here are some excellent examples of personalized language:
- You can actually use spaces in your password!
- Myboysareinthehighschoolbasketballteam
- I would prefer to go to Gryffindor pls
The time needed to crack the You can actually use spaces in your password! password: 4 hundred trillion years
Use a Custom Acronym
To make a password that is both memorable and strong, use an acronym. For instance, you could use the words “My son was born at a Liverpool hospital in 2002” and the first letter of each word to make the password “Mswb@aLhi2002.”
If you decide to use this approach, make sure your password is not based on a well-known phrase (such as Tb,on2b,titq). Here are some wise suggestions:
- IoaBMW,wa5782p. (“I own a BMW, with a 5782 plate.”).
- H!Mnpintd2r! (“Hey! My new password is not that difficult to remember!”).
- 2015wtyIbm1h. (“2015 was the year I bought my first house.”).
The time needed to crack the IoaBMW,wa5782p. password: 42 million years
Use the Keyboard Layout
Another good password idea is to make a unique pattern using the keyboard layout. For instance, you can use the keys above and to the right of the letters to remember something straightforward, like a name (Jane Austen, for instance) (Iwj4 W8e64j). Good examples include:
5pr 0t 6u4%9jye (“Lord of the Rings”).
45k9jwp Y5wjr F4j65wp (“Grand Central Terminal”).
J43 &05 _w5o F4j65wp (“New York Central Park”).
The P05r 0t 6u4%9jye password could be cracked in 698 million trillion years.
Make a Simple Formula
You can make up a custom formula to create a reliable password. For example, you can take any phrase and replace every letter with the next one in the alphabet:
- Cucumbers are tasty! -> Dvdvncfst bsf ubtuz! (time needed to crack: 762 billion trillion years)
You can also take the first letter of every word from the chorus of your favorite song:
- Mamma Mia chorus -> MmhIgammhcIrymmdisammjhmimy (time needed to crack: 129 million trillion years)
These examples may seem like gibberish, but that is exactly what you want to achieve.
Vowel Switching
Take any phrase and replace one vowel with another (for example, A with E). As always, have at least 12 characters and use a random phrase for max protection:
- “Every Monday, I wish it was Friday 🙁 ” -> Every Mondey, I wish it wes Fridey : (
- “I like a pub with an all-night open-bar policy” -> I like e pub with en ell-night open-ber policy
- “I hammer nails, but nails hammer the board” -> I hemmer neils, but neils hemmer the boerd
The time needed to crack the Every Mondey, I wish it wes Fridey : ( password: 307 million trillion years
Shorten Each Word
Remove the first three letters from each word in a memorable phrase (don’t worry if the process eliminates the entire word):
- “Weekends are for football; weekdays are for work!” days of the week are football!
- Fridays are better than Thursdays, even though Thursdays are fantastic.
- My second favorite sport is basketball, behind hockey. Key to basketball operations
The time required to figure out the days and weeks puzzle! secret phrase: 184 billion years
The Sentence Method (Bruce Schneier Method)
Think of a random sentence and transform it into a password by taking the first two letters of every word. For example:
- “I wish I had more time to think of better passwords…” -> IwiIhamotitothofbepa…
- “Driving by a McDonalds and not stopping takes a lot of willpower” -> DrbyaMcDoannosttaaloofwi
- “Creating a good password is not that hard after all” -> Crastpaisnothhaafal
The time needed to crack the IwiIhamotitothofbepa… password: 1 billion years
Mix the ISO Codes of Favorite Countries
This fun yet strong password idea requires you to list the ISO codes of your favorite countries or counties you visited (that way, you can update your password every time you visit a new nation). You will get something like this:
- “Canada, Mexico, France, Germany, Japan” -> can mex fra deu jpn
The time needed to crack the “can mex fra deu jpn” password: 424 trillion years
The Math Method
You can use mathematical symbols and equations to create a strong password. These passwords are typically long and full of different symbols, making them an ideal passphrase choice. Some examples are:
- MyDog+MyCat=8legs
- 830-630=TwoHundred
- Children+Xmas=Presents
The time needed to crack the MyDog+MyCat=8legs password: 9 million years
Use a Deliberate Misspelling
You can intentionally misspell words to create unique and secure passwords such as:
- SuperrmenHatseCryptoss
- KryingTeers2Nite
- ILovDoubluMcBurgurs
The password for SuperrmenHatseCryptos took 119 million years to decipher.
