Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
Tech Guides
How to create stronger passwords that are harder to crack
By Alvin Soon - 2 Jul 2018,9:35pm

Make stronger passwords

Note: This article was first published in January 2017.

With identity theft becoming too common, there are two things you need to keep yourself safer online: strong passwords that are easy to remember, and unique passwords that aren’t reused from site to site. Here’s how to do both.

 

Read this first: Use a password manager

Before you go on, here’s our best advice. If you want strong passwords without fuss, we suggest you use a password manager, like 1Password or LastPass. These apps generate unique and robust passwords for each site, like ‘j44A982}3z+n>i[8P8{T,’ and save them for you. All you need to do is enter your single master password to get all your logins.

A password manager like 1Password can help you generate strong passwords and manage them easily. Image source: 1Password.

Password managers used to be pricey to get into, but LastPass is now free, and the premium subscription costs only US$12 a year. However, while password managers score high on convenience, you’ll need a bit of technical know-how as well to implement them on all your devices.

We’d still highly recommend you go through the learning curve, as password managers provide a secure and easy (once mastered) way to manage your passwords. Even passwords that are 11 characters can be easily cracked these days, thanks to ever-faster processors. The practical way to create stronger passwords is to generate truly random and long passwords that are impossibly hard to remember, using a password manager.

But if a password manager still doesn’t sound like something you want to get into right now, read on.

 

Use passphrases to make passwords

You’ll need a way to create a password you can remember, and one way to do that is by using a passphrase.

  1. Start with a phrase of random words like; like “winter agile”. Common and sensible passphrases, like “winter is coming,” are easily cracked.

  1. Include a list of numbers you can remember, but not numbers that can be linked to you like your birthday: “winter agile347”.

  1. Some sites will now insist you also have at least one capital letter and special symbol (in our case, the space between the words is a special symbol): “winter Agile347”.

 

Use website names to make unique passwords

Now that you have a base passphrase, here’s how to make unique passwords for each site.

  1. Add the first two to four letters of the website to finish your password. For example, to log into Facebook, your combined password will be: “winter Agile347fac”.

  1. You can also use the last two to four letters: “winter Agile347ook”.

  1. And you can insert them into your passphrase anywhere you want, or even add capital letters: “winterFac Agile347”.

  1. The key is to always stick to the same strategy so you can remember your passwords. If you use the first three letters, always use the first three. If you add them at the end, always add them at the end: “winter Agile347HWM”.

 

Password cheat sheet - the ‘dos’ and ‘don’ts’

How to create strong passwords:

  1. Do create long passwords, at least twelve to sixteen characters. The longer a password, the harder it will be to crack.
  2. Do create passwords you can remember. The best password is useless if you forget it.
  3. Do create complex passwords with a mix of letters, numbers, punctuation, and symbols. In other words, use the entire keyboard.
  4. Do create separate passwords for separate vital accounts.
  5. Do make your passwords as random as possible, for example, ‘paswerd FFFac@239!’ is better than ‘passwordFacebook239!’.
  6. Do run your passwords through a tested strength tester, like Dan Wheeler’s zxcvbn test or GRC’s password haystacks (for security’s sake, you can run your password pattern through the test instead of your real password).

How not to create passwords:

  1. Don’t use passwords that use your personal information because they can be guessed. For example, your name plus your birthday.
  2. Don’t use repeating characters or characters in sequence. For example, ‘QWERTY’ or ‘12345’. Not even ‘1qaz2wsx’, which seems complex but follows a clear sequence on the keyboard
  3. Don’t use common passphrases that can be easily guessed, like “winter is coming” or “let me in”.
  4. Don’t use the same password for more than one site, because if one account is hacked, your other accounts can be stolen as well.
  5. Don’t email your passwords or store them in an unencrypted document.
Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.