6 Tips to Create Strong, Secure Passwords in a Digital World
Our digital world has transformed computing at home and at work, with more devices, accounts, and passwords to keep track of than ever before. Following our six tips to create strong passwords will help you protect your personal information and private accounts in this complex digital age.
What makes a strong password?
Strong password security is essential as the first line of defense against unauthorized access. A strong password:
- Leaves out your name, personal info, and/or common phrases
A strong password will never include things like first names, last names, addresses, or even pet names that can be linked to your identity through social media and other digital sources. Strong and secure passwords also leave out common phrases like “Password” or “Superman” that are easy for hackers to guess.
- Uses at least 12 characters
Why are there more characters in strong password examples? Each character you add to your password, regardless of whether it is a number, letter, or special character, increases entropy, a measure of possible password combinations, many times over. Simply going from 8 to 12 characters in your password can add decades of decoding time, even with the most advanced digital hacking tools. For heightened security, you can go up to 16 or even 20 characters long; by default, Dashlane generates 16-character passwords.
- Is unique
A unique password includes a mixture of symbols, numbers, and upper- and lowercase letters in random order. Many good password ideas mix special characters and uppercase letters within the body of the password to make it even more random. Passwords are only unique if they are not reused on other accounts.
- Is encrypted
Encrypting passwords before they leave your computer or device means scrambling them into an unrecognizable format that only authorized users can read. The best password managers utilize AES-256 encryption, widely accepted as the strongest encryption type available, to protect passwords before they are stored in secure cloud locations. While encryption isn’t a substitute for a strong, unique password, it does help protect passwords from cybercriminals.
- Is created by a password generator
A great way to create long, unique, and random passwords consistently is by using a password generator to automatically produce strong password suggestions based on the guidelines you provide. Password generators are integrated into top password managers like Dashlane so that your strong passwords are created and managed from one secure application.
Want to learn more about using a password manager?
Check out our our personal plans or get started with a free trial.
The security risks of unprotected passwords
Cybersecurity risks continue to grow in the digital age, with the quantity and financial impact of hacking and data breaches continuing to rise. Increased mobility and a growing list of apps and accounts complicate these security risks at home and at work.
Cybercriminals work individually or in organized teams to infiltrate devices and digital systems so they can steal or corrupt sensitive information for financial benefit. Common hacking practices that target weak passwords as a point of entry include:
- Brute-force attacks: This tactic uses random, computer-generated combinations of usernames and passwords until a credential match is found. Although network security and monitoring practices can often detect a brute-force attack in progress, strong passwords are harder to guess (even for a computer) and less vulnerable to this approach.
- Phishing: Emails or phone calls disguised as messages from reputable companies urge recipients to provide their personal and/or financial information to keep their account in good standing. Some phishing emails also include deceptive links to harmful malware. Luckily, most phishing emails can be detected based on misspellings or grammatical errors in the URL or message text.
- Man-in-the-middle attacks: In this cyberattack category, a third party inserts itself into the middle of a digital conversation so that information can be intercepted or modified. A VPN mitigates the risk of MITM attacks on public WiFi networks by encrypting all data going into or out of the device and routing it through a secure portal.
- Internal security threats
A high percentage of company security threats come from within organizations. This can include employees, ex-employees, and contractors who retain their credentials or use unsecure methods to share passwords. Internal security threats can also unintentionally develop when employees have malware on BYOD devices, accidentally send an unencrypted email to the wrong person, or misplace their device or credentials.
- Loss of account access
Weak passwords and poor password hygiene can lead to frequent password changes and password resets that, in turn, lead to progressively weaker passwords. Along with the security and productivity impact on companies and IT teams, individuals also risk losing account access at inopportune times when their password habits are less than ideal.
6 tips for protecting your accounts with secure passwords
The digital world of today provides us with improved network security practices, anti-virus software, and advanced encryption and authentication techniques to protect our data and devices. Cybercriminals have developed their own digital tools, however, so you should incorporate these up-to-date tips on how to make a secure password into your routine:
- Make your passwords strong: Recent NIST recommendations on how to create a strong password point out the value of long and complex passwords over easy-to-remember passwords with periodic updates. Forced, periodic password resets can weaken rather than strengthen your security profile since the minor changes you’re likely to make can easily be guessed by hackers. The NIST also suggests screening new password ideas against lists of commonly used and compromised passwords. A password manager makes these improvements easy to implement and sustain.