Use this method with caution and avoid using frequent misspellings (such as “acommodate”). The harder your password is to crack, the better, because password cracking programs are fed lists of passwords with all the common spelling and grammar mistakes.
How to Improve an Existing Password
You do not need to replace your current passphrase with a new one if you already have a favorite password that you find simple to remember. Alternatively, you can strengthen the present insecure password by
- Adding spaces or brackets.
- Adding additional words.
- Repeating the password twice.
- Turning the passphrase into an email address.
- Adding random punctuation.
- Adding emoticons.
- Swapping letters around (if the current password has enough characters to be secure).
When making distinctive passphrases for several accounts, making minor changes to a password can be useful. Instead of coming up with a new password from scratch for each online account, you can add a different code to your current password (for example, Andrew,77EBAY for your eBay profile and Andrew,77PPAL for the PayPal account).
What to Avoid when Choosing a Password
You should follow a strict set of rules when choosing passwords to avoid weaknesses a hacker can exploit. A stealth password should never:
- Have less than 12 characters.
- Be solely based on personal data (name, surname, family member’s name, date of birth, workplace, favorite sports club, etc.).
- Contain memorable keyboard paths (most notably qwerty and asdfgh).
- Solely use letters, symbols, or numbers.
- Be re-used across two (or more) different accounts or websites (even if the password is good, one of the websites keeping the password might have a breach and place all other accounts in danger).
- Include sequential letters or numbers.
- Be based on a common word (in any language).
- Rely on basic character substitution for security (such as M@nch3st3rUtd or L3tM31n).
- Contain the corresponding username.
Examples of poor passphrases that may look like strong password ideas are:
- 5404464785: This password has no letters or special characters, plus it uses a phone number.
- March101977: This password uses personal info (someone’s birthday), has a common dictionary word (March), and lacks special characters.
- P@ssword12345: While it does have 13 characters, a symbol, numbers, a mix of letters, and no personally identifiable info, a computer can crack this password in 0.01 seconds. P@ssword is a common phrase, and the 12345 sequence is a simple find for any program.
It is also wise to stay clear of any passwords other people widely use. Hackers always start the cracking process by trying the most popular passphrases, such as:
- 111111
- 123123
- 12345678
- jesus
- letmein
- password1
- asdf
- qwerty
- trustno1
- abc123
- dragon
- football
- iloveyou
Additional Security Options to Secure Your Passwords
You can rely on other security procedures in addition to good password to use to make sure a password is secure. The advice provided below can be used to safeguard both individual login information and company-wide passwords.
Two-factor authentication
Digital security begins with good passwords. Even strong passwords can be cracked. A breach or phishing email scam could steal your passwords. Security experts advise two-factor authentication (2FA).
“No matter how strong a password is, if you use it somewhere, chances are that in a matter of time, the bad guys will have it,” said Juniper Networks cybersecurity strategist Nick Bilogorskiy. Thus, passwords are not enough. Logging in requires numerous steps, starting with your password. Adding a second login factor boosts online security by over 10 times.
Outside of work, 2FA usually involves receiving a text, phone, or email to authenticate our identity. A thief won’t answer your house phone, mobile device, or computer. (A criminal could have compromised one of your devices or accounts, but 2FA by phone, text, or email is a huge security step for most of us.) On some sites, software and hardware tokens improve security.
Some websites need 2FA, while others give it. Each site labels it something different, complicating matters. “Two-step verification” on Google, “log-in confirmation” on Twitter, and “two-factor authentication” on Facebook. Twofactorauth.org lets you check if a website implements 2FA.
Juniper Networks’ Bilogorskiy advised, “You have to remember who is after you these days.” “Bad guys, corporations, and state actors are deploying malicious programs to constantly scan the internet for victims. Security hygiene reduces vulnerability.”
Multi-Factor Authentication (MFA)
You can stop someone from accessing your account even if they have your password. By requesting the following information from the user during login, multi-factor authentication (MFA) adds an additional layer of security to your account.
- A username and password.
- A biometrics scan or a physical token.
Cybercriminals find it challenging to access your account and steal your identity because of this two- or three-step verification process.
You can implement MFA using a specialized app that your employees download on their smartphones if you want to safeguard your company against identities and passwords being stolen. Two excellent free options are Google Authenticator and Authy, which both create a one-time PIN that is used as an extra factor when logging in.
