Are your passwords safe?

See if your passwords have been stolen by activating ClearScore Protect for free now.

See your stolen passwords

How to create a strong password

With more and more of our sensitive information living online, good password habits are key. Here’s our complete guide to hack-proofing your data.

Young woman with wavy hair typing on laptop with coffee, glasses and notebook on a table
Image by Etienne Boulanger on Unsplash

Are your passwords safe?

See if your passwords have been stolen by activating ClearScore Protect for free now.

See your stolen passwords

We’ve given the world Shakespeare, The Beatles, and telly. But ask us to set a password, and we couldn’t be more unimaginative.

According to the UK’s National Cyber Security Centre, 3.6 million Brits still use ‘password’ as their password. Other popular choices include ‘11111’, ‘12345’, ‘12345678’, and ‘blink182’ (we’re not joking).

With 58% of Brits getting hacked in 2019, we clearly need to up our password game. But how do you set the strongest passwords possible? And what do you do to remember them?

Hackers get their hands on passwords using a variety of techniques. The most popular include:

Brute-force attacks

This is trial-and-error on steroids. The hacker deploys special software that keeps generating different username and password combinations until it guesses the right one

Trojans

Trojans are viruses that look like legitimate software. You’re most likely to download a trojan if you use torrenting websites or click on suspicious links.

Keyloggers

A keylogger is a program that records every key you press. The hacker receives a log of your keystrokes which they use to guess your login details

Phishing

In phishing, the hacker impersonates someone else to try and get you to reveal your password. Typically, you’ll receive an email that looks like it’s from your bank, your favourite online store, or someone else you trust. A link takes you to a login page where they can capture your details

Strong passwords make hackers’ jobs much harder, so it’s likely they’ll get discouraged and move on. Let’s say your password is ‘password’.

According to this calculator developed by the Gibson Research Corporation, it would take a brute force attack program all of 0.00217 seconds to guess it. Less than the blink of an eye.

In comparison, it would take 1.41 hundred million centuries to guess a strong password. But what makes a strong password?

A strong password:

  • Is as long as possible. This is more important than the password being complex.
  • Is random
  • Doesn’t contain your name, birth date, anniversary, or other easily-identifiable information
  • Is different from your other passwords. This protects you should hackers manage to guess it. [72% of online users] (https://www.security.org/resources/online-password-strategies/) reuse their passwords, so hackers will most likely try their luck on different accounts.

Here are three simple techniques you can use to create a strong password:

1. Use a password generator

Websites such as passwordgenerator.net and passwords-generator.org make this as easy as clicking a button. Choose length and what characters to include — lowercase letters, uppercase letters, numbers, and symbols — click generate, and that’s that. Many good password managers (more on these in a minute) also have password generators.

2. The Schneier Method

If you’d rather come up with your own passwords, this technique will help you make them as strong as possible:

  • Pick a memorable sentence. This could be a lyric, quote, or something made up
  • Shorten the words
  • Mix uppercase and lowercase letters and switch some of the letters with numbers or special characters

So, for instance, “Ed Sheeran eating Nutella at Stonehenge” could become ‘3dSh3r’ne@tstnh’g’

3. Pick three random words

This is a technique recommended by the UK’s National Cyber Security Centre. The idea is to pick three, completely unrelated words, and join them together. Then, mix uppercase letters, lowercase letters, numbers, and special characters to make your password more complex. So, for example, ‘Curry’, ‘Daffodil’, and ‘Love Island’; could become ‘cuRRyD4ff0Di|L0v3I5lan|]’.

The words should be memorable to you. That said, be careful not to use words that may be easy to guess, for example words related to something you talk a lot about on social media. The National Cyber Security Centre says you should never use your:

  • Significant other’s name
  • Children’s, family members, or pets’ names
  • Place of birth
  • Favourite holiday or sports team

The average internet user has 27 accounts. Which means 27 passwords to remember.

Luckily, you don’t have to commit them all to memory. There are password managers for that. These are apps that keep your passwords organised and store them securely.

There are two reasons to use a password manager. Firstly, they encrypt your passwords. Secondly, you only have to remember one password - meaning you can make your passwords complex and long without worrying about forgetting them.

If you're looking for award-winning protection, 1Password is regularly featured in lists of the best password managers around. They scored top marks in usability, security measures and privacy practices, according to Consumer Reports, making them a great choice if you’re not sure where to start your search. And you can save 25% off your first year with ClearScore.

Next step: save 25% on your first year of 1Password with ClearScore. Claim your offer now.

With hacking on the rise, you may feel increasingly worried about your online security. And understandably so. That's why we created ClearScore Protect: a free identity protection service for all ClearScore users.

Every three months, we’ll scan the dark web for your passwords to see if they have been stolen. And if we find anything, we’ll let you know, so you can change your password and protect yourself.


Andre is a former lawyer turned award-winning finance writer.