How to create a strong password (and keep away the hackers!)
Passwords – they’re something that we all need, as well as something that we’ve all struggled with creating, remembering and forgetting. They're just as important as ever, and when done correctly, can still be the last fortress of internet security. But what makes a strong password? And why is having a strong password so important?
Recent research revealed that 10,000 of the most common passwords allowed access to 98% of all accounts. Further to this, 1 in 5 of us rely on passwords that are over a decade old.
As such, I wanted to take this opportunity to ask this: when was the last time you considered whether your password practice is at an optimum level? Personally, I use World Password Day – which takes place on the first Thursday in May each year – as my own reminder to update and refresh my most important passwords.
Getting your ingredients right
First, let’s ask ourselves what the ingredients for a good password are. Using something memorable? The use of letters, numbers and special characters, such as “&”, “!” or “*”?
It's unlikely that anyone is using “Password1” for anything they want to keep secure, but the problem with passwords is that we’ve been conditioned to adopt poor practice when it comes to choosing them. While we accept that “Password1” is weak, “P@ssword!” may feel like a much stronger alternative – but the reality is, it isn’t!
Much of this issue stems from our perceptions of cyber security and the mental images that we might conjure up around cyber hacks. Many of us will picture a hoodie-wearing hacker in a dark room trying to get into our accounts by typing “password”, “password1” “password2”, “password3”, continuing a single attempt at a time.
Choosing something like “P@ssword!” feels safer, as we think we’ve made it harder to guess for this lone individual hacker by using special characters instead of just letters and numbers. This is what we’ve been taught, after all – to make sure we use at least one number and one special character. So why isn’t this best practice?
The importance of keeping it memorable
Rather than a hacker in a dark room, I’d say that a far more accurate image for us to consider when it comes to cyber hacks is a giant supercomputer which can go through billions of attempts per second – as this is very much the reality. Even freely available tools can undertake a simple attack to cycle through thousands of attempts per second.
But when we read information like this, our instinct is to go to the opposite end of the scale and create passwords that are perceived to be extra strong – such as “Z$yZe9SPt;pf”. While this is indeed much harder for a computer to guess, our password is now really difficult for us to remember!
When we’re forced to create passwords like this, or into using random password generators which conjure up similar strings of nonsensical characters, it increases the likelihood of us needing to write it down in order to remember it – which is also poor practice from a security perspective.
My recipe for a strong, secure password
So, what’s the solution? I always find that a lack of entropy (that is, a lack of predictability) is a helpful concept here.
Choosing three words that have no real business being together can work well – for example, I might choose “glasses”, “microphone” and “fan” and combine these into a phrase (“glassesmicrophonefan”). All three are items that I can see when sitting at my desk, making them easy enough for me to remember without having to write them down.
Now, let’s capitalise each word for a little extra nudge and add a question mark on the end – we arrive at “GlassesMicrophoneFan?”. We can then use what is known as a password checker to test strength and resilience, by estimating how long any given password will take to crack (which I highly recommend doing!)
For “GlassesMicrophoneFan?”, the checker indicates that it would take 23 years to crack – this is in stark comparison to the 0 seconds that it reportedly would take to crack “P@ssword!”.
Where possible, I also recommend using 2-step verification (also known as multi-factor authentication) to provide a further layer of security to your accounts. This might be in the form of using your fingerprint to verify your identity on a mobile phone app, or using a separate email account to receive a one-time code that must be entered to gain access.
My recipe for how to create a strong password is as follows:
- Make it random but memorable, and therefore strong and resilient
- Add special characters (but don’t go overboard!)
- Use a password checker to test its strength
- Use 2-step verification or MFA where possible
- If you haven’t done so in a while – update your passwords!
To read the latest features from our digital sector experts and learn more about the qualifications we offer in this area, visit our Digital homepage.
Latest News from
NCFE at 175: Revolution, progress, and the society of tomorrow27/09/2023 09:10:00
When what is now NCFE was founded in 1848, change and revolution was sweeping through Europe and beyond. From Brazil to France and Hungary, people rose up against rulers and deposed regimes.
Pilot using VR in assessment finds positive impact on student performance26/09/2023 14:15:00
A study by The Sheffield College found that using Virtual Reality (VR) in assessments had a positive impact on student performance and in retaining information.
Why gender stereotypes harm everyone on their lifelong learning journeys25/09/2023 16:15:00
Gender stereotypes harm everyone. They place us all into binary boxes, impacting the way we develop, learn and view ourselves. Before a child is even born, their biological sex has determined how society will define them, through a gender binary.
Learner with former alcohol problem helps create new addiction recovery qualification13/09/2023 09:15:00
A brand-new addiction recovery qualification has launched after being co-created by someone with a previous alcohol dependency.
Unique exam practice tool aiming to increase first-time pass rates in Functional Skills12/09/2023 11:15:00
A digital practice paper that helps learners to better prepare for their Functional Skills exam is being further developed thanks to a unique educational fund.
5 child-friendly books to help build foundations for a sustainable world11/09/2023 16:15:00
Back in 2021, my colleagues and I collaborated to develop a resource which introduces young children to sustainability through engaging and interactive experiences.
Learner stories: "Thank you, NCFE, for igniting my love of coaching"01/09/2023 14:15:00
Susannah Chambers, who currently works as an Agile Coach Lead at a major international fintech organisation, has progressed through her career by building on the foundations laid by studying two NCFE qualifications in coaching.
Learner stories: “I'd like to be an air traffic controller – that's my main goal”31/08/2023 11:15:00
Megan Dutton, a 17-year-old learner at Craven College, is about to begin studying a Level 3 Travel and Tourism with Aviation qualification. Here, we caught up with Megan to discover how studying is helping to prepare her to achieve her career aspiration of being an air traffic controller.