All of your information, whether on your computer or online, is secured by passwords. That makes it critical to choose strong passwords that make brute force password cracking efforts much more time-consuming. In general, the longer the password, the longer it takes to crack. The longer it takes to crack, the less attractive it is to a “bad guy” using software to crack the passwords from a list containing hundreds or thousands of accounts.

Follow these guidelines to create strong passwords:

Never use dictionary words

It doesn’t take password cracking software very long to test against every word and word combination in multiple dictionaries.

Use all of the allowable character types

Use at least one lowercase, uppercase, number and special character in your password. The more character sets the password cracking software has to account for, the longer it will take to crack the password. The key is that, if it takes too long to crack the password, the software will skip to the next account on the list. An 8-character password using all lowercase letters yields roughly 208 billion combinations. An 8-character password that includes lowercase, uppercase, digits and special characters yields roughly 1 quadrillion combinations. If it takes the password cracking software 1 hour to crack the first (all lowercase) password, then it will take 5,000 hours to crack the second one.

Never use numbers (digits 0-9) only

An 8-character password using only numbers will yield “only” 10 billion combinations.

Change your password(s) often

For critical accounts, like banking or email, every three months is a good interval. Other less critical accounts can be changed every 6 months to 1 year. “Bad guys” collect lists of accounts from data breaches all over the world, but they may not do anything with those lists right away, or they may sell the lists to other “bad guys”.

Use different passwords on different accounts

If you use the same password for every account, even if it is a very strong password, once it is cracked, the “bad guys” will have access to all of your accounts. Obviously, it’s very difficult to remember all of those passwords. That’s where password managers like LastPass, 1Password, PasswordBox and KeePass come in. You only have to remember one strong password for the password manager, and it takes care of the rest.

Create a passphrase

Come up with a phrase or sentence that is meaningful to you, then abbreviate it down into a single string of lowercase, uppercase, numbers and special characters, e.g. I

This article was paraphrased from Advice From a Real Hacker: How To Create Stronger Passwords