Creating an account for a new website, you work your way down the page, field by field. Name, email, username, password, confirm password. You click “save,” ready to move on, but you’re met with a line of red text: “Your password must be 8-16 characters, contain at least one number or symbol, and at least one capital and lowercase letter.”
I’m sure you’ve seen that message before, and there’s no doubt it can be frustrating. After all, how many passwords can you create - and remember - that follow such a specific formula? With that frustration lingering, you might simply re-use the same password for accounts on several different websites. Or, you might be quick to revert back to the old, familiar “password” on sites that don’t have such strict requirements. However tempting those options might be, using weak passwords on even a handful of sites can make your information vulnerable, rendering your more noble efforts on other sites useless.
To help you dispel that frustration, we’ll explain the difference between strong and weak passwords, as well as offer you tips for coming up with robust passwords of your own.
It’s a phrase you’ve probably heard hundreds of times, but rarely had explained to you. Is any password that follows a site’s guidelines considered “strong”? Is a longer password always stronger than a shorter one? These questions likely come up every time you try to create a new password, leaving you wondering what “strong” really means.
To best illustrate that, first take a look at a few passwords that definitely would not be considered strong. These were among last year’s worst passwords, according to a study cited by the CBC:
As you can see, most of these keywords are rather unimaginative, comprised of simply a single word or a predictable string of numbers. While these options are undoubtedly easy to remember, they are also easy to guess. Even longer passwords like “qwertyuiop” and “1234567890” (which appear further down the list) are ineffective if they are predictable. While they may reflect users’ attempts at making their passwords more secure, the survey company says, they are nonetheless extremely weak.
“They are each based on simple patterns that would be easily guessable by hackers,” the company said in a news release, reported the CBC. As a result, their extra length is “virtually worthless as a security measure.”
Not all weak passwords are so obvious, however. With hackers and cybercriminals getting ever more sophisticated, it’s not enough to simply make sure your password is more complex. The IT experts at Queens University offer the following list of information off of which you should never base your password:
While certainly more personalized than the first list, passwords based on the above information is nonetheless easy to guess. Experienced cybercriminals know how to leverage public information - including what you post on social media - as clues that could help them guess passwords like these.
Not only should passwords be strong, but they should always be significantly different than any you have used in the past. For inexperienced password builders, this can pose a major difficulty, but we have a few tips that make it easy to come up with - and remember - strong passwords in just a few seconds.
Pro Tip: To make your password easier to remember, use a phrase that is somehow related to the site you’re logging into. For example, if you buy your movie tickets online, the phrase you use to create your password could be: “Would you like popcorn with that?” The first method above could turn that into: “Wy7p0Pwt?” The second, which uses the full phrase, might result in: “WooduLykp0pc0r4?”
These methods can help you create strong, unique passwords for every site you log into, all while helping to make them easier to remember! Although this can go a long way toward protecting your accounts from ID thieves looking to steal your personal information, there is unfortunately no way to completely eliminate the risk of identity theft on the web. Credit monitoring companies can help you protect your identity in ways even the most effective password cannot. By alerting you to certain activity on your account that may indicate fraud, a credit monitoring service like Credit Alert can give you a chance to take action before an identity thief can do any lasting damage.