• Aneesh Varghese

How to Create a Strong Password - The Fundamentals

Updated: Jul 6, 2019

Here are our five tips to create a strong password to Protect Your Digital Identity from Identity Theft & Cyberattacks. 

Your Digital Identity allows your access to smartphones, social media, and other online applications.  This access occurs after going through a process called authentication.  Authentication is a means of proving who you are in the digital world.  An authentication system typically uses one of these three factors or a combination of these factors (or two-step verification) to authenticate a user:

  1. Something you know – Password, PIN (Person Identification Number)

  2. Something you have – Smart-card, token

  3. Something you are – Biometrics such as fingerprint, iris, voice, facial recognition

Currently, passwords are the most commonly used, traditional,  and inexpensive authentication method.  However, most corporate applications and social media sites such as Google and Facebook now support a combination of factors or two-step verification to improve security.  Only using your password to authenticate is no longer considered optimal security.  In comparison, the Biometrics and the Smart-card-based authentication systems are considered more secure than a password-based authentication system. The latter can be prone to attacks such as Brute force and Social engineering.  Therefore,  when only using a password based single-factor authentication system it is vital to create a secure, strong password  to keep your Digital Identity safe. 

A strong password is a password that is very difficult to guess by others but very easy for you to remember.  Use the following five tips to create a strong password:

1. Use a Passphrase

Passphrase is a notably long password with multiple words. Make sure your password is long. The longer the password, the stronger it is. Longer passwords are much harder to crack.  For instance, adding a single character to your password from an allowed character set of 50 makes your password 50 times more difficult to break via brute force attacks. Depending on the long passphrase you use, a long passphrase can be easy for you to remember. Please follow the following guidelines to create a strong passphrase: 

  • Your password must contain a mix of uppercase (A-Z) and lowercase (a-z) characters. 

  • Your password must include a minimum of two numeric characters (e.g., 0-9).  However, do not place the numbers at the beginning or at the end or your password. Instead, replace characters with 'resembling numbers' of your choice. For instance, if your password is: ILikEMusiC, you can make it more secure by converting it to 1Lik3MusiC.  In this instance, I replaced the uppercase letter 'I' with number '1', and the uppercase letter 'E' with the number '3'.

  • Consider Including special characters or symbols (!@#$%^&*_+=?/~`;:,<>|\) in your password if the system or device or application permits special characters.  Again, you can replace characters with 'resembling symbols' of your choice.  For instance, using the special character '@' instead of the lowercase letter 'a' or, with the example above, using the special character '!' instead of the lowercase character 'i'. ,  e.g., 1L!k3Mus!c

2. Avoid Dictionary Attacks

To avoid Guessing and Dictionary attacks (the latter where the attacker uses online dictionary words to crack passwords), you must NOT use any of the below as your password:

  • Never use a dictionary word in any language

  • Never use an acronym

  • Never use a number

  • Never use your personal information such as:

o Your name or your family members name 

o Your birth date

o Your mobile phone number

o Your passport number

3. Use different Passwords for Different Sites or Applications

Limit the attacker's access via your compromised password to the one compromised site or application only. Think about a strategy you can apply to generate a unique password for each application you use that make sense to you only. Because passwords can be compromised over time, it is wise to change your password on a regular basis. 

4. Use Multi-Factor or Two-Step Verification

Whenever possible, you must configure all your accounts to use multi-factor authentication.  Multi-factor authentication is a combination of factors or two-step verification for successful identification.  It is an extra layer of verification/security.  Even if someone gets hold of your password, the attacker won't be able to access your application unless he or she passes the second verification. This involves entering a second passphrase or code which the attacker will not have.  A prime example of this is entering your password plus a time-limited, one-time password (OTP) to prove your identity when you access application such as Facebook or Google. The OTP can be a password generated by the application and received via email or text message or phone call.

5. Use a Dedicated Password Management Tool

Consider using a dedicated password management tool such as LastPass if you have a problem remembering all your passwords. 

Important:- Do not the use the sample password I mentioned in this article.  Although the sample password met all the complexity criteria and is memorable, it is now published into the public domain and accessible to anyone including the attacker as a sample password. 


Aneesh Varghese is the Director & Principal Consultant at InfoSec Consulting Ltd a firm specializing in professional information security consulting services.

#InfoSec #DigitalIdentity #Protection #Privacy #CyberSecurity #identityandaccessmanagement #PasswordManagement #PasswordPolicy #SecurityAwareness #cyberwarfare


63 views0 comments