How To Build an Impenetrable Password in 11 Steps (2024 Update)

Human technological innovation is awe-inspiring. We’ve explored space, developed AI technology, and created vaccines to help combat a global pandemic in record time. You’ll understand my disappointment when I discovered that the most popular password in 2024 is…wait for it…’123456’ only to have ‘123456789’, ‘Qwerty’, and ‘Password’ follow. Groundbreaking, I know. We can do better. No, we have to do better! Our cybersecurity and, quite frankly, our collective dignity is at stake. Dramatic? Yes! Incorrect? No!

We all use several passwords every day, but what do they actually do?

What Do Passwords Do?

A password is your first (and often only) line of defense against cybercriminals. It’s also how platforms ensure only you can access your data. Passwords are like club bouncers only, with less actual muscle and neck tattoos.

Our IRL lives are becoming increasingly digitized. We find ourselves needing to log-in to access more and more aspects of our day-to-day life. You’ll need a password to get food deliveries to your door, find your way on a map, and communicate on any social media platform. You’ll even need a password to find the love of your life or at least your love for the night.

The rapid rise of remote work has upped the need for strong password authentication. Employees, more and more, require access to work resources from locations other than the office. Use the best VPN for PC to prevent your passwords from being leaked on unsecured WiFi connections.

Now’s the time to take our online security seriously. It’s important to understand and recognize the butterfly effect of damage that even a single data breach can cause.

The Perils of A Passable Password

Poor passwords can pack a painful punch if they fall into the wrong hands. According to a Verizon report¹ , 89% of total data breaches were due to stolen or weak passwords. The UK’s NCSC worldwide breach analysis² found that 23.2 million breached accounts used ‘123456’ as a password. Practice some self-love, and don’t put your entire online data security at the mercy of a flimsy password like ‘password1’ or ‘batman’. You deserve better than that.

The recent Spotify, LinkedIn, Facebook, and Sina Weibo cyber hacks were all, at least in part, due to weak or recycled passwords. The Colonial Pipeline cyberattack disrupted the functioning of the largest fuel pipeline in the US! The DarkSide criminal group hacked the system through a single compromised password. Yikes!

Massive password spills are also terrifyingly common. This year alone saw two massive password leaks. The first was the COMB leak (Compilation of Data Breaches), where a large database of already stolen usernames and passwords circulated the dark web. The second, the Rockyou2021 leak, where a document containing over 8.4 billion passwords was uploaded online.

I get it, though, password fatigue is real. Having to constantly create and change your passwords,and remember them is frustrating. You might have given up and surrendered to cyber-fate to decide whether your password will protect you. Unfortunately, if you don’t change your password to a stronger and better one, cybercriminals can and will come for your data.

A Cybercrook’s Toolbox to Hack Your Password

The shorter and simpler your password, the easier it is for cybercriminals to hack.

Top 4 tools cybercriminals use to hack your password.

In response to cybercrime, online security has evolved at a lightning pace. The question is whether passwords are keeping up.

Are Passwords Still In?

The password has begun to lose some popularity. Microsoft, in a big influencer move, took a massive step towards obliterating passwords. They’ve given you the option to go passwordless, replacing it with an authenticator app, Windows Hello, a security key, or verification codes sent to your phone or email.

Others are also joining the #passwordsareoverparty trend. Apple’s new operating systems incorporate passkeys in iCloud Keychain. Google has also focused on a passwordless future. You could test-drive life without a password using biometric authentication (face, voice, fingerprint recognition), hardware and software tokens, pins, SSO (single sign-on authentication), and cryptographic keys.

Yes, a world without passwords is intriguing, but it won’t happen overnight. We’ve got a lot to figure out, and passwordless tools won’t be widely accessible for everyone on every device and platform for a long time. For now, you still need passwords for most accounts. That said, you’re going to need a good one.

How to Build a Stronger Password

Construction is key. Knowing how to build your password will help you create one that’ll stay strong no matter what cybercriminals hit it with.

Check out 11 of the biggest password DOs and DON’Ts:

blend a mix of numbers, letters (upper and lowercase), and symbols.The more complicated the password, the harder it’ll be to crack in a cyberattack. Instead of ‘password1’, try ‘p@sS_w0RD#one1’, or instead of ‘123456’, try ‘0ne_TWO_3_FOUR_5_SIX’.

use numbers or letters in a predictable sequence or a predictable key pattern.‘Qwerty’ is a predictable password for a reason. It’s the sequence of the top left letters on your keyboard. Eureka moment! Once you get over it, this password isn’t original and won’t protect you from cyberattacks. Shake it up, people! 123456 is a NO, but 634152 is a GO!

choose length over complexity.Size does matter here! You’re more likely to remember a longer yet simpler password than a shorter, more complicated one. A password with at least 12 characters will give you robust protection without risking forgetting or mixing it up.

use your personal details.Your birthday, name, family name, street address, hobbies, and pet’s name are all off the table. Cybercriminals can and will find that information online and use it to crack your password. While Charlie makes for a good canine companion, it doesn’t make for a strong password.

use two-factor or multi-factor authentication.Team your password up with other forms of authentication, like biometric, hardware tokens, security questions, and OTPs (One Time Passwords). It’s like building your own little Avengers squad, just for your online security.

re-use your password. Recycling plastic? Yes! Recycling your password? No! If cyberattackers crack your password for one platform, the rest of your accounts become sitting ducks if you’ve used the same password for everything.Use a different password for each account! Ok, now you’d say, how will I remember all these passwords when I can’t even remember what I had for lunch! Get a password manager to do the heavy lifting for you.

vet your passwords regularly.It’s always good to clear bad energy from your life, and that includes weak passwords. Put your passwords to a strength test; try PasswordMonster.com or Howsecureismypassword.net. They determine how strong your password is, and you’ll also get a -very scary- estimate on how long it’d take a cybercriminal to crack it.Prepare to freak out. I tried it; a password with characters including caps, numbers, and characters takes 26 billion years to crack, while a more clear-cut ‘987123’ takes 25 microseconds to crack.

email or text your passwords to yourself or your friends. Avoid having your password floating around out there in your easily hackable email or phone records. Instead, try the old-fashioned way of writing your password down with a pen and paper and storing it in a safe location. Who doesn’t love a good throwback to a time before everything was recorded online?

make use of password-creating methods.Feeling uninspired? Have a password writer’s block? Here’s what you can do:

1. 1. 1. The Sentence Method. Create a random sentence and apply a rule to create a password using it. Try taking the last 2 letters of every word in the sentence to create your password. Turn ‘You caught the very last train lucky fish’ into ‘ouhtherysrinkysh’.  
      2. ‘Three Random Word Method’³. Join 3 completely random words together. It could be  ‘MattressRotationBurger’ or ‘CupcakeRoadZebra’. Have fun with it!
      3. The password generator at passwordsgenerators.net.

         Create a completely randomized password for you.

   

create or use your passwords while connected to public Wi-Fi without a VPN.You should never use public Wi-Fi without a VPN, especially when you’re dealing with your passwords. It’s nothing for cybercriminals to intercept and steal your personal information, including your passwords.

try a password manager. I know changing your passwords and remembering different ones is a part-time job! Get a trusted buddy to secure and remember your passwords for you.

Cybercrime is real and we all have to deal with it as technology continues to intertwine with our lives. A strong password strength is a small and easy step towards protecting yourself and your data online.

FAQ