Big stories about hack attacks and password thefts have kept internet security in the public eye—which means we all know how important it is to have strong passwords to keep our online accounts secure. And while we all try to use tough-to-crack passwords and make every password unique, part of the problem may be that we don’t entirely know what makes a password a good one.
According to a recent study by Carnegie Mellon University’s CyLab, just 79% of us are able to pick out strong password. While that’s a pretty high number, it still indicates we don’t necessarily get what makes a good password. Study participants were asked to look at 75 pairs of passwords and say whether one was stronger or both were about the same.
Cylab is currently working on a password tool that will provide feedback how strong your passwords are so you can learn to make better ones—but it’s not due out until the end of the year.
While we wait, we can take the lessons from this study and start making better passwords today. Let’s start with a refresher on the password basics we should all know:
- Make sure your passwords are at least 12 characters long.
- Add numbers, capital letters, and symbols to make your password stronger.
- Don’t use personal information, like family names, birthdays, or anniversaries, which are easy to guess.
- Making your password an acronym for a phrase rather than words out of the dictionary can make it both strong and easy to remember.
- Never use the same password for more than one site, which could compromise all of your online accounts if one site is hacked.
But the study results taught us a few new tricks: primarily that making a good password is all about unpredictability. If you’re using passwords or password creation techniques that are common, your passwords are easier for thieves to crack. Here’s what we’ve learned.
- Using uncommon words and phrases makes a stronger password than common words. The sample quiz compares “iloveyou88” to “ieatkale88.” The latter is a stronger password because it doesn’t use common words or phrases. The more unusual the words, the better the password!
- While adding numbers does make your password more secure, it’s common for people to add numbers to the end of a password, and that can make it easier to crack. Put numbers in the front or the middle to make a better password.
- Replacing letters with numbers or symbols seems like it would make a better password, but some substitutions are so common that it doesn’t make much difference. Instead of swapping “i” with “1,”consider using a capital letter “i” instead.
- Capital letters mixed into your password make it a lot harder to crack as long as you’re not just capitalizing the first letter—again, because capitalizing the first letter is common.
- Avoid creating your passwords based on keyboard patterns—for example, “qwertyuiop” may be a password that looks random, but it’s just typing out the top row of letters on your keyboard. Patterns like that are easily guessed.
But how are you supposed to keep track of all of these complicated passwords, especially when you need a unique password for each site? We use password vaults—software that securely stores our passwords so we never forget. LastPass is our favorite. This app for Mac, Windows, iPhone and Android remembers and organizes all of your passwords—and even has browser plugins (for Chrome, Firefox, Safari and Internet Explorer) to enter your passwords without any hassle.
Harper, Elizabeth. Techlicious “Quiz: Can You Spot the Strong Password?” June 2016