Don't be predictable - why your passwords are all wrong

By: Joe Turner

Date: 14 March 2017

Don't be predictable - why your passwords are all wrongJoe Turner, Digital Marketing Manager at iWeb, says it's time we started putting more thought into our password management.

In today's digital age, understanding how we can help prevent online attacks is crucial. Unfortunately, weak passwords remain one of the most common flaws in computer security.

Learning how to create strong and memorable passwords by using either traditional methods or automatic password generators, is knowledge worth gaining. A good start would be steering clear of the following, which according to keeper security, were the top 10 most common passwords of 2016:

  • 123456
  • 123456789
  • qwerty
  • 12345678
  • 111111
  • 1234567890
  • 1234567
  • password
  • 123123
  • 987654321

Traditional password advice

There is a generic, basic formula to self-generating passwords that will help keep you safe online:

1. Use 12 characters (minimum)

Choosing a password that is of sufficient length helps to reduce the probability of a hacker correctly guessing the correct combination. While there isn't a standardised length for passwords, most experts agree that between twelve to fourteen characters is sensible. Basically - the more characters, the better!

2. Include numbers, symbols, capital letters and lowercase letters

Using a mixture of letters, numbers and symbols - especially when using a combination of lower- and uppercase characters - will go a long way to creating a robust password.

3. Avoid dictionary words or combinations of dictionary words

Steer clear of obvious, popular, trending or overused words when creating your password - in particular any word on its own or with an obvious word pattern, eg 'blueocean'.

4. Don't include personal information

Passwords that contain personal information such a birth date, phone number, spouse's name, pet's name, kid's name or login name, for example, should be avoided.

5. Don't rely on obvious substitutions

It's easy to replace a symbol or character with an obvious, memorable substitution. For example, 'h0use'; replacing the letter 'O' with the number '0' is simply too predictable and a gift for hackers, because they both look the same and are more easily remembered by online users.

What's a base word?

A base word is most commonly used when creating different passwords for multiple logins. It allows the user to change certain aspects of the original combination, but ultimately retains the same, core features, which is what makes it memorable.

Here are a few tips to get you started on finding a great base word:

1. Use a book

Choose a book you own in paper format. Locate a word you like or skip to a random page to find your base word. For example: you may find the word 'special' on page 109 of chapter 12, which becomes your base word. One of your passwords could then be '109special12'.

You can play around with the order of the page numbers, too, and even mark the page with a pencil. It's a safe practice and great reference point if you forget your password, as it simply looks like an annotation.

2. Play with vowels

Taking a favourite phrase or the name of an activity and removing the vowels is a great way to create a strong password. You can even use the vowels again at the end of the password, in order to make it really hard to guess.

For example, if you chose the activity 'ice skating' your password would become 'icsktngeai' which looks very random and complicated but is actually pretty logical from your perspective. If you want to make it more secure by replacing some letters with numbers or symbols, go right ahead.

3. Connect the first letters of a passphrase

Security-conscious people will often pick a well-known phrase such as 'a dog is a man's best friend' and use the first letters of each word to create a new, secure password - ie 'ADIAMBF'. With such a password, one could even arrange the letters in reverse order or add numbers and symbols at the start, end or in between each letter, eg 'A1D2I3A4M5B6f7'.

4. Mix words

This one is a little more confusing, but very secure. Take a phrase containing just two or three short words - for example, 'chocolate milkshake'. Then, simply place the alternate letters of these words in order, like so: cmhiolckoslhaatkee. If you want to take it a step further, use capital letters for one word and lower-case letters for the other.

5. Reverse

While this may seem like an obvious trick, it's still a great way to create a secure base password. All you need to do is take a phrase like 'Red Shoes' and reverse it, so it becomes 'seohSdeR'. Some of the letters can also be exchanged for numbers and symbols to make it even more secure.

Creating a strong password digitally

One way anyone can defend themselves against hackers and cyber breaches is by creating complex and unpredictable passwords. If you struggle with the traditional methods or have exhausted all of your own combinations it's advisable to try an online password generator.

There are a number of different options available - some that are basic, and others that offer advanced settings that allow you to customise the length of your digitally-generated password. Some websites can even produce 100,000 passwords in one click!

Managing all your passwords

With the average Briton possessing around 19 passwords, creating several strong combinations of letters, numbers and symbols and remembering them all is almost impossible. Few of us have photographic memories or the time to spend time drilling such passwords into our brains - so what tools can we lean on to solve our password problems?

Thankfully, we live in the age of the password manager. By using services such as Dashlane, or 1password, you're able to create one, secure account where you can store all your passwords and access them whenever required.

Even with a password manager, you'll still need to create and remember a 'master' password for your account, but grouping all your individual passwords under one account is far better than having to remember them individually.

Check your password

Use the above tool to test whether or not the password you've created is secure. It offers a great little feature that provides suggestions on how to make weak passwords more secure, by adding elements such as symbols and uppercase letters. It also tells you how long it would take a computer to crack your password, which could be thousands of years for the strongest passwords!

Copyright © 2017 Joe Turner, Digital Marketing Manager at iWeb