Strong passwords and how to remember them

Honestly, we probably all use the same password for a few different sites because there is no way you can remember a new password for every single one of your different accounts, right? Wrong.

Using strong passwords is essential for protecting your data. It prevents unauthorized access to your devices, accounts and your digital identity in general. Your password is your first line of defence from attackers, and data breaches are not going away anytime soon. So using strong passwords is essential. But what is really a strong password, how to remember it and what else - passwords aside - can help your data security online? Let's go step by step.

(1) What is a strong and safe password?

A strong and safe password is:

• Long enough It has at least 12 characters, preferably more and includes numbers, symbols, capital letters and lower-case letters. The bigger the mix of different types of characters, the better the quality of the password.
• Not made of obvious, dictionary words Any obvious word on its own is bad (ex. orange, paper, house etc.) and combinations of obvious words are also bad ( ex. blue car, red hammer). Using obvious substitutions also doesn't help (ex. D0g, where you switch the letter o with number 0). If a password is anything close to a dictionary word, it is extremely insecure.
• Random The best and safest would be having a random password - random password generators can help you with that. You can use them in combination with a password manager that remembers the password for you. What can also help with creating a good password is using random words that are not usually used together or using parts of a passphrase that you will easily remember and incorporating shortcut codes or acronyms (ex. 2BorNot2B_ThatIsThe? - To be or not to be, that is the question). If the words don't make sense together or are not in the grammatically correct order, they are also more difficult to crack.
• Not re-used at multiple locations. If one of the sites where you use your multi-used password experiences a breach, you have also exposed all of the other services you use the same password for. So suddenly all of your accounts are in danger. The solution? Don't do that. You can check if your account has been compromised in any of the data breaches reported over the last few years on Have I Been Pwned? or Firefox Monitor.

• Not written down (Yes mom, I am looking at you). Having a secure password is meaningless if you write it down and leave it where anybody could find it.
• Does not include personal information Passwords with personal information, such as the user's birthdate or home address, are easy targets for hackers.
• Does not include memorable keyboard paths Do not use sequential keyboard paths (like qwerty). Attackers are well aware that users frequently use keyboard patterns.
• Usually not easily remembered Easy to guess passwords are bad but hard to remember passwords are equally bad as users tend to write them down and tape them to their screen or hide them under the keyboards. And this is where password managers come in. They will remember your passwords for you, giving you the option to fully use all of our password creating suggestions. But more about it in the next point.

(2) How to save your passwords with Password managers

As we already mentioned, strong passwords are not usually easily remembered. If you are using different passwords for all of your different accounts, as you should, there are only so many combinations you can keep in your head at once. Which is totally understandable. The good news is, password managers can do the work for you. So if remembering is not really your strong suit, consider using a dedicated application to generate, store and retrieve passwords for you. You will still need to remember the password to this application though. These apps can synchronize your information across machines, browsers, and even across mobile devices, which makes life much easier than keeping everything in your head, all the time. One of the more popular and free ones is LastPass. Consider enabling two-factor authentication on LastPass for additional security. Read more about 2-FA in the next point.

(3) What is 2-FA and why it is good to use it?

Two-factor authentication (2FA) is an additional level of protection you can use on your accounts to make them more secure. It is used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information.

This second factor can come from one of the following categories:

• Something you know: This can be a personal identification number (PIN), a password, answers to secret questions or a specific keystroke pattern
• Something you have: Typically, a user has something in their possession, like a credit card, a smartphone, or a small hardware token
• Something you are: This category is a little more advanced, and might include a biometric pattern of a fingerprint, an iris scan, or a voiceprint

This way, as simple or complex as your password is, it’s only half of the puzzle. With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of someone else having your second-factor information is highly unlikely.

Want to talk to us? Join us on the Koofr subreddit and let us know how you deal with tons of different passwords.