Best Practices for Creating a Strong and Secure Password

Today, where nearly each and every aspect of our lives is connected online, having strong passwords is of utmost importance. Also, with data breaches and identity theft cases on the rise, it has become mandatory to pay more attention to effective password security.

Imagine your passwords as the key to your digital kingdom- protecting everything from your bank account to your social media profiles. Here, having a simple, weak password can end up leaving your front door open for intruders.

So, if you are in search of upgrading your passwords or you are starting from scratch, take control of your online security with the following tips.

What is a strong password?

A strong password is a combination of multiple characters that includes uppercase and lowercase letters, numbers, and special symbols. Instead of common words phrases or personal information that are easy to guess, they are usually unpredictable.

Characteristics of strong passwords

• Are at least eight alphanumeric characters long
• Contain at least three of the following four categories
• Uppercase characters (e.g., A-Z)
• Lowercase characters (e.g., a-z)
• Digits (e.g., 0-9)
• Special characters ( e.g., !@#$%^&*()+|~-=\`{}[]:”;’?,./) (Note: Oracle allows only the special character underscore () in a password unless the password is enclosed in quotes.)
• They are kept private. Passwords should be memorized or, if written down, kept in a locked file cabinet or other secure location.
• Do not contain a common proper name, login ID, email address, initials, first, middle or last name

Examples of strong passwords

9QxP&29eK!

mC5%v@reL/7#

Zr8T@6Np4Wp

Characteristics of weak passwords

• The password contains less than eight characters
• The password is a word found in a dictionary (English or foreign) or a word in any language, slang, dialect, jargon, etc.
• The password is the same as your username or login name
• The password is a common usage word such as names of family, pets, friends, computer terms, birthdays or other personal information, or number patterns like aaabbb, dddddd, qwerty, zyxwvuts, 123321, etc.
• Any of the above spelt backwards
• Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Examples of weak passwords

123456 (number pattern)

Sophia000 (name + digit)

tyuio (common keyboard pattern)

Password vs passphrase: which one is better?

A passphrase is eventually a more secure form of a password that is typically longer than a password and contains spaces. Though passwords are shorter, they are hard to remember. In comparison, passphrases are way longer and generally easier to remember.

Also, passphrases are less predictable. For example, you can use random words with numbers or special characters, such as elephant3monkey7!, or you can incorporate a relevant phrase with numbers or characters, such as Rainy#Season6IsHere.

Here are some strong examples of strong passphrases

• StarryNight$Rides4Moon
• OceanBreeze#2WarmWaves
• LightsWill#guide77you9Home

5 Password security best practices you should follow

1. Enable multifactor authentication

Multifactor authentication adds an extra layer of security as it adds two of more forms of verification before granting access to an account. The multiple forms of verification typically include something you know such as password or pin number, something you have such as smartphone token and something you are like fingerprints.

2. Use a password manager

Password managers store all your passwords in an encrypted format. It transforms the passwords into an unreadable format by using an encryption algorithm. As a result, the owner can only decrypt them only by using the master password. So, all you need to remember is the master password.

In addition, password managers come with advanced security measures like encryption and zero-knowledge architecture that keep your passwords protected even if the database is compromised. Using a password manager’s password generator, you can ensure that each of your passwords is unique and roust.

Some other benefits include cross-device syncing, password sharing, password audit, auto-filling and more.

3. Change the password regularly

Changing passwords on a regular basis is a proactive measure that protects your accounts from any sort of unauthorised access. It works great if you set a schedule in every 3-6 months based on the sensitivity of the information and how frequently your passwords are used.

Whenever you notice any unusual activity like unauthorised logins or changes to account settings, change your passwords immediately. Don’t overlook the security alerts. If a service you use reports a data breach, change your password. Always avoid reusing old passwords; otherwise, it can defeat the purpose of changing them.

4. Monitor account activity

Try to regularly review your activity log, which shows details like the date, time, IP address, and device used to see when and where your account was accessed. Enable notifications for logins from new locations and devices to get real-time awareness of potential security issues.

You can even use third-party tools or security apps to monitor any suspicious activity. To stay informed, keep an eye on security news related to the services you use.

5. Educate yourself on phishing scams

It is wiser to educate yourself in phishing scams as it is one of the most common methods that cybercriminals use to access to your passwords. And failing victim to a phishing scam can lead to severe consequences. Most of the phishing scams appear very legitimate.

For example, phishing attempt often involve messages that seems urgent or official and ask you to provide sensitive information including passwords.

A list of don’ts

• Don’t reveal a password over the phone or in person to anyone. Not your boss. Not your family. Not your co-workers. If someone demands a password, refer them to this document.
• Don’t reveal a password in an email message.
• Don’t talk about a password in front of others.
• Don’t hint at the format of a password (e.g., my family name).
• Don’t reveal a password on questionnaires or security forms.
• Avoid writing passwords down, but if you must, store them in a secure place (e.g., a locked file cabinet).
• Passwords should never be stored unencrypted online.
• Do not use the Remember Password feature of applications (e.g., Eudora, Outlook, Netscape Messenger).
• Don’t use the default password, if one is provided. Change it immediately to a new, stronger password.
• Don’t reuse old passwords. NetID passwords cannot be reused within a 12-month period, and passwords cannot be changed to any of the previous three passwords.

Our personal favourites

Take your favourite line from a movie, song, or book and convert it to a passphrase. If you like the scene from A Few Good Men when Jack Nicholson is on the stand, take the line “You want the truth? You can’t handle the truth!” and convert it to Ywtt?Ychtt!.

It has uppercase and lowercase letters, as well as special characters. It is not a word appearing in any dictionary, yet it is simple for you to remember.

Or, use a Tool. The main reason that users choose passwords that are easy to crack is that they want to choose passwords that are easy to remember. It is obviously much easier to remember your dog’s name or type characters in the order they appear on the keyboard, like 123456, than it is to recall a5$jgFD118@Kle45@.

Final words

By taking simple steps like turning on multifactor authentication, using a password manager, and staying alert to phishing scams, you can lock up your accounts and keep your personal information secure. So, why not take a moment today to strengthen your passwords? It’s a small effort that can make a big difference in protecting your digital world.