Strong passwords 101: keep accounts safe easily

Anton P. | December 17, 2020

Strong passwords will never go out of fashion. Odds are you own dozens of separate accounts, serving distinct purposes and storing personal information. Resorting to a single password repeatedly for every new signup has its appeal, especially comfort-wise. However, if you go beyond the cozy exterior, the inside will reveal the actual instability of this approach. Password hygiene 101 indicates that unique and strong passwords should protect each account. Let’s review all recommendations that have stood the test of time and will continue thriving in the future.

Common mistakes when creating strong passwords

You do not need a microscope to figure out the secret formula for strong passwords. Typically, there are specific and repetitive flaws seen in their weaker counterparts.

  • Short combinations. Anything under 10 symbols is below the recommended minimum. A common addition to the signup process is the password strength meter, with the length being the determining factor. However, focusing solely on length is not enough. You can apply “333333333333333,” which meters automatically treat as strong passwords. Sadly, the combination contains a single number, making it vulnerable to brute force attacks or simple guessing games. So, the quality versus quantity rule applies here.
  • Common words or personal info. Since repetitive patterns are a no-go, you might consider gluing words together. In other cases, people use private details, such as birth dates, pet names, or favorite locations. You should frown upon both of these practices. For one, it is not difficult to extract personal information or retrieve them from popular online channels. Common words are easily guessable, and hackers might accidentally generate the correct combo.
  • No special symbols. There is no rule to stick with numbers or letters. Adding “@,” “&,” or “#” several times can make a huge difference. After creating strong passwords, you should not be able to decipher any meaning behind them. Symbols contribute to this cause, and even you will look at the final combination as if it came from an alien-like language.
  • Reused passwords. You might think you have hit the jackpot after creating strong passwords. After that, you might reapply them to other accounts, with minimal or no variation. The situation could turn dire if your combination leaks. Cybercriminals can then use the same password to enter different accounts, especially if you link them to the same email address.
  • Writing credentials on paper. Strong passwords can be difficult to remember. Instead of keeping them in notebooks, try password managers. They serve as vaults for all your combinations. The only thing to remember is the master password, opening the door to the stored credentials.

Some practices also contribute to poor password hygiene. For instance, our research shows that 24% of Americans share password with individuals outside their organizations.

You have strong passwords: should you change them regularly?

Sustaining a healthy password routine can seem like a never-ending cycle. Just as you get comfortable with one combination, a service prompts you to change it. The logic behind this periodic change was that even strong passwords could render useless if compromised.

While this forceful practice continues to persist, many agree that password expiration is nothing but a myth. In 2019, Microsoft announced its ruling to abandon password-expiration practices. Regularly returning to set new strong passwords proved to be counterproductive. It did not bring the intended value, especially when compared to other available options. Hence, there are two routes you can take:

  • Changing passwords every three months or so. Seasoned security enthusiasts might not take any chances. Even strong passwords can end up insufficient. Applying regular password rotation could minimize the risks of having your account hacked.
  • Applying new strong passwords when you suspect a breach. This approach means that you update credentials only after noticing evidence of a possible security risk. Such hints could be subtle, like seeing small changes made to your account.

2FA elevates account security

Strong passwords cannot stand alone in the battle for your security. Accidents happen, and even the most robust fighters fall. Two-factor authentication acts as a reliable backup unit, covering the sudden security gaps.

Even if hackers retrieve or crack passwords, 2FA stops them midway. Without additional proof, cybercriminals will retreat and admit defeat. To make things better, enabling 2FA is an effortless task. Many online services offer this option, and it works on a simple principle. Every time you attempt to log in, the process requires a token. It can reach you via a text message, voice call, or mobile app. The latter is the best option, as SMS messages are vulnerable to spoofing.

Strong passwords vs. passwordless future

A revolution in the classic ID-password routine seems to be in the books. Biometric data is the robust contender, facilitating a passwordless future. Experts explain that even strong passwords are a part of an antiquated mechanism, innately vulnerable to attacks. In a sense, biometric authentication treats your physical features like a complex and one-of-a-kind code. Thus, fingerprinting, iris and face scanning could be superior authentication methods.

However, they are not faultless. People hesitate to use biometric authentication due to privacy concerns and suspicions that it breaches their privacy further. Shortcomings also include that reversing the detrimental effects of a biometric data breach is close to impossible. After all, you cannot change most of your physical attributes on-demand. Hence, in the end, you might end up relying on strong passwords once again.

Final notes on password hygiene

The necessity to generate strong passwords is here to stay, at least for a while. Perfecting authentication is a priority, but all your security walls could suddenly crumble. Hackers are sly criminals, capable of breaching corporate databases and getting away with large loot. Additionally, perpetrators could compromise strong passwords by tapping phones’ Bluetooth, Wi-Fi connections, or NFC. To make matters worse, hackers could secretly retrieve passwords from unencrypted network traffic.

Atlas VPN fights off such attempts and encrypts all incoming and outgoing traffic. No need to worry about immoral villains stealing passwords. With a VPN, 2FA, and heavy-duty combinations, your accounts will be inaccessible.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.



© 2023 Atlas VPN. All rights reserved.