How to create a strong password

If you like these security tips, please spread the word:

Create and maintain a secure password

There are several steps you can take to ensure your passwords – and personal data – are safe against social engineering attacks, brute force or the dictionary attack method:

« Strong Password Generator »

  • Try not to use the same password, security question and answer for more than one account, especially if they contain sensitive information.
  • Use a password with at least 16 characters that contain a number, an uppercase and lowercase letter and a special symbol.
  • Don’t use the names of family members, pets or friends as passwords, as well as postcodes, house numbers, phone numbers, birthdays or ID card numbers.
  • Don’t use dictionary words in your passwords.
  • Don’t tweak an existing password or use two or more similar passwords that have mostly similar characters – if one of them is guessed, the other can be guessed just as quickly.
  • Using fingerprints can seem like a good idea but fingerprints can be cloned and worst of all, can’t be changed if you fall a victim to a hacker attack.
  • Don’t let web browsers such as Chrome, IE or Opera store your passwords – every password saved in a web browser can be revealed and accessed easily.
  • Use encrypted connections such as HTTP, SFTP, FTPS and IPSec whenever possible and don’t send sensitive information online using unencrypted (HTTP or FTP) connections. Messages sent via these connections can be accessed easily. You can encrypt your Internet connections by setting up a private VPN on your own server and connect to it. You can also set up an encrypted SSH tunnel between your router and home computer, when you’re traveling, and connect your browser and programs to it. This protects your passwords even if someone captures the data as it’s transferred between the devices.
  • Strong passwords are the best way to protect your data. But bear in mind that if a hacker has your username and the MD5 hash value of the password from a company’s server, for instance, they’ll need very little time to guess it, especially if they can also access a rainbow table that contains the MD5 hash. A good way to check the strength of your password – and find out if it’s in the popular rainbow tables – is to convert your password to MD5 hashes by using an MAD5 hash generator. Decrypt your password by submitting the hashes to an online MD5 decryption service. Getting into the hacker’s head, so to speak, can help you generate a strong password that will protect your sensitive information.

  • As a precaution, aim to change your password every 10 weeks or so.
  • If using a password manager, make sure you remember a couple of master passwords. You can also store the other passwords in a text file (but make sure you encrypt it). It’s also a good idea to backup your passwords in different locations in case you lose access to your main device or account. Also, don’t store your passwords in the cloud – it’s been known to be prone to hacker attacks.
  • Make sure to turn on the 2-step authentication whenever possible.
  • Use bookmarks to access important websites, such as Paypal or online banking, and make sure you always check the domain name. If using a new website, consider checking its popularity with the Alexa toolbar to make sure it’s reliable.
  • Use antivirus software and firewall to protect your computer. It’s recommended that you block all incoming connections and unnecessary outgoing ones with a firewall. Software should only be downloaded from reputable sources. Install the latest security updates for all operating systems, web browsers and devices.
  • In case your computer has important files and can be accessed by others, make sure there are no hardware keyloggers, software keyloggers, and hidden cameras. A little precaution can get you a long way.
  • If you have a Wi-Fi router, you’re also susceptible to another type of attack. When you’re entering your password, the WI-Fi signal may change when you move your fingers and hands. This means observant hackers can still figure out your password, regardless of how strong it is. To counter this method, it’s recommended that you use an on-screen keyboard (and, to be on the safer side, make sure the virtual keyboard changes its layout every time you use it.)
  • When you leave your laptop or smartphone, make sure you lock them.
  • To protect the data on your hard drive, encrypt it with LUKS or a similar tool even before putting the information on it. Destroy old hard drives physically once they’re no longer needed.
  • When accessing important websites, use private or incognito mode. Alternatively, you can use one web browser to access the important sites, and other for the less important ones.
  • Much like several different passwords, it’s also recommended that you have several email addresses too. The first one can be used to receive emails from important sites and Apps (like PayPal), the second for unimportant ones, and the third – specifically for password-reset emails in case the first email account has been hacked.
  • It’s also a good idea to have at least 2 phone numbers. Use the second one exclusively for verification codes and make sure no one knows the number.
  • Never click on links in email or text messages without checking if the source is reputable and the message isn’t fake.
  • The best way to protect your sensitive information is by using Web-based apps instead of downloading and installing them. In some cases, hackers might modify the apps.
  • If you’re a webmaster, make sure never to store users’ passwords, security questions and answers as plain text. Instead, use the salted (SHA1, SHA256, SHA512) hash values of the strings. Try to generate a unique random salt string for each user for added security. Save the salted hash values and when users try to log in with the correct password but the device information doesn’t match the previously stored one, include a second verification step – e.g. by entering a verification code sent to their mobile phone or email. The same is true for people working as software developers: publish any update packages signed with a private key using GnuPG, and make sure you verify the signatures with the public key published previously.
  • If you have an online business, register a domain name of your own and set up a corresponding email. This reduces the risk of losing your email account and contacts since you can host the mail server anywhere in the world, and the email provider won’t be able to disable the account.
  • If shopping online and the retail store only allows payment with credit cards, consider using a virtual credit card.
  • When you leave the computer, close the web browser. If you don’t, the cookies may be intercepted with a small USB device, and the hacker will be able to bypass the two-step verification and hack into your device by using the stolen cookies.
  • Remove bad SSL certificates from the browser. If you don’t, you risk compromising the confidentiality and integrity of HTTPS connections since they’re based on these certificates.
  • Encrypt the entire system partition. Alternatively, you can disable the pagefile and hibernation functions – hackers can use the pagefile.sys and hiberfil.sys files to get access to important documents and sensitive information.

Even following some of these tips can help you generate a stronger password and protect your personal details once you have one.

Are you ready to create your secure password? Try our free random password generator now.

Do you find these security tips useful? Please share this page with your friends and help us to keep our digital world safer!