Updated on May 11, 2023.
A secure password contains randomized letters, numbers and characters with a minimum length of 16 characters. Memorizing strong passwords is difficult which is why passwords are often reused for multiple accounts. While reusing passwords makes it easier for you to remember, it also puts all the accounts that use that password at risk if a cybercriminal is able to crack it.
Continue reading to learn how you can start generating secure passwords to protect your personal data from falling into the wrong hands.
What Makes a Secure Password?
A secure password is both long and complex. Secure passwords should be at least 16 characters long. They should also have a variation of uppercase and lowercase letters, with numbers and symbols as well. Most importantly, secure passwords should be unique and should never be reused across multiple accounts.
What Are the Risks of a Weak Password?
Weak passwords are a serious threat to your online security as they can be easily cracked and allow access to important Personally Identifiable Information (PII) like your bank account, personal address and contact information.
Some characteristics of weak passwords are:
- Utilizing dictionary words such as password, desk, computer, etc. Using dictionary words in your passwords leaves your account vulnerable to dictionary attacks.
- Using characters close to each other on the keyboard such as qwerty, 1q2w3 or 123zxcv. These passwords may look secure but can be quickly cracked based on sequential key variations.
- Passwords containing 6 characters or fewer.
Weak or compromised passwords cause 80% of successful data breaches. Passwords are frequently the only thing protecting your intellectual property, network access and confidential information.
The use of weak passwords and practices like reusing passwords can make it easier for cybercriminals to gain access to your information through cyberattacks that utilize common password lists. Here are some examples of cyberattacks that can be effective when not using secure passwords:
Credential stuffing attack
A credential stuffing attack is when a cybercriminal uses a compromised set of credentials to attempt to gain access to several other accounts. Credential stuffing is effective because nearly two-thirds of internet users reuse their passwords or variations of their passwords across multiple accounts.
Brute force attack
A brute force attack is a type of cyberattack that uses trial and error methods to guess login credentials, security keys or other sensitive information.
Password spray attack
Password spraying, also known as a password spray attack, is when an attacker uses common passwords in an attempt to access several accounts on one domain. Using a list of common passwords, such as 123456, 111111 and others, an attacker can potentially access hundreds of accounts in one attack if the users don’t have strong passwords.
Are Your Password Practices Secure?
Creating a strong password can seem tedious, but it’s important to ensure your passwords are unique and secure. Always avoid: creating passwords 6 or fewer characters long, using dictionary words or having significant dates – such as an important birthday or anniversary date – within the password. Do not reuse the same password for different logins as this makes it easier for cybercriminals to compromise multiple accounts.
How to Generate a Secure Password
A secure password is at least 16 characters long, contains upper and lower case letters, numbers and has at least one special character ($, %, @, #, !). Following these guidelines will help you ensure that your passwords are secure.
To further help you improve your password strength, here are password best practices you should be following:
Audit your passwords
Audit your passwords every 2-3 months to ensure that all your passwords consist of random combinations of letters, numbers and symbols or unrelated phrases.
Change weak, compromised or recycled passwords first
In the past, it was said that a user should change their passwords at least a few times per year. However, depending on your current password practices, the frequency of updating your passwords will vary. For example, if you have strong, unique passwords for every account, you should only change your password if an account is part of a breach.
If you’re just getting started with proper password security, you should update all of your current passwords to ones that are strong and unique.
Prioritize your sensitive accounts
Bank accounts and other accounts with highly-sensitive information should be prioritized when updating your passwords to more secure ones.
Enable multi-factor authentication
Multi-Factor Authentication (MFA) is an extra layer of security you can implement on your accounts. When MFA is enabled, you’ll have to take an additional step to verify your identity after entering your username and password. With MFA, anyone attempting to access your accounts will face a more extensive authentication process than simply entering a password. This is best for sensitive accounts, but you should use it on any account you can.
How a Password Manager Can Help You Generate Secure Passwords
Generating secure passwords, auditing them and memorizing them yourself is extremely difficult and time-consuming. The use of a password manager is helpful in creating strong, unique passwords across all your online accounts. A password manager is a tool that aids you in generating secure passwords and then storing them in an encrypted vault. You can even include MFA codes with the records in your vault. With a password manager, the only password you’ll have to remember is your master password, which acts as the key to enter your vault.
Start a free 30-day trial of Keeper Password Manager to begin generating and storing secure passwords for each of your accounts.