It's National Password Day – yes, that's a thing, for 2022 it's on 5th May – so that's got us thinking about strong passwords and how to make the best ones possible.
There are various dos and don'ts when it comes to password creation, so let us run you through the basics and various traps to avoid.
1. Password length
A password should be 12 characters or longer. That's because the number of possibilities is exponentially higher compared to shorter passwords.
Studies have shown that GPU-powered software can crack 8 character passwords almost instantly – that's how powerful graphics processing units have become – but increase that to 10 characters and it ups the range from between an hour to 5 years, depending on complexity.
Up it to 12 characters, following the suggestions below, and that increases to anything from 3 weeks up to 34,000 years. Complexity really does make a difference.
2. Use upper and lower case letters
As each key on a keyboard is assigned an ASCII code, upper and lower case variations of the same letter aren't one and the same. So 'M' and 'm' count differently in password use.
Use a variety of upper and lower case letters in your password, but not at the most obvious points (certainly to help counter human guesses) – you needn't have the beginning of a word as upper case, for example, be more random in your approach.
Sign up to the T3 newsletter for smarter living straight to your inbox
Get all the latest news, reviews, deals and buying guides on gorgeous tech, home and active products from the T3 experts
3. Use a mixture of letters, numbers and characters
With 26 letters in the alphabet and a further 26 available thanks to upper case you're off to a good start. But throw in letters and that's another base of 10. Add in special characters and the complexity is upped significantly.
If a password permits you to use special characters – and it's possible that some sites and services may not – then creatively use the likes of '@', '%', '/', and such like to aid your password strength. It'll make it much less hackable.
4. Don't use common terms or identifiers
Even today the most common password is '123456' or 'password'. It goes without saying: these are terrible passwords that are obvious to guess or for hackers to solve instantly.
In addition to the above don't use personal identifiers in your passwords. Adding your date of birth, for example, isn't good practice – especially when it comes to human guesses.
Some password creators suggest not using any identifiable words, however we would suggest that's not always true. Create something whacky yet memorable – such as Funky*Bat*L3mon-59 – and it's more like a mini-story that'll live in your brain.
5. Don't use one password for everything
It's all too easy to create one 'master password' and then use it for all your logins. But you really shouldn't: if it's breached in one place then, well, that's potential unwanted access to all your accounts, tools and services.
Best practice is to create individual passwords for each specific account that you use. Yes, this can get rather busy, but if you use memorable passwords that adhere to all the above complexity then you can resolve this with no problems.
There are also apps and services available, such as Keeper, that will maintain your passwords. This can be a good idea, as you should never write down your passwords where they can be recovered.
6. Change your passwords often
Our last tip: change your passwords regularly. This could be a small deviation from an existing password – perhaps swap a letter out for a corresponding number – or a total rethink to ensure your passwords are fresh and front of mind.
Adhere to all the above tips and you'll make a strong password in no time to maintain your privacy. Stay safe out there peeps!
Bonus: Use two-factor authentication
Okay, so this isn't part of the password creation process, but it's still good practice: use two-factor authentication where available. That could be using SMS (text message) verification, a secure app (such as Google Authenticator for Android devices), or biometrics (face recognition or fingerprint). This won't be available everywhere, but lots of services, such as Google, have baked in this authentication process to ensure your chances of being hacked are further reduced.
Mike is T3's Tech Editor. He's been writing about consumer technology for 15 years and his beat covers phones – of which he's seen hundreds of handsets over the years – laptops, gaming, TV & audio, and more. There's little consumer tech he's not had a hand at trying, and with extensive commissioning and editing experience, he knows the industry inside out. As the former Reviews Editor at Pocket-lint for 10 years where he furthered his knowledge and expertise, whilst writing about literally thousands of products, he's also provided work for publications such as Wired, The Guardian, Metro, and more.