How to Make a Strong Password

All the firewalls in the world can't make up for an easy to crack password

Woman with hair covering face on a laptop

 Daria Nepriakhina / Unsplash

Although they are slowly being phased out in favor of other means of authentication, such as two-factor authentication, the password is still alive and kicking and will likely remain with us for many years to come. The best thing you can do to keep your password from being cracked is to follow some common-sense rules when building a new password or updating one that has become stale.

If any of your account passwords are: 123456, password, rockyou, princess, or abc123, congratulations! You have one of the top 10 most common (and easily cracked) passwords, according to a study done by security researchers at Imperva.

How can you make your password strong enough to not get cracked by the bad guys? Here are some tips on password construction you can use to beef up your password.

Make Your Password at Least 12-15 Characters in Length

The longer the password the better. Automated password cracking tools used by hackers can easily crack passwords under 8 characters in a short time period. A lot of people think that hackers simply try to guess a password a few times and then give up because the system locks them out or they move on to another account. This is not the case.

Most hackers crack passwords by stealing a password file from a vulnerable server, transferring it to their computer, and then use an offline password cracking tool to pound away at the file with a password dictionary or brute-force guessing method. Given enough time and computing resources, most poorly constructed passwords will be cracked.

The longer and more complex the password, the longer it will take an automated tool to test all the possible combinations to find a match. Adding a couple of digits to your password may increase the time it takes to crack your password from a few minutes to a few years.

Use Special Characters and Varied Cases

Use at least two upper-case letters, two lower-case letters, two numbers, and two special characters (except the common ones such as "!@#$"). If your password is only made up of lower-case alphabet letters, then you have just reduced the number of possible choices of each character to 26. Even a fairly long password made up of one type of character can be cracked quickly. Use a variety and use at least two of each type of character.

Never Use Whole Words

Make the password as random as possible. Many automated cracking tools first use what is called a "dictionary attack". The tool takes a specially made password dictionary file and tests it against the stolen password file.

For instance, the tool will try "password1, password2, PASSWORD1, PASSWORD2" and all other variations that would be most commonly used. There is a high likelihood that someone used one of these simple passwords and the tool will quickly find a match using the dictionary method without even having to move on to the brute-force method.

Avoid Using Personal Information

Don't use your initials, birth date, your kid's names, your pet's names, or anything else that could be gleaned from your Facebook profile or other public sources of information about you.

Avoid Using Keyboard Patterns

Another one of the top 20 most common passwords was "QWERTY". Many people become lazy and would rather just roll their fingers over the keyboard like a caveman instead of having to come up with a complex password. Given this fact, password dictionary attack tools test for keyboard pattern-based passwords. Try to avoid using any kind of keyboard pattern or any patterns at all.

The key to strong password construction comes down to a combination of length, complexity, and randomness. If you follow these basic principles, then it may be a very long time before the bad guys crack your password. Maybe they'll give up and we can all live in peace. Keep dreaming.