Five Do’s and Don’ts When Creating a Strong Password

It seems like it can be so hard to create a strong password or come up with one that somebody is not going to guess. If you come up with a good password, it might be too complicated for you to remember it.

The odds are most people reading this article should use stronger passwords than they currently have in place. If you don’t have a great password, it is only a matter of time before you get hacked.

  • 24% of US adults admit to having easy passwords such as “123456” or “password”
  • 90% of internet users worry about their passwords being hacked
  • 40% of Americans have had their personal data compromised online

How Does a Password Get Hacked

There are a few main ways hackers can get into your account. On the dark web, hackers buy passwords — therefore, you don’t want to use the same password for many years. If they get access to one account, they can gain access to any other account using the same login information. The accounts could be part of a leaked database of passwords or your actual accounts could have been shared.

Brute Force Attacks

This automated software hack will try every possible combination in the book to guess your password until it breaks into your account. In 2012, a hacker was able to demonstrate how he could crack any 8-character Windows password using letters (uppercase and lowercase), numbers and symbols in 6 hours. The system could make 350 billion guesses per second. The demonstration showed any password less than 12 characters is in danger of being hacked. Very long passwords are much more secure than shorter passwords.

Dictionary Attack

Is your password a dictionary word? If it is, then your account is vulnerable to hackers. A dictionary attack will try a list of words found in a dictionary to try to access your account. If your password contains multiple keywords, then it should be able to withstand a dictionary attack. Multiple word passwords are too sophisticated for a dictionary attack. The more keywords you use in your password, the stronger the password is.


Phishing is when cybercriminals use deceptive tactics to try intimidating or tricking their victims into giving them information about an account. They will send emails or text messages that look like legitimate requests, such as a bank email to download an attachment or click a link. This is known as phishing because cybercriminals are “fishing” for information in the hope of getting some victims to fall for the scam.

Avoid These Common Mistakes When Making a Password

When you are coming up with a new password, you will want to steer away from these poor choices.

1. Don’t Use Personal Information in Your Password

Do not use family names in your password. Not only is it easy to guess, but names can be found in the dictionary. Don’t use your birth year or your age, or your numeric address or zip code. Your anniversary date shouldn’t be part of your password and avoid using a nickname or your pet’s name. Basically, anything you might post about on social media shouldn’t be a part of your password.

2. Avoid Short Passwords

The more characters are in your password, the harder it would be for hacking software to guess your password. Passwords with twelve characters are much more difficult to guess, and some companies recommend upwards of 15 characters.

3. Do Not Use Simple Patterns That Are Easy to Guess

This seems obvious, but 123456 and abcdefg are weak passwords. Common keyboard paths like QWERTY or asdf12345 are terrible passwords. The best passwords use completely random characters and don’t have any connections to you. Hackers could easily guess these common passwords, because they are used so frequently these guesses are always worth a try.

4. Do Not Use Common Substitutions (AKA “L33T Speak”)

L33T/leet speak is an informal internet language that uses numbers to replace certain letters in an attempt to make it harder to crack your password. Unfortunately, C00ki3 is too obvious for substitutions since you are simply substituting the ‘o’ for the ‘0’ and ‘3’ for ‘E’. Instead, try more complicated combinations like “\^/” for “W”.

Hackers will try these common substitutions when attempting to access your sensitive information.

5. Do Not Use the Same Password on Multiple Websites

Every login should have a unique password. Never use the same password on multiple websites even if it is a strong password. When a website gets compromised and leaks your password, all your accounts will be compromised if you use the same one on every website.

Tips For Creating a Password

1. Use 2-Factor Authentication (2FA) or Multi-factor Authentication (MFA)

If a hacker compromises your account, they still won’t be able to get into your account without having access to your other devices or emails. This method prompts you to verify your identity through another source.

You simply set up the authentication so you receive information like a one-time code on your phone or email that you must input before anyone can access your account. Of course, you should always opt in for two-factor or multi-factor authentication whenever possible.

2. Passwords Should Be At Least 12 Characters

Get used to creating passwords that are a minimum of 12 characters long. Use at least one uppercase letter, one lowercase letter, numbers and special characters.

3. Use the Sentence Method or “Bruce Schneier Method”

Come up with a unique sentence only you would know. Take the first two characters of each word of the sentence and make this part of your password. For example, the sentence “The old man spent every day at the beach in Florida” gives us the password “TholmaspevdaatthbeinFl”

4. Use a Password Manager

If you use a password manager, you can use one master keyword to access all your accounts. The password manager would store your passwords in one place. Common password managers include LastPass, Passly and more.

5. Use a Password Generator

There are several great free online password generators that will create passwords which are virtually impossible to guess. However, you should be wary of potentially compromised apps that are free to download to your phone and store your passwords offline.

What Happens If Someone Cracks My Password?

If a hacker figures out your password, you could face consequences such as damage to your reputation or financial loss. Your bank account, credit cards, investments and bills are all password protected. If any of those accounts were to become compromised you could lose money, lose access to your account or your cards could be declined.

As for your reputation, many people have social media accounts where they share their thoughts or things they like. Hackers could use your account to share malware, post embarrassing content, make phishing attempts and create spam.

Another account you need to keep extra secure is your email. Your email account could provide hackers easy access to a huge variety of other accounts. It also provides them a way to share malicious content with all of the consequences falling on you.

At the end of the day, if you’ve been asked to create a password for an account, it’s because that information is worth protecting. Make sure to take the extra time to create complicated passwords and track them in a safe place for all of your accounts.

Taking Your Security a Step Further

Cyber Security is about more than just creating a secure password, NTS can help protect an entire business from outside threats. You can get help securing your website, preventing data loss, identifying network vulnerabilities and more.

Call NTS Today