Donald Trump's Twitter account made the headlines, but not for the usual reasons. Rather than a bizarre conspiracy retweet or all-caps declaration, the cause of the controversy was that a Dutch researcher cracked the president's password – on just his fifth guess.
To throw a little further embarrassment into things, the password in question turned out to be the squirm-inducing maga2020! – the researcher, Victor Gevers, expressed surprise that his four previous guesses hadn't instigated additional security checks or two-factor authentication. Worse still, this was the second time Gevers had gained access this way – correctly guessing the password was yourefired, back in 2016.
A secure password is crucial in today’s online world. While most of us won't have a target on our backs quite like a presidential social media account, with so many important aspects of our lives, our work, and our finances happening online, it’s important to make sure all the information we share is secured. The best way we can do this is by using strong passwords.
The recommendations surrounding what makes a strong password have changed, however. And so have the methods used to crack them.
We examine some of the best – and worst – ways to create passwords, and explain how you can make strong passwords that won't be cracked.
- maga2020! – Looking at you, Donald. A password that can be guessed in just five goes isn't good enough (and the same goes for yourefired)
- Password1 – This is an obvious one, but it’s still one of the most common passwords used today!
- 12345678 – number sequences with an order or pattern to them will be cracked almost instantly by any rapid sequence attack.
- Banking01 – Don’t use descriptive passwords that are relevant to the application being used. Using patterns like this would compromise the security of all accounts if one password was figured out.
- 01/01/2000 – Avoid using dates, especially if the date has some personal significance (eg. birthdays, anniversaries, etc.) as this will be easier information for an attacker to find.
- Q!koP9$f – While this provides protection from dictionary attacks, it will only take about 9 hours for a brute force attack to crack this kind of password.
- Don’tStopBelieving – Using song lyrics in a passphrase can be a very easy way of remembering a secure password. This will be very difficult for a computer to brute force attack successfully. But be wary of lyrics from music that you may have listed as your favourite on social media.
- BatmanIsTheGreatestHeroOfAllTime – Using a memorable phrase can be an effective way of creating a password. Again, don't pick one that people may be able to guess.
- DogComputerScreenSpeakerTV – A list of words is another very strong method. This example would take 327 septillion years to crack by brute force.
- D0gComput3r$creenSpe&kerTV – This may be slightly more difficult to remember, but replacing some letters with symbols and numbers significantly boosts the security of the password.
Our scoring is based on independent tests and assessments of features, ease of use and value.
Local Storage Option
Password Generator Function
A password manager can create secure, complex passwords for you. You won't need to remember them yourself.
Live Chat Support
Cost per year
Overall cost per year for a single user.
Click to Try
BEST ON TEST
Password Manager Pros:
- The generated passwords are very secure, due to complexity and length. This generation is immediate and the new passwords can be automatically pasted into the relevant area.
- Password managers remove the need for you to remember all your different passwords.
- The login information stored in most password managers will be encrypted. In the event of a data breach, it would be very difficult for the thief to gain access to specific login details of any user.
Password Manager Cons
- Consolidating passwords behind one master password creates a single point of failure. If your master password for the manager is breached, all of the passwords contained within are vulnerable.
- While there are free password managers, these rarely let you run the password manager on multiple devices (say, your phone and your laptop)
Tempted to try a password manager? It could be one of the smartest moves you could make towards proper online security.
One of our favourites is 1Password, a fantastic all-round password manager that's easy to use, and can create strong online passwords for you.
Check out our full 1Password review for more detail, or see the deal below:
- 30 day Free Trial
- Even better than LastPass in our tests
- Local storage makes saving changed passwords more reliable
- Large number of secure note templates for storing sensitive information
- Very well-designed app
- No automated password changing feature
- Desktop app seems superfluous
- No camera integration on mobile
- Provides a good level of security, due to the length drastically increasing the number of possible character combinations.
- Easy to remember, especially if the word string has some slightly personal meaning to you.
- Easier to type out each time, as special characters add very little to the security of the passphrase.
- If you create a different passphrase for every site you log into, it can be a huge challenge to remember them all.
- Passphrases can potentially be vulnerable to dictionary attacks if all of the words they're formed from are regular words found in a dictionary.
- Passwords using a seemingly random combination of letters, symbols, and numbers are very difficult to guess without highly specialised cracking tools.
- Incorporating this method with a passphrase, as described above, can provide increased security.
- Using a combination of letters, symbols, and numbers will result in a password that’s more difficult for you to remember. This is made worse if you need to remember different passwords for different accounts (as is recommended).
- Mistakes are much more likely to be made when typing in a password that uses these combinations, and it's a pain to do on a phone keyboard.
- This method of password creation is no longer as strongly recommended by experts, as increasing the complexity of a password is not as effective as increasing the length.
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page