- Never reuse passwords: Repeating login credentials is an easy habit to fall into, and it’s one that can weaken cybersecurity. Apart from undermining your efforts to keep passwords unique, reusing passwords diminishes password security by exposing multiple accounts if even one password is lost or stolen. Dashlane’s Password Health score helps you eliminate this habit by providing you with lists of your weak, compromised, and reused passwords.
- Use 2-factor authentication (2FA): 2FA is a valuable digital security tool that uses an additional check, like an email message or code sent to you through an app, to verify your identity before granting you access. Since a hacker is not likely to have both your account password and device in their possession, the extra seconds required to log in using 2FA are well worth it for the added layer of assurance. Multifactor authentication (MFA) takes this security practice to the next level by adding additional identifiers, like fingerprints or facial recognition, to the authentication process.
- Store your passwords in a safe place: Any complete list of tips to create strong passwords should also consider how you store your passwords. Passwords stored on sticky notes, scraps of paper, or unprotected spreadsheets can erode your password security and privacy. Using a built-in browser password manager to store passwords isn’t a safe option either, since passwords saved in browsers are typically not protected by encryption.
Pro tip: The zero-knowledge architecture used by Dashlane means we only store your encrypted password data on highly secure, hosted cloud servers, and no one can ever view or modify this information.
- Never share passwords through unsecure methods: Subscription, retail, and workplace account passwords are frequently shared, and this practice can also weaken cybersecurity and password health. If someone you share a password with is impacted by cybercrime, your credentials could also be included in the breach. The best password managers include secure password-sharing portals that allow you to safely transfer information to friends, family members, or coworkers.
- Use a password manager: A password manager employs advanced digital technology to create, encrypt, and autofill your passwords safely. Secure vaults for password sharing and storage keep your information protected in the event of a data breach. The best password managers make advanced hacking tactics ineffective while improving your productivity and user experience.
How Dashlane secures your passwords
The Dashlane password manager helps you generate and manage strong and secure passwords with ease. Standard features, including AES-256 encryption, password health scoring, 2FA, and a secure sharing portal, improve your cybersecurity and productivity, while our dark web monitoring tool scans the depths of the internet for your credentials and alerts you instantly if your password information is detected.
Strong and unique passwords are essential in the digital age, but you also shouldn’t overlook the importance of usernames.
Learn how to protect your online identity by creating secure usernames consistently with our list of 6 things a safe username should always do.
- Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022.
- Dashlane, “10 Most Common Passwords (Is Yours on the List?),” September 2022.
- Dev.to, “Why Password Length Matters,” September 2020.
- Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022.
- Dashlane, “What Is a Good Password? 5 Tips for Increasing Password Strength,” November 2022.
- Dashlane, “What Is Encryption?” March 2019.
- Dashlane, “Resist hacks by using Dashlane's password generator tool,” 2023.
- Dashlane, “What the Hack is a Brute Force Attack?” February 2020.
- Dashlane, “Don’t Take the Bait — Password Managers Can Help Shield You From Phishing Attacks,” November 2020.
- Safety Detectives, “What Is a Man-in-the-Middle Attack?” January 2023.
- Dashlane, “Why Do You Need a VPN? Don’t Miss These 3 Key Benefits,” August 2020.
- Digitalisation World, “Research shows security threats from insiders exploding,” 2023.
- Dashlane, “How Often Should You Change Your Password for Online Accounts?” January 2023.
- NetSec News, “Summary of the NIST Password Recommendations for 2021,” November 2022.
- Dashlane, “How to Stop Reusing Passwords for Good,” January 2020.
- Dashlane, “Understanding Your Dashlane Password Health Score,” October 2020.
- Dashlane, “How Dashlane Makes 2FA Easy,” June 2022.
- Dashlane, “A Complete Guide to Multifactor Authentication,” November 2022.
- Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
- Dashlane, “Share your saved items in Dashlane,” 2022.
- Dashlane, “Train Dashlane: Our Industry-First Feature Gives You Customized Autofill Accuracy and Control,” September 2022.
- Dashlane, “Dark Web Monitoring: Your Employees Are Likely Using Compromised Passwords,” July 2022.
- Dashlane, “6 Things a Safe Username Should Always Do,” February 2023.