Long, Complex, and Unique: What Makes a Good Password

Whenever you have to create a new password, it is a good idea to think of passwords as locks on the multiple doors leading into your increasingly connected and digital life. These locks keep you safe from crowds of bad guys roaming the virtually lawless digital space and looking for a chance to steal your money, identity, accounts, and information.

So it makes sense to get really strong and reliable locks. In other words, you should use very strong and reliable passwords to protect all your accounts.

But what exactly makes a strong password?

Length

Strong passwords are long. Hackers that go after your banking, email or social media accounts often rely on password-cracking software that tries all possible combinations of words and characters until it finds the one matching your password.

This is explained really well and in very plain language in a video by TechTarget below.

The best protection against this software is a long password, consisting of 12 characters or more. At this length, it would take even the most powerful computer many years to crack your password. That's why hackers normally don't even bother trying to crack passwords longer than 12 characters.

Complexity

Good passwords are also complex. They do not include common names or words. The password-cracking software I mentioned above always starts "guessing" a password by trying the most common dictionary words and memorable keyboard paths ("qwerty," "123456," "password," etc.).

To protect your accounts against this software, make your passwords too complex to "guess". In practice, it means mixing up uppercase and lowercase letters, numbers, and symbols. The most secure passwords include random combinations of all possible characters.

You know that a password is complex when it is so random that it would take a lot of effort to memorize it. That is the kind of passwords you should be using.

Uniqueness

As I suggested elsewhere, every password you use should be unique to the account it has been created for. It is a very bad idea to reuse the same password or slight modifications of the same password for different accounts.

Bad guys understand that most internet users rely on one or a handful of passwords to secure dozens of accounts. So as soon as they get their hands on a single password used by an individual, they check if the password works on any of the other accounts that the individual has. It means that when you use the same password for several accounts or reuse old passwords, you make it easy for hackers to break into all of your accounts.

Nothing personal

Good passwords should never contain names, cities, pet names, your favourite sports teams or any other details that could be tied to you.

Most of these details are easy to find by combing through your social media.

So, your passwords should be longer than 12 characters, complex (preferably random), unique, and free of any personal details. How do the passwords you use measure against these criteria? If they come short in any of these categories, make sure you are changing them as soon as possible.