The digital world has bad actors at every turn looking for the latest way to get access to sensitive systems, including your email, bank account, credit card accounts or even your network at work. This is why password hacking has become insanely popular.
You can fight back against these password pirates by creating a strong password and protecting it from the various types of hacks bad actors attempt. Below, we offer four quick tips for creating an unbreakable password, so you can keep you and your company safe. But before we dive into password creation, let’s have a look at the key hacks used to get your password.
Methods for creating that uncrackable password
To avoid some of the lower-tech password-stealing hacks, like brute force or dictionary, you’ll need to create an uncrackable password. There are many tips for creating great passwords, but some stand out as more surefire ways to keep your private data safe. Here are four of the best password-creating tips.
1. Random passphrases
The more random and personal a password is, the less likely a hacker is to guess it. Creating a long passphrase made up of several random words mashed into one is a great way to throw off any hacker. Choose things that you will remember but would be complete nonsense to anyone else. For example, you favorite TV show, favorite actor and favorite food combined into one word.
A great example of a knockout password using this method would the “TheWakingDeadCruiseSpaghetti.” Sure, a hacker may see from your social media posts you are a fan of TWD, but the chance they also know you’re a Tom Cruise and Spaghetti fan is highly unlikely. And the chance they will think to put them all together in one password is even less likely.
2. Gobbledygook as a password
No, we’re not saying to create a password with no meaning. We’re saying to make one that means nothing to a hacker. For example, choose a sentence that has significant meaning to you, then chop it up until it looks like nonsense to an outsider.
Security awareness training strategies for account takeover protection
Why you need an inside-the-perimeter strategy for internal threats
One way to do this is to use only the first two letters from each word in the sentence. For example, if you are a Plato fan, you can use one of his most memorable quotes, “Only the dead have seen the end of war.” To make it hack-resistant, you would chop it up as “OnThDeHaSeThEnOfWa” when turning it into a password.
3. Let your fingers do the talking
Sometimes you cannot remember passwords for the life of you and creating a good one results in you clicking the “forgot password” link. How about letting your muscles be your memory?
Let your fingers just naturally tap a combination of 15 or more keys with no real input from your brain. Once you’ve created what feels like a comfortable string, repeatedly type said string until it becomes almost an automatic motion.
This muscle memory will create a strong password you won’t struggle to remember and hackers will struggle to guess.
4. Using a password manager
In today’s world, countless tools make your real and digital lives more manageable. One tool that helps with the latter is a password manager like LastPass or Dashlane. These systems offer two processes to help with your password woes.
First, they help you create super-strong passwords that almost no one can guess. We’re talking long, illogical strings of characters that mean nothing to you. Second, these managers save the passwords in a password-protected vault, meaning you never have to remember another password again – well, except the password to the vault.
Speaking of that vault password, use one or a combination of the above password-creation tips to come up with one uncrackable super password. Remember, this is the only password you’ll have to remember, so make it count.
Keep in mind that password managers are far from invulnerable, so you must still ensure you’re on top of the security of your data.
Be suspicious of all emails
Email is a staple in virtually every office setting these days, and we sometimes get bombarded with spam and business communication that keeps us busy all day. Within this mass of emails can be a phishing attempt, and your workload may have you spread so thin you take the bait.
To avoid this and other email-based hacks, assume all email seeking your personal information is a fake. Also, if you receive an email asking you to click on a link to change your password or log on, don’t immediately click on the link.
Instead, hover your mouse over the link to see the real URL it points to. Chances are, it doesn’t point to the site you expect it to.
If you fear this email may be legitimate, you can verify its validity by opening a separate internet browser and logging into the website or system without clicking on the link in the email. If you can sign in without any issues and receive no alerts, there is likely no problem with your password or access to the system.
You can also try calling the website or your IT department to verify there is no issue.
Use a Screen Shield
Though shoulder surfing is the least technical of the password-stealing processes, there is tech to block it. A screen shield, which is also called a privacy filter or screen filter, blocks your screen from any angle other than straight ahead. So, if a shoulder surfer thinks they can stand behind you from an angle and read your screen, they will see nothing but black.
Sure, a shoulder surfer could still see what keys you’re pushing, but they will have no idea if you’re typing a password or a thank-you letter to Aunt Ester.
A screen shield is not a 100% effective solution, as a sneaky enough person could get directly behind you while you’re deep in thought and read your screen. This is where you need to be aware of your surroundings, so you know when someone is just inches behind you while you’re on your computer.
We all lead busy personal and professional lives and sometimes lack time to think up a crafty password. Plus, with many corporate systems requiring a password reset every few weeks, you may simply run out of ideas.
Don’t let password laziness get the best of you and start choosing easy-to-guess strings like “123456,” “123987,” “abc123, “password,” qwerty” or others like that. Even if you think you’re being creative by using character substitution like “!” in place of a “1” or “@” in place of an “a,” you’re just delaying the inevitable.
The main rule of creating an unbreakable password is: do not talk about the password. Actually, this might be a bit extreme. What we actually mean is: don’t let your web presence provide the hackers with a silver platter of hints. This includes birthdays (easily accessible online), wedding anniversaries (especially if you shared photos from your wedding day on Facebook), or the names and birthdates of your children, grandchildren, or pets. The latter especially is a big no-go zone which even prompted a warning from the UK's National Cyber Security Centre (NCSC). According to recent findings from the government agency, 15% of the British public are using the names of their pets as their passwords, making it a highly-predictable choice. Moreover, it’s not difficult to find out your cat, dog, or guinea pig’s name, as many of us are guilty of posting an occasional picture or two with our fluffy friend.
Commenting on the findings, NCSC's director for policy and communications, Nicola Hudson, said: "We may be a nation of animal lovers, but using your pet's name as a password could make you an easy target for callous cyber criminals.” Therefore, be warned.
The second most popular option for passwords were names of family members, chosen by 14% of those surveyed, which also is information which can be easily obtained through a quick Google search. Other common choices were significant dates (at 13%) and favourite sports teams (6%) – which is why you shouldn’t opt for ‘Arsenal123’ when your Twitter profile picture shows you wearing a Gunners’ scarf.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.