How to Create a Strong Password

1. Make Passwords Long

Password length is a primary factor in characterizing password strength. Passwords that are too short or are commonly used words and phrases are vulnerable to brute force attacks.

– NIST (National Institute of Standards and Technology)
– Reformed hacker Kevin Mitnick recommends 20-25 characters 

2. How Do I Create A Strong Password?

– Think of a phrase that is easy to remember. 
1. Something that sticks out to you (perhaps from your favorite book, poem, or song).
2. Create a phrase about your home, family, or hobbies.
3. Create a humorous, nonsensical phrase that’s easy for you to remember

– Take the first letter of each word in your phrase to create the string of characters that will become your password
1. “O swear not by the moon, the inconstant moon that monthly changes in her circled orb” from Romeo and Juliet becomes “Osnbtmtim”.

– Add numbers and mix upper- and lower-case letters to add complexity.
1. “Osnbtmtim” can also become “0snbtMt1M” by substituting a zero for the initial letter “O,” changing the two “m’s” for moon into upper-case letters, and swapping out the number one for the letter “i.”
2. The password is still memorable enough to remember, but it is now much harder for a hacker to crack.

3. Avoid Creating Passwords Using:

– Dictionary words (of any language)
– Words that are spelled backwards, commonly used misspellings, or any abbreviations
– Sequences or repeated characters (e.g., 1234567, abc123, qwerty)
– Personal information such as your name, date of birth, home address, etc. 

4. Don’t Reuse Passwords

Once a password is compromised, it can be exploited at any point in time, even years later, as Zuckerberg found out. Reusing a password re-opens the vulnerability window for that password.

5. Different Site, Different Password
Limiting the scope of your password prevents a compromised password from exploiting multiple areas. Even adding a section somewhere in your password like “fb” for Facebook (eg: BuFFDuD3fb) will prevent most cross-site compromises, because once the attacker realizes the same password won’t access the site, they would then have to manually start guessing at possible differences, without knowing if it’s an entirely different password altogether. The full effect of the LinkedIn data breach has likely not been seen yet. As email/password combos are tried at other sites, users who relied on a single, static password will be compromised. This ripple effect to other systems follows major breaches every time.
6. Use Two-Factor Authentication

The one account of Zuckerberg’s that didn’t get breached was his Instagram, and that’s because “Instagram’s security systems prevented that account from being accessed.” This could refer to a few things, but it likely means that the two-factor authentication (2FA) Instagram set up was enabled for his account. 

Probably one of the most important mechanisms available, 2FA, as its name implies, prevents the compromise of a single authentication factor (the password) from compromising the account. The mechanism typically works by requesting the traditional login information, then sending a confirmation to a device, usually a smartphone, such as a text, phone call, or in-app security verification screen. Ideally, only the authorized person has access to the linked smartphone and can then accept or reject the authentication requests as necessary. More advanced mechanisms can require bio-authentication, such as a fingerprint swipe, which prevents lost or stolen phones from being used to falsely issue confirmations. Most cloud apps offer 2FA now, with many traditional applications following suit. It’s worth the few extra seconds it takes at login to know that even if your password is hacked, no one will be able access your accounts.

7. Use a Password Manager / Breaking Down the Math

You can use a password manager to store your passwords for you. Password managers usually come with a password. These tools use a random number generator with a list of criteria, such as the minimum length of characters required and use of numbers/symbols, to create a new password. This solution is far more difficult to crack than a passphrase. 

8. Keep It Under Wraps
Aside from not using personal information in your password, it’s also important not to tell people about your password. Even if you fully trust someone, you never know who’s listening to your conversations. Also, make sure you never text your password to anyone. If you’re afraid you will forget your password, write it down and keep it in an encrypted file or in a place where nobody could find it.
9. CrossRealms International Twist

Use a combination of words from different languages if you’re multilingual. You can mix words from different languages and use their phonetic spelling in English to construct your passwords. 

This way, you do not have to worry about the keyboard having Unicode characters or system recognizing them. And by compiling languages, you are making the password near impossible to crack via brute force, if the password length is long enough.

Sign Up Now!

For exclusive news, information, and Events!

By submitting this form, you are consenting to receive marketing emails from: CrossRealms International. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact