How can we help you?

Back to Help Topics

Password Strength Tips & Tricks

Your password for your account is, in most cases, the only thing standing between a hacker and your personal information. As such, having a strong and secure password is essential - but how do you make a password as strong as possible?


Common problems with passwords

For many of us there is a difficult balance to strike between choosing a secure password and one that you can easily remember. We are often told that a secure password contains a mixture of lower and uppercase, numbers and symbols, but a password such as ' tH7&!me" ' is easy to forget. The alternative of using simple words like "elephant" is much easier to keep track of but also incredibly simple for a malicious attacker to guess.

The crucial aspect of strengthening a password is it's length. A long password, just like a long string of numbers, is harder to guess, regardless of the complexity.

 

Comparison of different password strengths

Below you will find a few example passwords, each with their own strengths and weaknesses for comparison.

Please note that these are listed as examples only, and are not intended to be copied for personal use.


Password1: Passwords that are simply "password" (or variations of) are surprisingly (and worryingly) common. This variation is easy to remember, and contains one of the "common" rules of strong passwords - a mix of upper and lower case and a numerical character. 

However, the easy to remember format of these characters is also incredibly predictable for hackers. They will almost always try capitalising the first character of a password, as well as adding the numbers 1, 12 or 123 to the end. This is because many accounts require a user to add numbers and a mix of upper and lower case characters, at which point the user adapts their existing password in the simplest way possible to fit the criteria required. This kind of password is highly insecure.


happypixiemoondance: At first glance this example might appear absurd, but it is in fact probably one of the strongest of the examples listed here - purely due to its length. As mentioned previously, the longer your password is, the more combinations of letters and characters a hacker has to guess in order to gain access to your account. However it is also crucial to ensure that the words are chosen at random, or at the very least are not words commonly associated with each other - "carparkingticketstreet" for example are all words with a common link, making them easier to guess when used in conjunction.

Whilst this example breaks one of the golden rules of passwords, which is to avoid the use of dictionary words, by combining several words at random you can regain password security whilst maintaining memorability. 

This kind of password may not be appropriate for all sites as many enforce at least one upper and lower case character, one number and one symbol. You can add such elements if necessary by, for example, capitalising the last letter of each word or separating the words with a certain number.

 

2bon2btit? - Derived from the phrase "To be or not to be, that is the question" using a simple translation, taking the first letters of each word and translating certain sounds into numbers and symbols. It has the best of all worlds - memorable but also possessing high entropy from including a mix of characters. This works best with a sentence, quote or lyric of at least 10 words. 

 

There is another tactic of taking any random character on the keyboard and repeating it 20+ times and combining it with any other random character from a different class: 

%%%%%%%%%%%%%%%%%%%%p is a relatively strong password and actually very memorable. 

 

The Three Golden Rules of Good Passwords

- Never use a dictionary or other common word by itself or even with slight variations.

- Always choose a password of sufficient length - many websites recommend at least 8 characters, but ideally you should aim for 12 or more for a higher level of entropy.

- Make sure your password is memorable - a password is of no use to you if you cannot remember it or if you have to write it on a piece of paper.

If you want to check how secure your password is, you can use an online tool (such as: http://password-checker.online-domain-tools.com/ ) to find out roughly how long it would take a hacker to guess your password.