Your passwords are your first line of defence against cyber threats. This article is here to help you make strong and secure passwords easily. We'll go over best practices and password rules, so you can feel confident about your online protection. Let's dive in and learn how to strengthen your digital security.

Password rule 1: Use a password manager

As a password manager developer, our company has always recommended this handy tool for securely storing, organising and managing your sensitive information. Password managers have many useful and unique features that benefit their users and let them stand above the rest of the password management solutions.

Password rule 2: Enable two- or multi-factor authentication

It's time to admit that the practice of using a login-password pair is no longer considered secure.

Despite the fact that a hacker cannot easily crack a strong password, in the event of a data leak, additional authentication factors, if not stopped, will make it extremely difficult for a hacker to gain access to your account.

The so-called “Passwordless future”

Passkeys were introduced last year as a replacement for passwords. Basically, this technology harnesses public key cryptography implemented through simple and understandable for user actions such as facial recognition, fingerprints, etc. performed on their device. It might look similar to 2FA/MFA, but it's considered more secure.

The drawback of the approach is that passkeys have a long way to go to be adopted by the majority of applications and services.

Not to mention that most websites still don't have proper password hygiene in place and use outdated and weak password policies for account creation.

But we are in no way discouraging the use of passkeys! We're just reminding you that passwords aren't going away any time soon, and we're trying to help you use them as securely as possible.

Password rule 3: How often should you change your passwords?

Changing your password frequently is not the best strategy. It causes more chaos than it helps.

If your password is long and strong, you can just check it every now and then against a database of leaked credentials (e.g. haveibeenpwned.com) to make sure that it hasn't been exposed in a data breach. You can find this feature in our password manager PassSecurium™.

Password rule 4: What password can be considered as strong?

As well as being long, passwords should be complex. Use a mix of lower and upper case letters, numbers and special characters.

It is common practice to make your password at least 12 characters long, but the best practice now is to make passwords 16 characters long.

Password rule 5: Use of misspelled words

Do not use correctly spelled words in passwords (unless you are trying to create a long mnemonic phrase as a password, in which case it might be okay).

Instead, you can use misspelled words or words with letters replaced by numbers or special characters.

The same goes for security questions: you can use a misspelled or wrong word.

Replace letters with numbers: 1 = L or i, 8 = B, other characters: & = B or “and”, ! = i, ? = two, < = c, etc.

Create better passwords like: He110_every0ne!_H0vv_@re_y0u7 = Hello everyone! How are you?

(please don’t use this example as a password)

Needless to mention, you’d better store such long and complex passwords in a password manager in order not to forget.

Password rule 6: Create a strong password using mnemonics

This can be really useful if, for some reason, you have to type your password manually.

Try to come up with a random phrase, but don’t use too obvious and common words. For example: “honourable saucer in lilac mist”. If you capitalise a few letters and add there a couple of numbers and characters, this phrase will become an extremely strong password like “2 Honourable *saucers* in lilac Mist”

(please don’t use these examples as passwords)

Some password managers can generate password phrases, but it doesn't matter if it’s a phrase or just a long random string because the password manager will copy/paste it for you.

Password rule 7: Paranoid mode on

If you store your passwords in a password manager, but you are still worried about their security, try storing only a part of a password. Remember the second part of the password and add it manually after pasting the first part from the password manager.

Password rule 8: Avoid simplification

Do not use keyboard key lines a-la 123456 or qwerty, etc.

Even if they are very long like “qwertyuiopasdfghjkl”, they will be easy to guess.

You also shouldn’t use overly simple password patterns: 123qwertyytrewq321 is long, but it's still weak, because while it's easy to remember, it's also easy to guess (especially considering that hackers don't go through your possible passwords manually - the computer does it for them quickly and efficiently).

Password rule 9: Word choice

What are the most common words found as leaked passwords?

“password”… Please never use this word as a password.

Don’t leave a guest account with the “guest” password, it’s a shortcut to get hacked.

Some other popular words used as passwords: “Gizli”, “vip”, “iloveyou”, “dragon”, “football”, “master”, “samsung”, “killer” and many others. 

It’s better to avoid using popular names or ones of celebrities, sport team names, popular foods, movie characters, anything trending is putting you at risk.

If you still crave using name of your favourite football club in your password, please add there some random numbers and characters and make it sufficiently long.

Password rule 10: Why reusing passwords is a really bad idea?

Credential stuffing attacks take advantage of reused credentials by automating login attempts to systems using known email and password pairs. It takes a couple of seconds for a bot to check whether your leaked credentials match to a range of websites. And if you tend to reuse passwords, you can lose control of multiple accounts in an instant!

Conclusion

By following these simple yet effective rules and best practices, you'll lay a solid foundation for robust digital security.

As you navigate the vast realms of the online world, always prioritise the protection of your sensitive information. Regularly check whether your passwords appeared in data leaks, employ unique combinations, use extra-factor protection and consider using reputable password management tools for added convenience and security.

You can also contribute to the collective effort in creating a safer digital environment by sharing this article or advising the people around on the best practices for password hygiene!