What Makes a Password Strong? Best Practices for Password Security
What Makes a Password Strong? Best Practices for Password Security
19 June 2022

Best practices for passwords safety and security

This post was originally posted on Dec. 31, 2019. We’ve updated it with best practices for protecting your online passwords.

Today, you can do so much online! You can access your bank accounts, shop, play games, watch movies and even talk to people miles away. For each thing you do online, you have to create an account, and the amount of information attached to these accounts makes securing them incredibly important.

According to WebTribunal.net, 53% of people rely on their memory to manage their passwords. If you belong to this group, you might be tempted to write your passwords down. This practice, too, is risky. For these reasons, password storage and encryption programs are integral to internet security.

Tips for Creating Strong Passwords 

Creating strong passwords is your first line of defense against cybercriminals.

It seems crazy that today we are still reminding people not to use passwords with easy-to-remember strings such as “123456” or “abcde.” These are some of the most common passwords used in the U.S.* Don’t use them:

  • iloveyou
  • 123456 and 123456789
  • password, password1
  • qwerty
  • 987654321 (clever, huh?)
  • letmein

These types of passwords are easy to guess and a hacker’s dream. Let’s take a look at how to make a good password.

What makes a password strong

So, what is a good password? Generally, the longer and more complicated your password is, the harder it becomes for a program or person to figure it out. Here are some tips on creating stronger, more secure passwords:

  • The longer your password, the stronger it is. Try to use passwords that are at least 12 characters long. Ideally, they would have over 20 characters.
  • Use a combination of lowercase and uppercase letters, as well as numbers and symbols.
  • Avoid using things like birthdays, important dates, and pet names.
  • Turn a memorable phrase into a password. For example, “My favorite movie is Casablanca. It was released in 1942.” becomes “mFmiC.iWri194two.”
  • Choose six random words from a dictionary and string them together for a password. The length and inherent randomness make it difficult for humans and programs to crack your password.

Avoid re-using a password. Even if your password adheres to the above advice, using the same password over and over increases the odds that it’ll be leaked. Once that occurs, whoever has your password can access your other accounts.

How to Protect Your Passwords 

Don’t write down your passwords. The list could fall into the wrong hands, or get lost. 

Don’t store your passwords on your computer, such as in a spreadsheet or Word document. If someone hacks your computer, they’ve gained access to your accounts.

The best way to remember your passwords without taxing your memory is to store your passwords with a password management tool. OneLaunch’s Chromium Browser comes with a secure password manager, which you can learn about in this article, “What Are Password Managers?” About halfway into the article, we answer the question, “Which password manager is right for you,” and we explain how OneLaunch’s built-in password manager encryption and security works. 

You’ll find third-party apps, such as KeePass, 1Password, and LastPass, which offer free and premium plans for managing your passwords. In addition to encrypting all your stored passwords so that only you can access them, these programs include password generators, which generate random passwords, so you don’t need to struggle over creating strong passwords on your own. LastPass and 1Password feature browser extensions that allow you to manage your passwords. Password managers require a “master” password that you’ll have to remember to access your stored passwords.

How Often Should You Change Passwords? 

While some recommend changing passwords every month or so, cybersecurity studies suggest that when people have to frequently change passwords, they’re more likely to choose weaker passwords.

And then there’s the philosophy that says, if your password is strong and unique, you shouldn’t need to change it (unless it has been comprised). 

A good rule of thumb is to change your passwords every six months to a year. When you change your passwords, follow the tips we lay out above in “What makes a password strong,” for creating strong passwords. 

What Passwords Should You Change?

If you have weak passwords, don’t wait for them to be compromised before changing them, especially if those weak passwords are for popular sites, including:

  • Amazon (and all online shopping accounts)
  • eBay
  • Facebook, Instagram, LinkedIn, Twitter (and all social media)
  • Google (and all email accounts)
  • Yahoo
  • Netflix (and all of your streaming channels)
  • Microsoft
  • Reddit
  • Twitch
  • WhatsApp (and all messenger accounts)
  • YouTube
  • Zoom (and all video communication accounts)
  • Bank accounts
  • Healthcare accounts
  • Insurance accounts
  • Subscriptions
  • Home utilities
  • Travel accounts, including frequent flyer

Unfortunately, 100% protection against cybercriminals is impossible. Even password managers have fallen to hackers. With that said, password managers are still the most secure way to protect your passwords, and unless your master password is weak, there is no need to change it. 

Of course, other security basics like keeping your computer, browser, and software updated, using a firewall, antivirus software, and two-factor authentication are integral parts of well-round password protection. You also cannot underscore the importance of exercising caution with untrusted links or emails and watching for suspicious activity on your accounts.

*Sources for most-used passwords: ExpressVPN, Nordpass, SafetyDetectives, TechCult