The Ultimate Guide to Creating Strong Passwords

In today's online world, every digital identity is now protected by a username and password.

Passwords are now the keys to our digital front door. A Verizon report in 2022 found, more than 80% of confirmed breaches are related to stolen, weak or reused passwords.

But cyber-attacks are becoming more and more sophisticated, putting even the strongest of passwords at risk. For Cybersecurity Awareness Month, we’ve put together some tips to creating stronger passwords so you can take a step towards securing your online identities.

Tip 1: Longer passwords are stronger

This may sound like very simple advice, but increasing the length of your passwords adds complexity to your passwords and makes them harder to guess. If you’re worried about forgetting them, use a password manager to store them securely.

While most digital platforms now encourage you to add passwords of at least 8 characters, at Wanstor we recommend 12 characters or more.

Tip 2: Randomness

The key to good password hygiene is ensuring that passwords are not guessable. So, the more random they are, the better. This means:

• They cannot be predictable: using predictable patterns makes them easily guessable
• They shouldn’t be reused: Reused passwords expose you to cyber attacks in the event there’s a data breach and your password becomes available in the public domain
• They should not contain data that is publicly available about you: This is a

The NCSC guidance for passwords recommends using a combination of multiple random words. Using this approach helps increase the length of the password, adds novelty and makes them memorable to the user, but hard to guess for attackers.

They can either be a random string of mixed-case letters, numbers, and symbols:

aB3$kL9@zX7!mQ2#

Or they can be a memorable phrase of unrelated words:

Play Grow Sun Red Lake Eggs

Password managers are a good way to store and retrieve these complex passwords – more on this, later in this blog post.

Tip 3: Make Them Unique

Making passwords unique is difficult, with an average person reportedly having about 100 passwords. But when you weigh this against the dangers of reusing passwords across multiple sites, it certainly is worth the effort. It is particularly important to have a completely unique and separate password for your email as your email addresses can be used to reset identity and passwords for your other accounts.

NCSC also recommend setting up multi factor authentication (MFA) wherever available along with strong passwords to ensure added layers of security to your identities.

We hope these tips help you make better (and stronger) password choices. Now for how you can start managing these.

Managing strong passwords

Use a Password Manager

A password manager is a tool designed to help you create, store, and manage your passwords securely. They can either be separate tools or built into your web browsers on your devices and offer the following benefits:

• Secure Storage: Password managers store your passwords in an encrypted format, ensuring that only you can access them with a master password or biometric authentication.
• Password Generation: They can generate strong, random passwords for you, which enhances security by avoiding easily guessable passwords.
• Autofill: Password managers can automatically fill in your login credentials on websites and apps, saving you time and reducing the risk of entering passwords on phishing sites.
• Cross-Device Syncing: Many password managers sync your passwords across multiple devices, so you can access your credentials from your phone, tablet, or computer.
• Security Alerts: Some password managers provide alerts if your passwords are weak, reused, or if a site you use has been breached, prompting you to update your passwords.

Many password managers also offer features like secure notes, two-factor authentication (2FA) integration, and the ability to share passwords securely with trusted contacts. Using a password manager simplifies the process of maintaining strong, unique passwords for all your accounts, significantly enhancing your overall online security.

And what if we said you don’t need a password at all? Have you tried Passkeys?

Passkeys are a modern, secure alternative to traditional passwords. We have a detailed blog on how passkeys work but essentially they are digital credentials that allow you to log in to websites and apps without needing a username or password. They consist of a pair of cryptographic keys: a public key and a private key that are unique to you and your device.

Benefits of Passkeys

• Unguessable and unhackable: Passkeys use a sophisticated encryption method that renders traditional hacking techniques obsolete. The separation of public and private keys ensures that even if a service provider is compromised, your authentication remains secure.
• Device-specific security: Unlike passwords, which can be used from any device, passkeys are tied to the hardware that created them. This intrinsic link adds an additional layer of security, making unauthorised access significantly more challenging.
• Phishing-resistant: Passkeys are bound to specific domains, making them immune to phishing attacks. This feature alone could dramatically reduce one of the most common and effective cyber threats.
• User-friendly experience: With passkeys, the days of password memorisation are over. Authentication becomes as simple as a fingerprint scan or facial recognition – methods already familiar to most smartphone users.

Passkeys are becoming increasingly popular with many major websites and services, such as Google, PayPal, and eBay, now supporting passkeys. They are becoming increasingly popular as a secure and user-friendly authentication method.

Conclusion

Passwords form a crucial part of securing your online identities. For organisations, maintaining good password hygiene amongst users is crucial for secure identity and access management that can support remote working.