Keepnet Labs Logo
Keepnet Labs > blog > 7-practical-steps-to-creating-a-strong-password

7 Practical Steps to Creating a Strong Password

By following our best password practices, you can protect yourself and your business from unauthorized access. This blog will provide the most recent insights on practical steps for creating a strong password to protect your private information.

7 Practical Steps to Creating a Strong Password

Many companies globally advise employees to make strong passwords, but are these instructions followed? Do they even know how to make a strong password? It's important for everyone to understand the importance of strong passwords and how to create them to keep their accounts safe from hackers.

Cybersecurity experts at the University of North Georgia report that approximately one cyber attack occurs every 39 seconds. 80% of these cyber attacks happen because weak passwords are used. In 2024, many internet users still include their personal data in their passwords, use the same password for multiple accounts, and rarely change them. All of these factors pose a serious threat to the safety of their personal data.

That’s why in 2024, it’s so important for internet users to have a strong password that will be able to prevent unauthorized access to the accounts that contain their sensitive data like social media (have a look at our blog post about most common social media phishing scams in 2024 to protect yourself) or bank accounts.

Are there any formulas to create a strong password?

A strong password is the most efficient way to secure your personal data online. The key to creating a strong password is to make it memorable but hard to guess. There are 5 methods that can be used to create a strong password.

 5 methods to create a strong password.jpg
Picture 1: 5 methods to create a strong password.
  1. Passphrase method: This practice helps you create a long password by combining multiple unrelated words. The secret of a good passphrase password is randomness. For example, sunset-cascade-on-the-horizon or mountain-breeze-whispers-among-trees. These passwords would be extremely difficult for anyone to guess and even harder for a hacker to break.
  2. Random character method: To efficiently implement this method, you can use password manager tools. These tools create a strong and unique password by generating a random mix of upper- and lowercase letters, symbols, and numbers. A password manager not only creates complex and secure passwords for you but also stores them for all your accounts. You only need to remember the master password, which grants access to all your accounts through the tool.
  3. Acronym method: In this method, you use the first letter of each word in your memorable phrase to create a strong password. For example, you devised a memorable phrase like "Discovering the World, One Step at a Time" and then encrypted it into a strong password, "DtW1Sa@t".
  4. Substitution method: Create a memorable word and then substitute the letters with numbers and symbols. For instance, “elephant” turns into "3l3ph@nt."
  5. Memory palace method: Pick up a special location or object in a familiar place and associate each character of your password with it. For example,“adventure567!” is associated with your childhood backyard with five colorful kites flying in the breeze, six stones arranged in a circle around a flower bed, and seven sunflowers swaying in the wind.

How to Create a Strong Password

To create a strong password, it's important to follow specific guidelines. These include using a mix of characters, avoiding common words, and regularly updating your passwords. Here are the best practices for creating a unique and strong password that will keep your data safe.

Avoid using numbers or letters in a consecutive order

To make your password robust, you should not use consecutive letters because they make it too obvious for hackers to breach. Such passwords usually follow a predictable pattern that makes them easily revealed by hacking automated tools. These tools systematically guess passwords, starting with simple frameworks like repeated numbers or letters.

For example, a password like "Alex133456" follows a simple framework of repeated characters, making it vulnerable to hacking attempts.

The consecutive order of characters makes your password extremely weak because it excludes complexity and randomness, which are key elements of a strong password.

Exclude your date of birth or any part of it in your password

Using personal information like your name, surname, date of birth, or place of residence, such as password credentials, can put your sensitive personal data at risk. These characteristics can be easily discovered by social engineering or online search. As soon as hackers crack such a password, they can access your sensitive information stored with these accounts, which might result in further identity theft or financial fraud.

It is extremely important to exclude all your personal details from a password to reduce the risk of identity theft. Instead, you can consider using a random combination of characters, passphrases, acronyms, or a password manager to generate a secure password that will protect your personal data.

Employ a mix of at least eight characters, including letters, digits, and special symbols

It is highly recommended that your password be at least 8 characters long, as this increases its security. When your password is long, a hacker must check at least 5 billion combinations to guess your credentials.

It is common practice to apply the “8 4 rule” (Eight Four Rule) to create a strong password. This rule states that your password should contain at least one element of these four groups: lower-case letters, upper-case letters, numbers, and special characters. Using this rule combined with a recommended length of 8 characters adds an extra layer of security to your password, making it unique and less vulnerable to breach.

Follow the "8-4 Rule" for a strong password- use at least eight characters, mixing uppercase and lowercase letters, numbers, and symbols. .jpeg
Picture 2: Follow the "8-4 Rule" for a strong password: use at least eight characters, mixing uppercase and lowercase letters, numbers, and symbols.

To mitigate the risk of unauthorized access, you should avoid using words from the dictionary and obvious connections between username and password.

Merge various unrelated terms in your password or passphrase

Applying the passphrase method and merging various unrelated terms to create a strong password enhances the complexity and randomness of your password, which are core basics for robust security.

Passphrases make your password look like a combination of unrelated words or terms, which reduces the predictability of your credentials for attackers. This makes it more resistant to brute-force attacks when hackers use various combinations to try to get access to your account. This method meets the complexity requirements of many websites and apps as it incorporates a mix of lower-case letters, upper-case letters, numbers, and special characters.

By using these password tips, you can create a password that will be not only strong but memorable as well.

Refrain from utilizing common names or terms listed in the dictionary

Try to avoid using common names or terms listed in the dictionary, as they are highly likely to be easily revealed. An experienced attacker will take less effort and time to come up with a successful combination of widely spread definitions.

Usually, such passwords lack complexity and randomness, making them weak and unreliable. On top of that, if common words and terms are used to relate to the user's personal life, hobbies, and interests, it might ultimately cause identity theft.

The best practice to implement here is to use one of the 5 methods described above to generate a unique and strong password.

Utilize a password manager for managing your passwords

It is tricky for internet users to retain all the complex passwords. Here, a password manager can be the best solution. A password manager is a tool that stores all your passwords in one place and grants access to a master password.

This tool not only keeps it safe and organized but can also help you generate a strong password that will meet all necessary security requirements, such as the “8 4 rule” (Eight Four Rule) and a high level of randomness. A password manager will prevent you from using the most popular, predictable passwords that can be easily stolen.

With this tool, all your stored passwords can be auto-filled, making the login process easier and faster. A password manager keeps your personal information safe, eliminating the need to enter it repeatedly on different websites. Additionally, it enables you to reset your passwords to keep them updated for higher security levels.

Steer clear of recycling your passwords

Password hygiene  .jpeg
Picture 3: Password hygiene

Recycling your passwords is highly insecure. If one account is compromised, the rest are under serious threat. It becomes easier for hackers to access and steal your personal data.

To mitigate the risk, you must use unique passwords for each account you have and change them regularly. This practice is called password hygiene. It enhances your online security, reducing the likelihood of widespread data breaches.

Consider using a password manager to generate and safely keep your complex passwords to simplify the management of multiple passwords and maintain robust security.

Information You Should Not Include in Your Passwords

To protect your sensitive data online, you should not use personal information like your name, username, birthdate, or the names of your pets or children, as that can be easily discovered via social media or other resources, increasing the chances of unauthorized access.

Try not to use easily guessable words or phrases like "password" or "1234567" because they will be the first combinations that hackers will try to check.

Obvious substitutions like "P@ssw0rd" for "Password" also are not the best practice to apply. The similar-looking symbols and numbers can be quickly revealed.

Avoid integrating dictionary and commonly used words in your password as they are vulnerable to dictionary attacks.

Repeated characters like "aaaaaa" or "abcabc" are also not recommended for adding to your password, as they are easily predictable.

