How to create a strong password

Whether it’s an email account, Dropbox or online banking, you have to use a password when logging in to online services. When it comes to choosing one, many people go the classic route and choose passwords made up of names, birth dates or places. While this makes them easier to remember, employing such methods results in a weak password that can be cracked within seconds. We’ll take a look at how to determine how strong a passwords is and what it takes to create a strong password.

How to choose a strong password

Why are strong passwords so important?

For most online services, a password is the only thing protecting your sensitive data. If you rely on easy combinations for convenience, it’ll be easy for cybercriminals to crack your password and gain access to your payment details or personal information. Even a simple dictionary attack is often enough to crack many popular passwords. In this type of attack, criminals use a program to systematically test numerous passwords that are based on character strings forming coherent words—effectively scanning through a type of dictionary.

MyDefender from IONOS

Easy cyber security

Protect all devices from ransomware, viruses, and data loss with intelligent analysis tools and automatic backups.

Fully scalable
Secure
Automated

How secure is my password?

You may be wondering how secure your password is. In the next section, we’ll look at common mistakes you should avoid if you want to make sure your password is secure. The first step though is to create a strong password. A strong password should include at least 8 randomly selected alphanumeric and special characters. A crucial master key, such as for a password vault, should have a minimum of 12 characters.

What are typical mistakes when choosing a password?

To ensure that your password does not fall victim to hackers, make sure you avoid the following password mistakes:

Making your password too easy

‘123456’, ‘abcdefg’ or ‘password’ are some of the most popular passwords worldwide and are by far the least secure. Even a simple dictionary attack can pick out these combinations in seconds. Number sequences can easily be picked out, meaning that birth dates are also not a good choice.

Making your password too short

A short password has one single advantage: it’s easy to remember. But what you save on convenience, you lose on security. A strong password should be at least eight characters long since short passwords can be deciphered in seconds by a brute-force attack (a type of attack where a large amount of character combinations are tried out). You should use numbers, symbols, and uppercase and lowercase letters in your password.

Using the same password for several accounts

Certain websites are sadly quite easy to breach. Although the data stored on them might not be particularly sensitive, using the same password for a compromised website and other accounts like online banking or Amazon allows cybercriminals to get their hands on important payment details.

There are helpful tools available to help you check how secure your password actually is. One such tool is How Secure is my Password?.

Using a password generator

Selecting a strong password is challenging, even when you sidestep the common pitfalls and opt for a long string of characters. The moment you attempt to create a password that is personally meaningful or simple to memorise, it becomes predictable—particularly to advanced hacking software. That’s why using a password generator can enhance your password security.

You can use an app like the open-source Password Generator App for Android or Password Generator.# for iOS or iPhone, which is based on 256-bit encryption mechanism. With just a few clicks, you can generate a secure password free of charge. Password generators like these can also be found as freeware for PCs. Sites such as the Random Password Generator from Avast create secure passwords in real time that you can tailor based on length and character type.

Using your own password system

To create a secure and adaptable password, generate a practically ‘uncrackable’ base/master password and then add an extension to it for every different web portal that requires a password. One possibility would be to combine the master password with the name of the service (e.g., PayPal or eBay).

Password strategy example

When using the strategy mentioned above, it would be too risky to set ‘master password+eBay’ as your password. Instead, it’s better to omit the vowels or the second or third letter of the service and replace them in certain places in the master password, for example, always the second, third and last position.

Say your master password is G5w.&$;(9b.B and you want to create a password to use on eBay. You could use the first and last letter of the company, which in eBay’s case would be e and a, and place them at the end and third to last spot of the master password. Using a number to denote the length of the company’s name is also a convenient tactic. So for eBay the password would be 4G5w.&$;(9bE.Ba and a further example would be PayPal: 6G5w.&$;(9bP.By.

When to use a master password

Even with sophisticated systems, there are still some risks. If someone works out the pattern, they could then use it to hack another account. This is why it’s advisable to only use this combination with the master password on sites that are 100% trustworthy. You should use a different password for sites that are less important and not as secure. Forums and communities, which are known to be less secure, offer the option of disposable passwords. Such passwords can only be used once.

IONOS E-Mail Validation service

Check the authenticity of an IONOS email, find out straightaway if it is a phishing attempt and report it to remove the phishing content.

Validate email
Easy to use
Remove phishing

What’s a good way to remember a password?

Remembering a password consisting of more than 12 characters is not easy. A simple trick is to set the combination as the user password on your PC then set the timer on the screen lock to two minutes. This means that you have to enter the password every time you take a break. It may be annoying at first but, after a while, the password will be etched into your memory.

What are the best tools for saving passwords?

One last golden rule of password security is to never keep your passwords unencrypted (in plain text) on your PC, such as in an Excel file. They can easily be found by other users or a Trojan virus. It’s wise to use password managers, such as Password Safe or LastPass to manage sensitive passwords.

What should I do if my password is hacked?

If you suspect or notice an account or website has been hacked, you should act quickly but remain calm. You have two options: You can either try to regain control on your own or get help from the provider. Find out more about what to do in such a situation in our article ‘What to do if your email is hacked?’ and ‘How to fix a website that has been hacked’.

SSL certificates from IONOS

Protect your domain and gain visitors' trust with an SSL-encrypted website!

Easy activation
Proven safety
24/7 assistance