A secure password is crucial in today’s online world. With so many important aspects of our lives, our work, and our finances happening online, it’s important to make sure all the information we share is secured. The best way we can do this is by using strong passwords.
The recommendations surrounding what makes a strong password have changed, however. And so have the methods used to crack them.
Unlike a “dictionary attack”, where the attacker runs a rapid series of common passwords, a “brute force” attack runs all possible combinations of characters. The rising popularity of brute force attacks has led to a shift in the importance of password strength factors. This changes everything from the recommended complexity to the length of your password.
Password strength tests can be found online, and are a useful tool in securely checking the strength of your existing passwords.
We examine some of the best – and worst – ways to create passwords, and explain how you can make strong passwords that won't be cracked.
In This Guide:
- Password1 – This is an obvious one, but it’s still one of the most common passwords used today!
- 12345678 – number sequences with an order or pattern to them will be cracked almost instantly by any rapid sequence attack.
- Banking01 – Don’t use descriptive passwords that are relevant to the application being used. Using patterns like this would compromise the security of all accounts if one password was figured out.
- 01/01/2000 – Avoid using dates, especially if the date has some personal significance (eg. birthdays, anniversaries, etc.) as this will be easier information for an attacker to find.
- Q!koP9$f – While this provides protection from dictionary attacks, it will only take about 9 hours for a brute force attack to crack this kind of password.
- Don’tStopBelieving – Using song lyrics in a passphrase can be a very easy way of remembering a secure password. This will be very difficult for a computer to brute force attack successfully. But be wary of lyrics from music that you may have listed as your favourite on social media.
- BatmanIsTheGreatestHeroOfAllTime – Using a memorable phrase can be an effective way of creating a password. Again, don't pick one that people may be able to guess.
- DogComputerScreenSpeakerTV – A list of words is another very strong method. This example would take 327 septillion years to crack by brute force.
- D0gComput3r$creenSpe&kerTV – This may be slightly more difficult to remember, but replacing some letters with symbols and numbers significantly boosts the security of the password.
Scroll horizontally to view full table on mobile devices
|Local Storage Option||✓||✓||x||✓|
|Password Generator Function||✓||✓||✓||✓|
|Live Chat Support||x||✓||x||x|
|Ease of Setup||★★★★★||★★★★★||★★★★★||★★★★★|
|Help & Support||★★★☆☆||★★★★☆||★★★☆☆||★★★☆☆|
|Value for Money||★★★★★||★★★★☆||★★★★☆||★★★★☆|
|Cost per year||$36||$60||$24||$30|
|Discounts Available||See Deals||See Deals||See Deals||See Deals|
Password Manager Pros:
- The generated passwords are very secure, due to complexity and length. This generation is immediate and the new passwords can be automatically pasted into the relevant area.
- Password managers remove the need for you to remember all your different passwords.
- The login information stored in most password managers will be encrypted. In the event of a data breach, it would be very difficult for the thief to gain access to specific login details of any user.
Password Manager Cons
- Consolidating passwords behind one master password creates a single point of failure. If your master password for the manager is breached, all of the passwords contained within are vulnerable.
- While there are free password managers, these rarely let you run the password manager on multiple devices (say, your phone and your laptop)
Tempted to try a password manager? It could be one of the smartest moves you could make towards proper online security.
One of our favourites is 1Password, a fantastic all-round password manager that's easy to use, and can create strong online passwords for you.
Check out our full 1Password review for more detail, or see the deal below:
- Free 6 month trial for 1Password Teams for business
- Local storage makes saving changed passwords more reliable
- Large number of secure note templates for storing sensitive information
- Very well-designed app
- No automated password changing feature
- Desktop app seems superfluous
- No camera integration on mobile
- Provides a good level of security, due to the length drastically increasing the number of possible character combinations.
- Easy to remember, especially if the word string has some slightly personal meaning to you.
- Easier to type out each time, as special characters add very little to the security of the passphrase.
- If you create a different passphrase for every site you log into, it can be a huge challenge to remember them all.
- Passphrases can potentially be vulnerable to dictionary attacks if all of the words they're formed from are regular words found in a dictionary.
- Passwords using a seemingly random combination of letters, symbols, and numbers are very difficult to guess without highly specialised cracking tools.
- Incorporating this method with a passphrase, as described above, can provide increased security.
- Using a combination of letters, symbols, and numbers will result in a password that’s more difficult for you to remember. This is made worse if you need to remember different passwords for different accounts (as is recommended).
- Mistakes are much more likely to be made when typing in a password that uses these combinations, and it's a pain to do on a phone keyboard.
- This method of password creation is no longer as strongly recommended by experts, as increasing the complexity of a password is not as effective as increasing the length.
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews.