One of the most important, yet most overlooked things that users can do to improve their online cybersecurity posture is to use a more secure password. The trouble with picking a solid password that is tough to crack is that it takes a considerable amount of effort and consistency on the part of the user. But staying consistent with this schedule of password configuration is sometimes more difficult than it sounds on paper.
With all of the potential password configurations that you could possibly create at any given time, it can be difficult to find one that will combat the threat of cybercriminals. That’s why we have devised an ironclad, comprehensive guide that you can follow to keep your email account safe for the foreseeable future.
Choosing Your Strong Email Password
To begin your journey towards a secure password, you first must decide on something that you can easily remember without being too easy to guess. The best way to do this is to write down a series of words that correspond to a significant event in your life. Once you have the entirety of the word string, just combine the word segments together to create a cryptic character string that will be hard for hackers to crack.
When you combine the word string, make sure it is no less than 8 characters long (best practice says to go for 10+ characters though). Having more characters in your email password means that there are more chances that the bad actor will not be able to guess it.
Looking to up the ante on your password string to make it more difficult for hackers to guess? You could combine word endings, beginnings, and other parts similar to form new words out of existing words. Just be cautious if you do this because you could forget your own password if the string is too tough to remember because it doesn’t resonate with you.
Other Key Password Considerations
The key to securing your password should always be to have a process that can be flexible, yet robust to follow. That way, when it comes time to update your password, you can easily do it without sacrificing too much of your time and effort to do so. Whichever process you end up using, just make sure that it isn’t too mechanical.
For instance, if you use the same first character for every password, sooner or later, someone will catch on to the pattern. That’s why you should always switch up the makeup of your password by doing the following:
- Introduce two or more numbers, dots, ampersands, or other special characters.
- Include a character or two derived from the email system for which the password is used.
- Capitalize two or more characters where it makes sense.
Whichever password combination you end up choosing, make sure that your end result word conveys your sentence’s core message. Using mixed-case passwords usually does the trick to mask the word from hackers unless, of course, your email service requires an all-lower-case password. If the latter is the case, you may need to use another approach.
Another approach to supplement these efforts would be to use punctuation that makes sense in the character string. For example, you can use an “!” in place of an “I” or a “4” in place of a “for.” Of course, just like capitalizations, some email services do not allow extra characters so be sure you have an all-character password ready and well-established if this is the case.
Making sure that you can easily reproduce the characters that you come up with is incredibly important. If you’re unable to do so, your email password won’t be unique and you may run the risk of getting breached.
Weak Passwords vs Strong Passwords
Weak Passwords – Consists of lowercase characters. Example – password. These are the short passwords that might be your name, DOB, a combination of name and your year of birth, etc.
Most people also pick passwords from a dictionary, choose pet names, or use their favorite travel destinations. Choosing a weak password in this manner allows hackers to guess and crack the password very easily. The good part here is the email providers won’t accept the weak passwords anymore.
Medium Passwords – Medium passwords are usually a mix of characters and numbers. Example – Passw0rd. They are lengthier than weak passwords (1 – 7 characters).
However medium passwords aren’t hack-proof. There are few applications that accept medium passwords but have a habit of changing passwords at least every 2 months or so. Adding a mix of special characters and numbers to medium passwords will make them more secure.
Strong Passwords – It’s a mix of upper and lower case letters, numbers, symbols, and even non-keyboard characters. Example – Pa$$w0rd@2020!.
Strong passwords are unique passwords and more than eight characters in length. This makes it difficult for hackers who typically use a tool to crack the passwords.
What Can Compromise Your Password?
A recent study of Fortune 500 company employees, found that out of 21 million employee emails, over 16 million were compromised in the last 12 months. More importantly, 95% of all credentials were either plain-simple passwords or even lacking any encryption. Now, how could so many emails be compromised in such a short period of time?
The answer is simple to explain, yet difficult to stomach: hackers. Hackers employ a myriad of techniques that many are privy to, yet still do not have the expertise to spot or the technology to remediate. Outside of spyware and phishing attacks though, there are numerous techniques that hackers use to crack your passwords.
One strategy they use to gain access is to guess your password outright. These hackers find out their target’s password by tracking their social media presence and using any piece of information they have shared to get their password. It is for this reason that any personal information that may relate to your passwords should not be shared over social media.
