Black Friday: Biggest Sale of the Year. Save up to 50% off LastPass

learning

Tips for Creating a Strong Password

A strong password is a unique, random password stored in a safe place. However, it isn’t easy to memorize completely random passwords. Password managers like LastPass – with their built-in customizable password generator and encrypted vaults – solve all these problems for you.

A unique password is your first line of defense against hackers. It would take a hacker approximately 34,000 years to hack a unique 12-character password – and without that credential, the likelihood of a hacker breaching your account is near zero.

Creating a strong password is easy with the following tips:

  • Make sure your passwords are at least 12 characters long and contain letters, numbers, and special characters.
  • When you create a password on your own, use random characters, but don't follow easy-to-recognize patterns – e.g. “qwert” or “12345.”
  • Avoid using similar passwords that change only a single word or character.
  • Don’t use any personally identifiable information in your passwords – e.g. date of birth, year of marriage, name of the street you live on, name of your pet.
  • When in doubt, use the LastPass password generator to create random, unique, strong passwords.

Why strong passwords matter

The average person has over 100 online accounts, each of which requires an email address or username and a password to create and access. It’s impossible to remember 100+ passwords on your own. Some people rely on password notebooks and sticky notes to remember their most important passwords; other people fall back on password reuse, using an easy-to-remember password for many of their online accounts. However, while convenient, the reuse of weak passwords poses a very serious risk.

85% of data breaches involve a human element. These breaches are caused by things like:

  • Human error – like losing the post-it note your password was written on
  • Stolen credentials – a hacker stealing a password you reuse for multiple accounts
  • Phishing – a hacker gaining access to your account through an email scam

In most of these instances, a primary cause of the data breach is the reuse of weak passwords.

There’s a disturbing fact, though: 92% of people know they shouldn’t reuse passwords, but 65% still do it anyway.


8 Common Password Mistakes

1. Using easily identifiable personal information

While it’s easy to use personal information for your password (it makes it simple to memorize your passwords), it makes it easier for hackers to brute-force hack your accounts. Why?

With Google, Whitepages, and social media, it’s easier than ever to find your personal information online, including:

  • The names of your spouse, children, parents, or pets.
  • Your favorite band, sports team, or vacation spot.
  • Important dates like your birthday, anniversaries, or your child’s birthday.
  • Your home address – house number, street name, town, zip code, or state.

Avoid using identifying information, as it could be tacked down by a malicious actor to compromise your personal information.

2. Using easy-to-remember phrases like “1234” or “aabbcc”

The most popular passwords use simple to remember patterns. It’s important to create random passwords to avoid falling prey to such patterns – this includes numbers, letters, symbols, and capitalization. For example, rather than a “abc123”, make a random password like “A2km?84B!eHcD3$”.

3. Using default passwords

Most new devices – internet routers, smart home devices – come with a default password, often as simple as “password”. They’ll also include a warning which tells you to change the default password to something stronger once logged in.

However, many people still keep that default password. This is a significant security risk as a hacker who knows what devices you’re using in your home could easily hack them and gain access to more of your personal information and digital accounts.

4. Reusing passwords for multiple accounts

Never reuse a password. While convenient, the risk isn’t worth it. If one of your accounts gets breached, others are sure to follow: first it’s your Facebook account, then your Gmail, and finally your bank account. Protect every account you create by always generating a unique, random password.

5. Storing passwords in unencrypted, plain-text format

Storing your passwords in Microsoft Excel or Windows Notepad may feel convenient, but it’s a significant security risk. Your passwords are easily accessible when stored in their unencrypted, plain-text format – the most novice hacker could compromise your entire digital life in seconds.

You need to store your passwords in an encrypted password manager, which safeguards your passwords and most sensitive information so only you can access them.

6. Sharing passwords with friends and colleagues via messengers and emails

If you’re not using a password manager, you may think the easiest way to share your passwords with friends and colleagues is through email, by text message, or through Slack. Doing so compromises your passwords, though. You or whoever you’re sharing your password with may have unknown malware. And even if it’s safe to do so at the time being, that password could be stolen in a future data breach.

Instead, only share your passwords through a safe method, such as through an encrypted password manager.

7. Using different number combinations, while keeping certain part of your passwords the same

While “19musicman56” and “35musicman73” are different, they’re far too similar. If the first passwords were ever compromised, it wouldn’t take a hacker long to guess the second.

A strong password is one that resembles nothing like another password you’ve created or generated in the past. Use a password generator to avoid creating passwords that are essentially the same as one another. The LastPass password generator will create a truly random password every time.

8. Not screening the strength of your passwords over time

If you haven’t updated an account password in years, it could be weaker than you remember. And even if your generated password is strong, there’s a chance it could be compromised in the future.

Data breaches – where users’ personal information and passwords are stolen – happen to businesses, from social media companies to eCommerce shops. If you’re unaware your password was leaked in the past, it’s continually putting the rest of your accounts at risk. A password manager like LastPass informs you of your password security around the clock, with an up-to-date security dashboard – which monitors password strength across your accounts – and dark web monitoring, which constantly scans the dark web for compromised credentials. Once notified of a weak password or potential, you can immediately take action to update your passwords and protect your personal information.


Protect your passwords with a password manager

illustration8colarticlepassgen21svg

Generating and remembering strong passwords is easier with a password manager. LastPass saves and autofills your passwords for you, storing them in an encrypted vault whenever they’re not in use and automatically filling them in when you need them.

Creating strong passwords is easier than ever, too, with LastPass’ integrated and online password generator. The LastPass password generator will generate a unique password for each account you create so you can leave password reuse behind.

Additional security features of LastPass include:

  • Proactive protection against poor password hygiene and data breaches through the security dashboard, which will notify you of reused, weak, and compromised passwords.
  • Secure sharing with other LastPass Premium and Families users to avoid risky behavior, such as sharing passwords by text message or email.
  • Encrypted storage of an unlimited number of passwords and up to 1GB of files to protect your most sensitive information against hackers.

Learn more about the LastPass password generator

Create, manage, and store strong passwords with LastPass

Try LastPass Premium free for 30 days. No credit card required.