Techsplained: How to Create a Secure Password

Power up your passwords to keep your business data safe. 

In this Techsplained video, AJ explains how to power up your password security game to keep your business data safe.  

If you’re like me then you probably have quite a few different online accounts for different stores, services, social media and more. Many of these include hack-worthy information like your date of birth or social security data, or even bank and credit card details, so it’s important that you keep these accounts secure.

However, at the point at which we’re creating our passwords, our mind is often more on getting the account set up quickly than ensuring we’re creating a secure password. That’s where the problems start, and that’s why in this Techsplained we’re talking about password security.

So you should be asking yourself; “Are my passwords secure?”, “Are they complex enough?”, “Am I using some of the weakest passwords?” & “How can I tell if my passwords are known to hackers? ”.

Thankfully, those questions aren’t as difficult to answer as it may seem. So, let’s have a look at this in more detail and give you some password security tips.

What are some of the least secure passwords?

Believe it or not there are many,  many people who use such simple and unsecure passwords that you don’t need an AI-powered supercomputer to guess them.  

Even today, some of the most popular passwords include: 

• Password (or Pa55word)  
• Wordpass (or Wordpa55)  
• Password1 (or Password12345)  
• Querty (or qwertyuiop, or ytrewq)  

Or any variation of these with concurrent or repeating numbers.  

And these are just a few of the most common, least secure passwords.  

NordPass, creators of the Nordpass password manager (more about that later), publish a list of the 200 most common passwords every year, along with an estimate of how long it would take a regular hacker to crack them. You might not be surprised that perennial bad password favourite “123456” was top for 2020, but you might be more surprised that “ashley”, “sunshine” and “jacket025” all make the top 50. The vast majority of these simple, non-complex password would take less than a second to crack. 

So now we know what makes a weak password, what classifies as a secure password?  

What makes a Strong Password?

Let’s jump back to that scenario where you’re sat at your computer raring to buy that cool new thing, and all that stands in your way is the creation of a new password. 

 Let’s go through a few simple steps to get you quickly to a stronger password. 

Firstly, do not use your name or a family member’s name (such as the “Ashley” mentioned above). You may think this seems unrelated to you (in a data sense anyway), but with reams of data floating around the dark web, it’s not always as hard as you would hope to connect the dots. 

Start by choosing a random word. Don’t worry, that’s not your password, we’re going to make it more secure! Let’s, for the sake of this example, choose a simple word like:

house

The first layer of complexity to add to it is to mix up the cases.  Use upper and lower case letters mixed throughout the word. So let’s look at that again now: 

HoUse 

Better, but still too simple. Let’s add some numbers. However, we shouldn’t just dump them on the end, like we saw in many of the Nordpass examples. Let’s spread them throughout the word, and avoid using repeating or consecutive numbers. How does that look now? 

62HoUse7 

Getting better. Next let’s add some special characters. These are the characters on your keyboard that aren’t letters or numbers, such as @ or $. Let’s sprinkle a few on: 

62HoU$e7 

What we could do here is to mix some numbers & characters together.

62HoU$37 

Finally, we should be using a password of at least 8 characters, more if possible. The best way to achieve this is to start with a longer word, or even a whole phrase, and then apply the steps we’ve just gone through. 

Oh, and one final thing, never reuse passwords across different accounts. 

I know what you’re thinking. If my password is so complex now, why can’t I reuse it? 

Well, let’s find out. 

Why shouldn’t you reuse passwords?

Unfortunately, even the most complex passwords aren’t immune to theft.  

Your passwords could still be leaked to hackers if the website which your account is with is hacked itself and user details stolen. Even web giants like eBay and Adobe have suffered breaches in which almost their entire account lists where leaked. 

If this happens, even the most secure password could be compromised and leaked on to the dark web for cybercriminals to find and use.  

If this is the case, the cybercriminals can use that password to access your other accounts using the same details.  And if that password is reused with your email provider… then hackers instantly have the ability to find which other account are linked to that email address. From there they can reset all of your passwords by using the password reset feature for many popular websites. 

By using new unique passwords for every account ensures that all your accounts are will stay more secure.  

But, if, like me, you have more than 400 accounts, or at least 100 like the average person does, how on earth can you keep track of them all?  

Using Password Managers to securely store your passwords.

Password Managers allow you to store your passwords securely and allow you to access your stored passwords from anywhere via a Mobile App, Computer App or Web Browser  

Some password managers, such as 1Password, MyGlue and LastPass’s Business plan even allow you to store Two Factor Authentication codes against password records. This helps you to keep your accounts even more secure and gives you easy access to all the information you will need to log in securely to your accounts. Just remember to use a unique password for your Password Manager.  

To learn more about Two Factor Authentication (2FA) take a look at our What if Two Factor Authentication video. 

Passwords stored in password managers are usually secured behind 256-bit AES encryption, which is one of the most reliable and widely used encryption algorithm techniques. This ensures that, without a decryption key, your passwords would be almost impossible to view as plain text. 

Most Password Managers also offer unique password generation functions to allow you to create new, random and highly-secure passwords every time you create a new online account. 

Some, such as 1Password, also require you to create a security key of more than 30 characters as well as your email and password, for an extra level of unguessable security. Some even offer the ability to unlock with an authentication code on top of this! 

 This might seem like replacing one problem with another, but it’s still a lot easier to remember a password, 30-character key and numerical PIN than it is to remember 100 unique passwords! 

If you’d like to know more about Password Managers leave us a comment and we might cover this in a future Techsplained. 

What else can I do to stay safe online?

Creating complex and unique passwords really does help protect you against some of the most common online attack types, like password-guessing attacks where computers are uses to guess thousands of passwords a minute. 

Unfortunately, even with the most secure passwords in the world, websites still get hacked, and when this happens stolen account information is often released on the dark web where it can be bought and used by other hackers in targeted attacks. 

If you could find out when your account details appear on the dark web, then you’d be able to change your password and make your account secure once again. 

And, thankfully, you can! 

Here at One2Call we offer an active Dark Web Monitoring service which scans to see if your account information has been leaked on the dark web. As soon as we spot details related to your email address or web domain, we’ll let you know, and we’ll also offer advise on how to stop your accounts from being leaked in future. 

You can learn more about our Dark Web Monitoring service here. 

Alternatively, use the contact form below to arrange time with our consultants during which they can give you advice about the services we offer to protect your business. Mention this article for a free one-off  Dark Web Report for your business domain 

Move to One2Call manage for your IT Support and your Microsoft Office 365 and we can also implement password policies for your business to enforce strong passwords and for them to be reset on a regular basis.   

When combined with active dark web monitoring we can temporarily disable accounts that show up on the dark web to protect you and your business from potential attacks.  

For more info on email security take a look at our email security pages. 

We’ll also be producing more content on this and other tech topics in future, so be sure to subscribe to our socials and subscribe to Techsplained and TechBytes to be the first to know about future content. 

We hope you have found this information useful. Leave us a comment over on our YouTube Channel to let us know what you think or to ask a question.