What Makes a Password Strong?

A strong password is one that's difficult for both humans and computers to guess. Here are the key characteristics:

• Length: At least 12 characters long (16+ is even better)
• Complexity: Includes a mix of uppercase letters, lowercase letters, numbers, and special characters
• Uniqueness: Different from passwords you use for other accounts
• Unpredictability: Avoids common words, phrases, or easily guessable personal information
• Memorability: Despite being complex, it should be something you can remember

Password Strength Examples

Effective Methods for Creating Strong Passwords

Creating strong passwords doesn't have to mean creating unmemorable random strings. Here are some methods that balance security with practicality:

The Passphrase Method

Passphrases are longer passwords made up of multiple words. They're easier to remember than random strings but can be highly secure when done right.

1. Choose 4-6 random words (e.g., "correct horse battery staple")
2. Add capitalisation, numbers, and special characters (e.g., "Correct5Horse&Battery9Staple!")
3. Avoid common phrases, quotes, or song lyrics that could be easily guessed

The Sentence Method

Turn a memorable sentence into a password:

1. Think of a sentence meaningful to you (e.g., "I first met my spouse at London Bridge in 2015!")
2. Use the first letter of each word, maintaining capitalisation and punctuation (e.g., "IfmmsaLBi2015!")
3. For extra security, substitute numbers and symbols for some letters (e.g., "1fm$@LB12O15!")

The Base Password Method

Create a system with a strong base password that you modify for different services:

1. Create a strong base password using the methods above
2. Add a unique element for each service (e.g., for Amazon: base_password + AMZ)
3. Vary the position of the service-specific element and how you represent it

Using Password Managers

Password managers are specialised applications that store and manage your passwords securely. They are the most effective solution for password security challenges.

Benefits of Password Managers

• Generate extremely strong, unique passwords for every account
• Store passwords securely in an encrypted vault
• Auto-fill login forms, eliminating the need to type or remember passwords
• Sync passwords across multiple devices (desktop, mobile, tablet)
• Alert you to potential password breaches affecting your accounts

Popular Password Managers

There are many reputable password managers available, both free and paid:

• Bitwarden: Open-source and offers a robust free plan
• LastPass: User-friendly with both free and premium options
• 1Password: Strong security features with a focus on user experience
• KeePassXC: Open-source and runs locally without cloud sync (good for privacy-focused users)
• Browser-built password managers: Built into Chrome, Firefox, Safari, etc. (convenient but generally less feature-rich)

Setting Up a Password Manager

1. Choose a reputable password manager service
2. Create an account and set a strong master password (this will be the only password you need to remember)
3. Install the applications and browser extensions
4. Begin adding your existing accounts or import from your browser's saved passwords
5. Use the password generator to create new strong passwords when changing existing ones or creating new accounts

Multi-Factor Authentication (MFA)

Even the strongest password can be compromised. Multi-factor authentication adds an essential additional layer of security.

What is MFA?

Multi-factor authentication requires you to provide two or more verification factors to gain access to an account:

• Something you know: Your password
• Something you have: Your phone (for SMS codes or authenticator apps), security key, etc.
• Something you are: Biometrics like fingerprints or facial recognition

Types of MFA

• Authenticator Apps: Google Authenticator, Microsoft Authenticator, Authy (more secure than SMS)
• SMS Codes: One-time codes sent to your mobile phone (better than no MFA, but vulnerable to SIM swapping)
• Security Keys: Physical devices like YubiKey that you connect to your device (very secure)
• Biometrics: Fingerprints, facial recognition, etc. (convenience depends on your devices)

Password Security Best Practices

Beyond creating strong passwords, follow these best practices to maintain your security:

Do's

• Use a different password for each account, especially for critical accounts like email and banking
• Change passwords immediately if there's any indication of a breach
• Check if your accounts have been involved in data breaches using services like Have I Been Pwned
• Log out of accounts when using shared or public computers
• Regularly review and remove unused accounts

Don'ts

• Share passwords with others (use dedicated sharing features in password managers instead)
• Store passwords in plain text files or unsecured notes
• Use personal information in your passwords (birthdates, names, etc.)
• Enter passwords on websites without checking they're secure (look for HTTPS and the padlock icon)
• Use public Wi-Fi to access sensitive accounts without a VPN

Special Considerations for Work Accounts

Work accounts often have specific security policies and additional risks:

• Follow your organisation's password policies, even if they seem inconvenient
• Be extra cautious with accounts that provide access to sensitive company data
• Report suspected security incidents immediately
• Use company-approved password managers if available