General Password Protection Best Practices
Even the world’s toughest password becomes pointless if you do not know how to use and protect it. Be careful with your passphrase by following these best practices:
- Never share your password with anybody.
- If you store passwords online, ensure the website does not store credentials in plaintext.
- Do not save your passwords in an online document, email, or note.
- When choosing security questions in case of a forgotten password, select hard-to-guess options to which only you know the answer. Do not use a question whose answer is easy to find online or on your social media.
- Change passwords regularly, at least once every few months.
- Do not write down your password and store it near your workstation.
- Do not keep the passphrase inside your phone (either as a note or picture).
Additionally, you should prevent browsers from saving your password. This feature is practical, but it also means that any account you have is immediately compromised by a single data leak.
Password Managers
A password manager remembers all of your passwords for you and keeps track of them. You only need to remember the master password to access the management program (which is, hopefully, a strong password protected with MFA).
Password managers use encryption to keep passwords secure. Sound key management is crucial for these apps because, in the event of a manager hack, password hashes would be useless without the decryption key.
A password management program can be used to safeguard personal information or to simplify and secure the way your staff members generate, store, and use passwords.
What Are the Common Techniques Used by Hackers to Crack Your Password?
Hackers use numerous techniques to crack passwords. Below is a list of the most common methods a cybercriminal can use to compromise your credentials.
Brute Force Attacks
In a straightforward procedure known as a “brute force attack,” a program automatically iterates through various possible password combinations until it determines the target password. Simple and average passwords are easily cracked by these programs.
The majority of seven-character passphrases can be cracked in 9 minutes or less using an average brute force program, which can try over 15 million key combinations per second. We require passwords to be at least 12 characters in length primarily to protect against brute force attacks.
Dictionary Attacks
A dictionary attack utilizes a prearranged list of words to attempt to decipher the password as opposed to a brute force attack, which tries every possible combination of symbols, numbers, and letters. Typically, this attack begins with a common word category, like:
- Sports teams.
- Names of celebrities, family members, friends, pets, TV/film characters, etc.
- Places (countries, cities, landmarks, etc.).
- Hobbies.
- Animal names.
A dictionary attack also tries substituting letters with symbols, such as 1 for an I or @ for an A. This cyberattack is the main reason why no security-aware person should use common words in their password.
Phishing Attacks
An attempt by a criminal to trick or pressure you into sharing credentials without your knowledge is known as a phishing attack. Emails are a common tool used by hackers in this social engineering threat, who send them while posing as someone else and direct recipients to fake login pages.
As an illustration, you (or one of your staff members) might get an email describing a concern with your credit card account. The email contains a link that opens a login page on a fake website that looks like it belongs to your credit card company. If the victim falls for the ruse, the hacker who made the fake website gets the login information right off the bat.
Read More: Phishing-as-a-service – The new trend in cyber crime
Eavesdropping
When victims communicate over an unsecured network, a hacker can intercept credentials (without VPN and in-transit encryption). Eavesdropping, also referred to as sniffing or snooping, enables a hacker to obtain a password without the target suspecting anything is amiss.
Keylogging Viruses
Every keystroke you make on the keyboard is recorded by a keylogging virus, giving hackers access to your passwords (among other activities).
The two most prevalent viruses that log keystrokes are Dridex and Zeus. Both malicious programs primarily search for banking login information and are spread via infected email attachments. When avoiding these viruses, you ought to
- Know how to identify phishing emails.
- Keep your computer software up to date.
- Install and use a robust anti-virus tool.
- Avoid questionable websites and software.
Credential Recycling
Credential recycling is a less focused attack, but it’s still dangerous for anyone using a weak password. Using usernames and passwords gathered from other breaches, this technique tries them on as many arbitrary platforms and websites as it can.
Tens of thousands of unique credentials obtained through another hack are typically gathered by hackers. Unfortunately, this method is very successful because so many people use the same easy passwords. Credential recycling is also known as “password spraying.”
Conclusion
Passwords are like the lock on your apartment door. If you’re not home, they’re the only way for thieves to get in. Having a weak password is like a weak lock. It makes it a lot easier for a lot more people to get into your accounts.
Using the tips in this article to make strong, easy-to-remember passwords is a good way to start making yourself more secure. You could also use a strong password manager available online to make all your passwords automatically. This way, you won’t have to remember any of them.
ad
Comments are closed.