How to create strong passwords and stay safe online
28 Apr 2021
It seems like you need a password for everything these days. As more and more of our lives shift online, the passwords and logins required increase in turn.
Strong passwords are essential when it comes to staying safe online. Just like the keys to your home, passwords keep your valuable information secure, and they shouldn’t be shared with anyone.
What happens if someone steals our passwords?
If someone does manage to steal your password, they could send emails and make social media posts in your name, steal money from your bank account or use your credit card, or make online shopping purchases using your details – among other things.
How do other people get our passwords?
One of the most common ways passwords are stolen is with the use of computer programs, which try to guess your password by trying a lot of passwords very quickly. These programs are powerful enough to try every word in the dictionary, as well as a string of the most common passwords, in a very short space of time. Sometimes, a computer program isn’t even needed – some passwords mistakes are so common that a clever hacker can figure them out just by trying the most obvious ones, or by knowing some of your personal information.
What are the most common password mistakes?
- Avoid simple passwords. It’s amazing how many people use something like PASSWORD, or ABCDEFGH, or 12345678, or QWERTYUI (i.e. the top line of the keyboard). Sure, these are easy to remember, but they’re also easy to guess.
- Don’t use words from the dictionary, or even words from the dictionary replaced with numbers and symbols (for example, SUNSHINE or $UNSH1NE). Computer programs are able to try every word in the dictionary, including any number and symbol variations of that word, very quickly).
- Don’t use personal information. Many people use their dates of birth, pet names, home addresses. While these are harder for a computer program to guess, they become easier to guess for anyone who knows some basic details about you already.
- Try to use a different password for every website. It can be tempting to use the same password over and over again for ease of memory, but that means if someone cracks your password on one website, they’ve cracked it on all of them. We’ll discuss some options for storing and keeping track of passwords later in this article.
So, how do we make strong passwords?
The strongest passwords include a mix of uppercase letters, lowercase letters, numbers, and symbols. However, the same thing that makes them tough to guess also makes them tough to remember.
One way around this is to use a well-known lyric or phrase. For example, think of the song “Imagine” by John Lennon, and the famous lyric, Imagine all the people living life in peace. You could take the initials of this lyric – iatpllip – and then add some numbers, symbols and uppercase letters. For example, add the number 71 (the year it was released), change the first ‘i’ to an exclamation point, and make the last letter an uppercase letter. You’ll end up with !atplliP71 – a very strong password.
Choose a song that you love and then use a new line from that song, in the same fashion as above, every time you need to create a new password. Then, simply store in a document on your phone, or even on a piece of paper in your house, the name of the website and the line in the song to which it corresponds, so that you know which password goes with which website.
This is just one way to create strong passwords that are relatively easy to remember – the point is that you can get creative in ways like this without using a password that are incredibly easy for hackers to guess.
Of course, even this method requires a lot of work when it comes to remembering, so here are some more tips for storing and accessing passwords safely.
How to store and access many passwords safely
When you visit any website that requires a password, your web browser may ask if you’d like it to remember the password. If you agree, the next time you visit the site, you’ll see the username and password already filled in for you, with asterisks replacing the actual password characters. This can be a quick and easy way to log in, but you should only agree to let it remember your password if you own the computer, tablet or smartphone you’re using; you lock your device when you’re not using it with a secure password, passcode or face / fingerprint ID; and if you don’t let anyone else access your device while you’re logged on.
You can also keep a list of your usernames and password stored in your smartphone’s Notes application, but even then you should be aware that, if you lose your phone and haven’t secured your device with one of the locks mentioned above, then someone can access all your data in the one place if they’re able to get in. For this reason, it pays to use clues to your passwords in this document – something that’s easy for you to figure out when you check, but not the actual password itself.
Alternatively, you could use one of the many password managers available online (normally for a fee), such as LastPass, Keeper or Dashlane.
And remember, if you've forgotten your password, there’s usually a “Forgot your password?” link or button available when you try to login. Click on it, and you can arrange for the website to send you a new one by email, usually with a few layers of security to ensure that you are who you say you are.