Choosing a password for any online account (such as for a WordPress site), is a task we face regularly. While it may seem easier to choose the same password for each account, security threats, online hackers and password thieves are constantly on the lookout for ways to crack them. Therefore, it is paramount to implement strong passwords across all of our online accounts to keep hackers out and keep our information secure.

But how do we do that? This guide will explore what makes a secure password, how to assess if your password is strong enough, and extra tips on password management.

Why do I need a strong password?

A strong password protects your online account, and subsequently your online information, from online hackers. Common, easy-to-crack passwords are going to provide the least security and allow your information to be stolen. However, secure passwords, like the ones we will discuss below, will shield your information and keep your account locked down.

The most common passwords

Everyone knows that one of the most common passwords is ‘password’, yet people still use it. So a hacker will go straight to attempting 'password' before he tries ‘aaaaaaaa’.

On the internet, you can find a list of the 10,000 most common passwords, and if hackers are trying to access your account they’ll cycle through these before they do anything else. And, knowing the restrictions that many websites have in place, hackers will also try variations of these common passwords that fall within the restrictions.

According to CyberNews, the top 10 most common passwords are:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10.  1234567890

These passwords are the most common because they’re all sequenced and predictable - whether it be a sequence of numbers or letters on a keyboard.

How do online hackers crack passwords?

Imagine you pop to the shops and lock your pushbike to the rails outside, using a padlock secured with a 4-digit code. If someone wants to steal your bike then there are a finite number of possible ‘passwords’ that they can cycle through until they find the right one.

The brute force method of stealing your bike would be to get a chainsaw and cut through the railing, but the brute force method of hacking your password would be to start by trying ‘0000’, then ‘0001’, then ‘0002’ and continue all the way up to ‘9999’. At some point, the thief would find the right password and they’d ride home on your bicycle.

Except, if your password is way up in the 8000s then it’s going to take the thief an age to try that many combinations, and you’ll probably have finished your weekly shop by the time he’s even halfway through the possibilities. However, in a theoretical universe where there are 100 thieves trying to get your bike, and they can all try a password combination simultaneously, then they’ll be away with your bike before you even pick up the shopping basket.

This multi-pronged attack is more relevant to online passwords, where it’s realistic that a hacker on a computer can attempt a tonne of possible passwords in a very short amount of time.

How to choose a strong password 

Choosing a strong, secure password isn’t as hard as you may think – it’s all about outsmarting online hackers and making it easy for you to remember, but complicated enough for them to guess.

7 easy tips for creating a strong password

  1. Make your password a passphrase instead - a sentence of random words, rather than just one key word
  2. Avoid using publicly available information in your password - this includes names, ages, date of birth, phone numbers and addresses
  3. Pick random words - avoid using common words that naturally string together 
  4. Include other characters - numbers, special characters, upper and lower-case letters make your password harder to guess
  5. Pin codes need more than 4 numbers - 4 number pin codes are too easily guessable, but 5+ are more secure
  6. Use unique passwords for every online account - avoid repeating the same passwords, as if one account is hacked, the rest will follow 
  7. Change your passwords periodically - annually changing your passwords is ideal, but bi-annually or quarterly is better

Are password generators safe?

Password generators can be considered highly beneficial to creating strong, secure passwords. Password generators lack recognizable language patterns, meaning that the passwords they create truly are random and provide a robust defence against online hackers.

However, there are cybersecurity concerns when it comes to using online password generators. A lot of these sites are decrypted - meaning you do not know who is on the other side and potentially giving hackers access to your details.

If you want to use a password generator, we recommend looking at using antivirus sites, like Avast, which can generate passwords for you, securely.

How reliable are password strength checkers?

It’s becoming more and more common that when you sign up for any online account, you come across a password strength metre or checker. They come in various shapes and sizes, and are coded with varying restrictions that measure how easy it would be to crack your password. Password strength metres work by measuring entropy –  showing the amount of time it would take for a hacker to get your password by using a brute force method. However, you should take these generators and checkers with a grain of salt, as they’re more of an indicator as to how strong or weak a password may be.

Password strength checkers like 'howsecureismypassword’ password checker can show you just how quickly a computer can guess your password. For example, the password “mypassword” could be cracked by a computer in just 58 minutes, but “MyPassword123!” would take a computer 200 million years to crack...

This is why text-only passwords are usually highly disregarded, and a lot of websites won’t even let you create an account with a text-only password. Instead, you’re encouraged to increase the strength of your password with disguising factors like capitals, numbers, and symbols.

How can password management tools help?

The biggest reason people have the same, hackable passwords across all of their online accounts is because they are easy to remember. However, instead of having to remember or write down every password for every online account you have, you can rely on a password manager.

Password management tools are online, encrypted software that remembers all your passwords for you. You most likely recognise Google Password Manager, which remembers all passwords when you’re logged into your Google account or Android device.

While some password managers come with your web browser, like the Google one, others can work across your entire online system - including phones, tablets, laptops and computers. These password managers, such as Bitwarden, are often free to download onto your devices, as well as offer extensions for major web browsers. You should expect more security and features with these password managers, compared to built-in web browser ones.

Follow this advice to choose the best passwords and stay safe online! If you have any questions or online security concerns, please get in touch with our Support Team. They’re available 24/7 to help with whatever you need. Give us a call on 0333 0142 700 or message us via live chat.