Characteristics of a strong password
Passwords or access codes can be made up of a variable number of characters. The strength of a password, i.e, its quality, varies depending on the number of characters it contains and their type (symbols, numbers, letters, etc.). If you use letters, numbers and special characters together, it will be stronger. Also, the longer, the better, that's why we recommend, where possible, the use of complete phrases as a password, due to their robustness and ease of memorisation. You should avoid simple terms that can be associated with your person when generating strong passwords.
The other basic tip for keeping your passwords safe is to keep them secret. Do not share them and even less so in writing, because they could end up in the wrong hands. Even if you create a very strong password, if you have it written down on your desktop in full view, it won't serve its purpose. It is important that you memorise your passwords so that they remain reliable.
The essential characteristics that must be taken into account when generating a secure password are:
- Secrecy. Never share your passwords. It should always be kept secret because a shared password is no longer secure.
- Strength. A password is considered strong when the probability of discovering it is minimal and the time and resources necessary to obtain it are not profitable or viable. The features that make a password strong are:
a. Minimum length of ten characters.
b. Lower case and/or, upper case characters, with numbers and symbols.
- Different to the one provided by default with the service or product, you must change it once it is provided.
- Different from the one you use for other services. The password for your mobile phone or that of your online banking or that your email, should not be the same.
If you want to check the strength of your password and know how long it would take to figure out, you can use this Secure Password Check tool by Kaspersky.
Tips for creating a strong password
It is essential that you use strong passwords for all the services you use. Even our use of social media stores content that could be compromising or which could provide access to more important personal information.
What not to do with your password
To avoid problems, here’s what you must never do with your passwords:
- Use simple ones like 1234, abcd, 123qwe, etc.
- Use services or apps without a password.
- Choose your name or surname or those of people close to you.
- Use the default password.
- Use simple words like hello, love, car...
- Use dates of birth or places related to you.
- Use your own username as a password.
- Use less than ten characters.
- Create codes with the concatenation of elements such as your last name and your year of birth.
Benefits of using a password pattern
A very common bad practice is to have the same password for all services and devices that we use. If a cybercriminal were to enter one of these, they would have instant access to the rest. To avoid this, you can use some of these very practical rules for remembering passwords:
- Use whole sentences, to get long and easy to remember passwords. For example: Mycarwasstolen
- Use passwords with the same pattern but with slight variations depending on the service it is being used for. For example:
Facebook -> K8542sd$F
Twitter -> K8542sd$T
- Change vowels for numbers or special characters. For example:
Mycarwasstolen -> myc4rw%sst*l%n()
- Use mnemonic rules taking, for example, the first character of each word of a long sentence and ending it with a special character:
A bird in the hand is worth two in the bush -> Abithiw2itb$
Some Internet services will occasionally ask you to change your access codes to guarantee your security. Do it when you are asked to do so, as it will only take a moment and will help make your user accounts more secure.
A password manager is a program that stores all your passwords in one place, therefore you only have to remember your password to enter the manager. There are two types of password managers:
- Online managers, accessible via the Internet. You can access it from any device with an Internet connection and generate a new master password if you forget it. The main disadvantage is that it is a potential target for cybercriminals and that the overall security will depend on the server.
- Programs installed on our computer, access is only local, for example the home computer or even via the mobile. You can only access it from your computer and it is almost impossible to recover the master password. All security resides in the installation.
Password manager considerations:
- The master password or the one for accessing the manager must be as strong as possible.
- Never forget this password. In some cases, a new one cannot be generated.
- Make backup copies of the file with your passwords on external media such as a CD, in the cloud or on an external hard drive, to prevent them from having copies in case you are a victim of ransomware.
Two-step verification is a functionality that gives an extra layer of security to your accounts. In addition to entering the password, you are asked for a second type of identification or verification, such as a code sent to your mobile or a digit on your coordinate card. Two-step verification is used by Google, Facebook and banks.
It is also typically used in online shopping. First they ask for your card details on the payment gateway, this being the first step in verification, and then they ask for a personal password or a one-time password (OTP) that will have been sent to you through a text message to your mobile. Second verification and security guarantee.
The danger of security questions
There are many online services that include the option to recover or reset passwords through a security question. This question must be chosen carefully and only you should know the answer. For example, it is easy for many people in your environment to know the answers to "What was your first pet's name?" or "What was your first car?" or even find them on your social media. For this reason, you need to configure a security question to prevent fraudulent access.
If you have any questions regarding passwords, you can contact OSI, the Information Security Office, and a team of professionals will help you with your query. They are also at your disposal if you want to know more about the backups and the encryption of information and on how to protect your Wi-Fi network..
Other related products
Protect yourself against fraud
Learn to distinguish between bank communications and phishing.
Online Security Wiki
You like to have all your queries resolved in your day-to-day. We help you resolve those on Online Security.
You might be interested in
How to withdraw money without a card
How to pay using your mobile
Find out more