Hackers also use password crackers which is a pseudo-brute force attack where the password cracker attempts multiple variations of the target’s password combination continuously until it breaks the password and gains access to the account. You may have thought that only spies have this type of technology, but in the modern age, even the low-level hackers can get a password cracker for a few hundred dollars from the dark web.
This is why having a more complex and extended passwords will make it less likely that a hacker will be able to gain access via a brute force attack such as mentioned above. This is because hackers may feel that the juice is not worth the squeeze if your password is too tough for their password cracker to break in a few minutes.
When an attacker has a high degree of confidence that the target’s password consists of certain words, phrases, or number and letter combinations, it can be much quicker to compile a dictionary of possible combinations and use that instead of using a brute force attack. The hacker will usually compile a shorter list of what they think are likely to be successful and then have their program cycle through those words until they hit the correct one. This is why it’s incredibly important to make sure that your password does not feature an easily guessable keyword or phrase.
Keeping Your Strong Password Secure
Once you’ve selected the email account password that you’d like to use that is the perfect amount of obscure to stave off any hacker, it’s time to go to work on securing it. Doing so requires that you follow these best practices:
- DO NOT write down your passwords. Especially if you are in a workplace environment, writing down your passwords is not a good idea. If you occupy a high ranking in the organization and a disgruntled employee were to find your password, they may use that to wreak havoc on the organization.
- DO NOT share your passwords. This is something that has “not a good idea” written all over it. If you are in a position where you have to share your password with someone else, make sure to change it after they are done.
- DO NOT reuse your passwords. If your email password is breached and is also tied to your password on other websites and accounts, it may be a good idea to change that password to a unique one to ensure that hackers do not use it to steal your personal information.
Managing Your Email Account Passwords With a Password Manager
Of course then, if you can’t reuse your passwords or write them down, then how are you going to remember them? That’s easy: just use a Password Manager to store your passwords securely.
By using a Password Manager for your business, you can keep your company’s information safe without having to sacrifice too much time and effort to remember every unique password. Every time you log in to your email account, a Password Manager will help you remember even your most complex passwords. Some Password Managers also give you’re the ability to create strong password combinations without the fear of forgetting.
However, if you decide to have your Password Manager software create and store your strong passwords, you will also need to create and remember your unique master password to access your account. Whichever master password you choose, it would be best to write it down and store it safely in some type of physical location (a personal safe would be ideal if you have one).
If you ever want to change your master password later, you’ll need the original password to do that. If you happen to lose your master password, you won’t be able to view your saved passwords so make sure to keep it safe and secure.
Whichever Password Manager solution you choose, just make sure that they have a paid version. If the solution only offers a free version, then it may be a scam that is focused on stealing your information.
What About Browser-Based Password Managers?
When you get into whether browser-based Password Managers are better than software-based solutions, you start getting into tricky territory. This is because most PC browsers are capable of storing your passwords on your command. If you use the same account and platform for your PC and mobile device, this would give you the option to sync your saved browser passwords simultaneously.
Unfortunately, these browser-based Password Managers (and browser extensions) are not immune from spyware programs that attack browsers to retrieve your data. Of course, your browser’s built-in password manager can’t compete with your dedicated password manager since it most likely stores your passwords on your computer in an unencrypted form. A dedicated password manager will store your passwords in an encrypted form, help you generate secure random passwords, offer a more powerful interface, and allow you to easily access your passwords across all the different computers, smartphones, and tablets you use.
Securing Your Email With a Unique Password
Creating strong passwords may seem like a daunting task, especially when the recommendation is to have a unique password for each site you visit. Many users sometimes stick with the recommended password that their browser, or computer picks for them, but then stow it away in their password manager. This only adds to the confusion and makes it that much easier for hackers to spot gaps in your email account to exploit.
The key with creating a secure password is to create one that isn’t too easy to guess or to ascertain with a brute-force or dictionary attack, but not too difficult to remember. That is why it is important to really put in time to construct a password that is long, has a mix of letters (upper and lower case), numbers, and symbols, with no ties to your personal information, and no dictionary words. Doing so will allow you to rest easy knowing that your email account is at the least risk of getting compromised in the future.