Some of the most secure passwords aren’t words at all but instead secure passwords contain strings of words that form a phrases, possibly the opening sentence to a cherished novel, the opening line to a good joke or your favorite song lyric. Complexity is nice, but length and variety is key to secure passwords.
It was once true that picking an alpha-numeric password that was 8-10 characters in length was a secure method to create a password. However, its increasingly simple to build very powerful and fast password cracking tools. These are tools that can try millions of possible password combinations per second. Remember that each character added to a password or passphrase makes it exponentially harder to attack via brute-force. This will make your password more secure.
These are the most common questions asked about how secure a password is:
- What is the most secure password?
- What is an example of a secure password?
- How secure is a 12 character password?
- What are the five most common passwords?
- Are long passwords more secure?
Ideally a secure password will only be used once. The more often you reuse a password, the more likely that secure password will be exposed in a data breach. Once that secure password has been exposed, the hackers can try that same password on other common websites. When you’ve used your password more than once there is a good chance that after one site has been hacked, all of your social media accounts, or banking logins are also at risk to be compromised.
Randomness isn’t as strong as password length
For truly random password generation, modern computing techniques to achieve true randomness take advantage of various ways to achieve entropy. After the length of your password, the number of random words or characters is critical to securing online accounts. A short password that is random is less secure than a longer password using a passphrase consisting of not-so random words.
Strong passwords are made by mixing letters, numbers and symbols. Passphrases can be made more secure if they include capitalized words or special characters. Safestpasswords.com lets you create a custom-made strong password.
Passphrases are built from word lists consisting of thousands of words while passwords are generally built from a much smaller subset of the ASCII printable character set. This results in secure passwords possessing much fewer possible combinations as a function of its length, than passphrases. Protect every account you create by generating complex, randomized passwords.
Your secure password should never contain really common words, places or dates that have meaning to you, or anything that could help hackers figure out your secure password or increase the odds that a brute force (which attempts random character and word combinations) might get lucky and recreate your exact password. If your password is greater than 13 or 14 characters then it should take years for even the fastest computers to combine enough random characters together enough times to repeat your password.
Follow these rules and best practices
In order for a secure password to prevent your accounts from being hacked by social engineering, brute force or dictionary attack
- Have long, strong passwords, with a mixture of numbers, letters, and special characters
- Don’t reuse passwords across multiple sites
- Store passwords securely – let a password manager do the hard work for you
- Use two-factor authentication
- If a site you use has a data breach, change your password immediately, and check you’re not re-using that password and email combination on other sites
The main thing that will make your password secure is making the password or passphrase as random as possible so that attackers cannot easily guess what it is based on things they can learn about you like your birthdate, your mother’s maiden name, the street you grew up on or the name of your first pet. These are all things that can be used to reduce the number of guesses required to match your exact password.
More characters makes stronger passwords
The next most important factor in securing your password is the length of your password. Each character you add to your password increases the complexity of your password exponentially. This means if you add another lowercase letter to a 2 character password, you’ve now increased the number of guesses from 676 possible combinations of 2 character lowercase letter passwords to 17,576 possibilities. This means it would require the attacker to try up to 17,576 possible 3 letter combinations to guess the string that matches yours.
Passwords are a problem. Passwords are inconvenient and riskier than other authentication options available today because they can be guessed, stolen, or cracked. While we won’t see passwords go completely away anytime soon, a passwordless approach could be the answer to many user friction and security challenges. A recent VISA survey found consumers are ready to leave the password behind. Seventy percent of consumers believe that biometrics are always more comfortable as they do not involve memorizing passwords.Benoit Grangé, chief technology evangelist at OneSpan
Long Phrases protect your personal information from dictionary attacks while making it easier for you to remember your password.
Verify that your password is secure with an online tool
There are many online tools that you can use to find out how secure your password really is. Most of these tools simply determine how many different “character sets” your password contains. For example, if your password is cat, your password uses only one character set, the alpha characters. If your password is cat1 it uses two character sets, alpha and numeric characters.
Russell P Reeder, CEO of cloud-based data protection company Infrascale cautions against sharing passwords. “Believe it or not, one of the more common reasons passwords are compromised is because people share their credentials. Quite simply — never, ever share your password(s)! Also, be mindful of phishing — this is where you receive an email or text message asking for you to confirm your details or take some other action where you need to enter your personal credentials.
These types of acts are becoming increasingly sophisticated and can look very legitimate, like an email from your bank. As a good rule of thumb, unless you make a request, don’t ever enter your credentials. Or, if you have any doubts, contact the organization requesting the information directly.“
The safest and most secure passwords have a variety of words, characters, numbers and symbols to increase the possible variations. A 4 character password consisting of all lowercase letters has 26 possible symbols with 264 combinations. That translates to 456,976 possible passwords. An 8 character password consisting of all lower case letters has the same number of possible characters, however the number of possible combination increases exponentially to 208,827,064,576 possible passwords.
By using both uppercase and lowercase characters the possible symbols increases to 52 and the total possible password combinations is now 528 or 9.1343852e+46 which translates to 53,459,728,531,456 possible passwords. Adding numbers to the 8 character upper and lower case password increases the number of symbols to 62. The possible combinations of passwords for upper and lowercase characters and numbers is 628, or 2.1834011e+14, Now an attacker would need to make 62,382,888,571,428 unique guesses to try all possible combinations of letters and numbers.