HOW TO CREATE A PASSWORD?

A password is a group of characters used to confirm a person’s identity during login. Usually, it is used with a username or email address. Passwords help users of websites, apps, and devices get access to certain features or their personal devices—and therefore to their private data.

What Is This About?

• Why Do We Need Passwords?
• Common Mistakes When Creating a Password
• Main Ways Hackers Break Passwords and How to Prevent It
• How to Create a Strong Password?
• Why Use a Password Manager?
• How to Check If a Password Is Strong
• Conclusion

Why Do We Need Passwords?

At first, it might seem like password security is only a modern digital issue. But today, we deal with the need to protect personal info, work files, and important documents all the time. Even rewards points and shipping addresses in online stores must be protected. Almost every website’s privacy policy says this.

But passwords are not a new thing. In the past, guards used code words to control who could enter certain areas. Knowing the secret word was like a ticket that allowed a person or group to pass.

When computers were invented, digital passwords started being used. The first computer system that required a password was the Compatible Time-Sharing System (CTSS), created at the Massachusetts Institute of Technology in 1961.

Now, usernames and passwords are needed to log into almost every system—from mobile banking, smartphones, tablets, and computers to ATMs, payment terminals, apps, social networks, software, online tools, and websites. The average person uses passwords to check email, access work tools, pay bills, and more.

Usually, the bigger the company, the stricter the rules for user data security. Sometimes the rules are so strict that the user cannot recover their access without help.

Common Mistakes When Creating a Password

In 2013, Google published a list of the most common passwords used by search engine users. These passwords are risky because they are very easy to guess.

• A child’s name or another family member’s name.
• A pet’s name.
• An important date.
• A place of birth.
• The name of a favorite holiday.
• A word related to a favorite sports team.
• And one of the most surprising, but still very popular choices—“password”

Other weak and very common passwords include “qwerty”, “qwertyui”, and “123456”. Around 23 million people are still using “123456” for their accounts.

To guess a password like a birthdate, a child’s name, or a pet’s name, hackers often look at someone’s social media profiles to gather personal information.

Writing down passwords on paper is not the safest method, but it’s better than saving them in a file on your computer, in phone notes, or-even worse-sending them through messaging apps or email.

“Sometimes passwords are shared through email, but this is usually not safe. Most emails are sent as plain text, which means that a message containing a password can be read easily while it is being sent by any device that intercepts the data. Also, the message is saved in plain text on at least two computers—the sender’s and the receiver’s. If it travels through other systems, it may be stored there too, at least for some time, and it can be copied to backups, caches, or history files on any of those systems.”—“Password”, Wikipedia

According to research, most passwords are between 6 and 10 characters long. Many of them are made up only of lowercase letters or only of numbers.

Common Ways Passwords Get Hacked and How to Prevent It

Developers of computer systems try to protect user data. One common method is hiding passwords when you type them. This helps stop others from seeing your password, but it also increases the chance of mistakes if you’re stressed or distracted. Many people choose weak passwords because they are afraid of forgetting or typing complex ones wrong. In this case, a “show password” feature is helpful.

Some systems use a timeout after several failed password attempts. Another way to protect from professional hackers is to limit the total number of guesses. For example, after five wrong attempts, the system might ask you to change your password and notify you by text or email.

Many services today use two-factor authentication. To log in, the password owner has to enter a code sent to their phone by SMS.

Of course, the best way to protect anything digital is to use different passwords for every website, service, or device. If one password gets hacked, only a small part of your information is at risk. So, if a hacker gets into your profile on an education platform, they can’t automatically access your credit cards.

How to Create a Password

In their article “The Memorability and Security of Passwords”, Jeff Yan and his colleagues studied tips that help people choose better passwords. They found it’s effective to build passwords using the first letters or parts of phrases.

“Users should be taught to create mnemonic passwords. These are as easy to remember as simple ones but just as hard to guess as random ones. That makes them better than both.”—“The memorability and security of passwords—some empirical results”, Jeff Yan et al.

The easier a password is for you to remember, the easier it may be for someone else to guess. On the other hand, passwords that are very hard to remember can lower security because users might need to write them down or store them somewhere. They may also reuse the same complex password for multiple accounts. So, very strict password rules are not always helpful. One of the most important things experts recommend is password length. It should be at least 8 characters—this rule should not be ignored.

You can create a password using the first letters of a quote or poem and numbers not related to dates or personal info. One good method is to build a “secret key” using four parts:

1. A word with at least 5 letters that can be typed using the Latin alphabet—for example, the Portuguese word “saudade”, which means a feeling similar to nostalgia.
2. A mix of digits—different numbers in a random order.
3. The first 3–4 letters of the website or service name.
4. Any special character like “#” or “?”.

You can arrange the parts in any order, even putting a number or symbol in the middle of the word.

For example:

saudade + 42 + goo (from Google) + ? = sa?udade42goo

This kind of password is easy for the user to understand but hard for others to guess. It’s also unique because it includes part of the website’s name.

“According to a study by Carnegie Mellon, the most important factor in password strength is length. Numbers, capital letters, and special characters help, but a short password with all these tricks is still easier to break than a long password made of real words”. “The Easy Way to Make Strong Passwords”,—Suzanne Kantra

On average, a modern internet user has around 100 passwords. Of course, they don’t use them all at once—many are for one-time use, like demo versions of services.

Still, it’s better to have 100 written-down passwords than to use the same one for every site and app. A data breach in one account can lead to losing access to others—or even worse, letting criminals into banking systems or taking loans in your name.

One of the easiest and safest solutions is to use password managers. You only need to remember one master password. The password manager—your digital safe—will take care of the rest.

Why Use a Password Manager?

A password manager is a tool that keeps all your passwords safe in cloud storage. You don’t need to remember them or write them down.

To set one up, you install a mobile app, download a program on your computer, or add a browser extension. After that, you only need one master password to access the manager. How to create that password will be covered in the next part of the article.

Benefits of a password manager:

• Access from anywhere—You can log in from different devices and operating systems thanks to data sync.
• Saves time—Auto-fills forms on websites, surveys, and more.
• Checks password strength—For example, Google’s password manager shows all your saved passwords under “Autofill.”
• Warns you about phishing sites—Dangerous links often come in spam emails, and it’s easier to spot them with a password manager.
• Password checkups—If you created your passwords earlier and synced them with Google’s manager, the system will flag weak, reused, or compromised passwords.

How to check if your password is strong?

There are different tools you can use to check the strength of a password. One of them is Security.org.

Let’s try to test the password “qwerty” using this tool. It shows that this password can be cracked instantly.

We get a similar result when checking another very simple password—the username “ksenia”. A computer can guess it in just 7 milliseconds, which is almost the same as the first result.

After adding numbers, we got the password “ksenia2420”, which, according to Security.org, a computer can crack in one day.

Experts say you should not use rare words as access codes. For example, the word “saudade” can be guessed by a computer in 200 milliseconds.

Now let’s test the password “sa?udade42goo”, which was made using the formula described earlier in the article. It would take a computer about 33,000 years to crack this one.

Conclusion

A password is a special access code—a secret group of characters that proves who you are when logging into a system. This can be a mobile app, online banking, a social media account, or a shopping account. Today, an internet user may have around 100 passwords, and remembering all of them is almost impossible.

Making one password and using it for many websites and services is a bad idea. If someone hacks one account, they can hack the others too. That’s why it’s smart to follow the rule: “One account—one password.”

To avoid making up passwords yourself or writing them down in a notebook or, worse, on your phone, use a password manager. You will only need to create and remember one “master password” using your own formula.

FAQs