Last Updated On October 17, 2018
When creating a strong password, it is important to understand how attackers actually figure out passwords to begin with. They’re not just manually typing in a single password and hoping for the best; they’re actually providing a large list of common passwords. These passwords are taken from dictionaries and modified based on information about their target – company name, first/last name, etc.
Creating a strong password is easier than you might think. There are many mistakes that people make when trying to create a strong password, including the following:
- Choosing something common, such as the season, year, or month.
- Repeating the same short password multiple times (e.g. Password1Password1).
- Adding a number to their already weak password.
Using a sentence
When choosing a password, some people may think of a single word, add a numbers, and call it a day. How about using a sentence? For example, “My C0w0rkers Are Ann0y!ng”. This 25-character password should be more than sufficient for any password policy. While not impossible, it’s a lot more difficult to discover using a password attack.
Creating your own “encryption”
There’s also the ability to create your own form of encryption, or your own language so to speak. For example, it’s a very common practice for people to replace the letter “o” with the number 0. You could, for example, replace letters that have o with two 0s instead. You’re manipulating a word into something that isn’t in a dictionary or expected by attackers. For example “My C00w00rkers Are Ann00y!ng.” This 29-character password could take extremely long to recover from a password or brute-force attack.
Remembering the basics
While there are a significant number of ways to create a strong password, these are just some easy habits that you could implement in your password creation strategies. During our password analysis assessments, we’ve seen a number of weak passwords, some of which were very easy to guess. When creating a strong, complex password, you want to create a password that is hard to guess but easy to remember, and this requires thinking out of the box.