How to remember strong passwords

You can use chunking (when you break down passwords into smaller parts and remember each chunk individually) or associations, but there are better practices than these.

A password manager is the most efficient way to remember passwords, especially complex ones, in 2024. This tool uses encryption to securely store your passwords. It will provide high security even if the password manager’s database is compromised.

A password manager also offers cross-platform syncing, which allows you to access your passwords from multiple devices, such as smartphones, computers, and tablets.

Discover the Keepnet’s solutions against cyber attacks

Keepnet Labs can help organizations prevent cyber attacks through our innovative Security Awareness Training tool, enhancing employees' cybersecurity awareness by teaching them to recognize and prevent security threats.

As Cybersecurity Ventures predicts a 15% annual increase in global cybercrime, reaching $10.5 trillion by 2025, it's important to recognize that cyber attacks could lead to financial losses, reputation damage, data loss, and operational disruptions. Protect your business by utilizing Keepnet's Security Awareness Training.

How can security awareness training help to protect your business from cyber attacks?

  • Keepnet Labs offers extensive training modules that can be customized to your business concerns and needs. These modules will educate your employees about online cyber threats and teach them how to spot and avoid them.
  • This tool includes phishing simulation tests that give employees practical experience identifying phishing attacks. These simulations cover Email, Voice, SMS, QR Code, MFA, and Callback scenarios, preparing employees to defend against various phishing tactics.
  • Keepnet's training platform has automated security training that directs employees to specific training modules based on their actions, such as interacting incorrectly with phishing simulations or security tests. It ensures that employees receive targeted training to address their individual needs and improve cybersecurity awareness.

Security Awareness Training offers various types of cybersecurity training content, including creating and managing secure passwords, identifying different types of cyber threats, and implementing mitigation tactics against unauthorized access and data breaches.

Watch our full Security Awareness Training tool demonstration below to see how Keepnet Labs can help you create a security-conscious business culture, where all employees are aware of various cyber threats.



Schedule your 30-minute demo now!

You'll learn how to:
tickAccess over 500 courses in more than 30 languages from 12 leading providers, catering to various training preferences across organizations.
tickRun phishing simulations, including email, voice, MFA, QR Code, callback, and SMS, to educate employees and prevent phishing attacks.
tickUtilize the auto-pilot feature to streamline training delivery for an entire year, which saves time, money, and effort.

Frequently Asked Questions

What are common passwords I should avoid?

arrow down

To keep your accounts safe it’s better to avoid using easily guessable or widely known passwords such as:

  1. Using the same password as your username.
  2. Using personal information as your password, such as your name, city, birthday, or family members' names.
  3. 123456
  4. admin
  5. 123456789
  6. 12345
  7. Password
  8. 123
  9. Aa123456
  10. 1234567890

What is an example of a strong password?

arrow down

Here is an example of a strong password: "S3cUr3P@$$w0rd!"

It's a strong password because it meets several criteria for security:

  1. Length: The password contains 12 characters, which is the minimum recommended length for strong passwords.
  2. Complexity: It includes a mix of uppercase and lowercase letters ("S" and "c" are uppercase, "e" and "u" are lowercase), numbers ("3" and "0"), and special characters ("@", "!", and "$").
  3. Unpredictability: The combination of letters, numbers, and special characters makes the password difficult to guess or crack through automated methods.
  4. Memorability: While the password appears random, it can still be memorable to the user, especially if they associate it with a specific context or phrase related to security (e.g., "SecurePassword!").

How long should the password be? Which special characters can be used when creating a password?

arrow down

A strong password typically consists of at least 12 characters, although longer passwords are generally more secure. As for special characters, you can use symbols such as !, @, #, $, %, ^, &, *, (, ), -, _, +, =, [, ], {, }, |, :, ;, ", ', <, >, ,, ., ?, /, , and ~. Including a variety of special characters, along with uppercase and lowercase letters, and numbers, makes the password more secure against various types of attacks.

iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate