Honeygain Explains: What Makes a Strong Password – and Why You Need One
Updated: May 12
Nowadays, we are so used to creating and entering passwords that we often see it as a mere formality. However, you should never underestimate their importance: this safety step is there to protect your personal information that should never land in malicious hands. Depending on the website, a hacker equipped with your password could:
Access your emails and messages
Download your personal files (e.g., photos and videos)
Obtain your banking information and access your accounts
Use your credentials to perform illegal actions
...and do a ton of other things you don’t even want to think about!
If you’re now thinking, ‘How safe is MY password?’, congratulations – awareness is always the best first step towards a better final result! Always encouraging mindful Internet usage, the Honeygain team is here to help you stay safe online – and in this article, our security experts will share the top 10 tips for password strength they swear by.
Tip #1: Don’t use the same password for multiple websites
This might sound obvious – and yet, the majority of us would admit we are guilty of this. Various statistics say an average American currently has 70–100 online accounts on various websites that require a password. Sounds like a lot? Remember all the e-shops you might have created an account at for a specific purchase and never went back again. Forums you only visited at a certain time of your life when you were looking for advice. Chances are, you didn’t think too long when you signed up for those and simply typed in a password you were already used to typing in some other website.
The issue with reusing passwords is the fact that it multiplies the harm in cases of data breaches, as hackers often use password dumps to perform so-called dictionary attacks and check whether they can get into other accounts using the same credentials. Imagine someone hacked a bird-watching discussion board you sometimes visit. You might not feel very threatened (you’re not keeping any personal information there, after all) – but it’s a whole other story if you were using the same password for your email or social media account!
Tip #2: Change your passwords regularly yet cautiously
Some say you must change your passwords every 30 or 60 days. Changing them regularly is undoubtedly a good habit – but there’s no need to overdo it. First of all, memorising them all each month is going to be absolute torture at best and a mission impossible at worst. Secondly, changing all your passwords every month is way more time-consuming than it is actually needed.
Last but not least, the more often you change your passwords, the more tired you get of coming up with complex and elaborate ones. If you get back to the simple ways, you might actually end up compromising your password strength instead of improving it. It’s way better to change your passwords every 3–6 months – and every time you know or suspect you might have been hacked, of course! – than do it more often but absent-mindedly!
Tip #3: Mix letters with numbers and symbols – and don’t forget different cases...
We’re sure you’ve heard this before: a strong password should include lowercase letters, uppercase letters, numbers, and special characters. This is absolutely true – however, a lot of people take this a bit too literally. Changing doctorwho to DoctorWho13! won’t help your password strength much: the central part of it still consists of complete and meaningful words that are not that hard for hackers to target.
Instead, mix those characters up and shake them all around! A password like qv&TD3#7h7+$ might not be completely unhackable (to be honest, nothing probably is these days), but it’s really not likely to be broken by someone who’s not equipped with outstanding skills, knowledge, and a ton of time – which makes the risk hundreds (if not thousands!) of times lower.
Tip #4: ...but avoid common substitutions and keyboard paths
Whenever someone says letters should be mixed up with letters to make a strong password, a lot of people go the obvious route of exchanging the letters to numbers that look or are pronounced similarly. They might change their E’s to 3’s, their B’s to 8’s, and their S’s to 5’s or even $’s.
Still able to read such a password as a complete word, they find it a lot easier to remember later. Unfortunately, what seems obvious to you is also obvious to a hacker: they’re more than familiar with this practice and don’t get tricked this easily! To a malicious eye, pa55word is no different than password – and 8@8y123 is still baby123. They're also aware of people’s tendency to use memorable keyword paths to build random letter sequences – and while qwerty remains the primary example of what you should never do, asdfghjkl or zxcvbnm aren't any better!
Tip #5: Don’t attach obvious meaning to your passwords
A few years back, Google surveyed thousands of people in the US and found out that almost 60% of them have used a name or a birthday in their password. Furthermore, 22% have used their own name, 17% chose their partner’s or child’s, and a whopping 33% picked their pet’s. The problem is, this type of information can be easily found online if you’re using at least one social network – and let’s face it, the majority of us live there.
If you really need your password to have a personal meaning to be able to remember it, choose one that’s not that obvious… and don’t simply spell it out. For example, if you loved the book Do Androids Dream of Electric Sheep by Philip K. Dick when you were in college, and it has 22 chapters, don’t just pick ElectricSheep22 – instead, try using first letters to get something like %dAdoES@22PkD !
Tip #6: The longer, the better (yup, we said it)
There is a reason most modern websites won’t let you sign up with a password that consists of less than 6 or 8 characters: the longer your password is, the more time and computing power it takes to crack. Some actually swear an extremely long phrase (think 15–20 characters) makes for an even stronger password than a bunch of randomly assembled letters, numbers, and special characters – and in addition to that, they are typically easier to memorise.
However, using just any long phrase might not necessarily be effective. As usual, make sure you stay away from phrases that are easy to guess for anyone who has access to your social media account or other public information. For example, GoldenRetrieverDogBella won't offer much password strength if your Facebook cover is a picture of your dog with her name clearly visible on the collar – but BellaHad53FleasOnAChurchSunday is a whole different story!
Tip #7: Use multi-factor authentication whenever possible
Multi-factor authentication doesn’t boost your password strength – instead, it adds an extra layer of protection you need to pass after entering the correct password. You need to input an extra code that’s sent to you via email, phone, or a special authentication app. Honeygain uses two-factor authentication (2FA), too: you must confirm every payout request with a one-time verification code we send you!
While you won’t find multi-factor authentication in places like small e-shops or most discussion boards, it’s required for stuff like online banking or public services, and you can usually set it up for your email and social media accounts. If possible, choose the authentication app (such as Google Authenticator or Authy) as your sign-in option when doing this, as it’s the least vulnerable. Yes, SIM swap fraud exists, too – which means a hacker could intercept the passcode you receive as a text message!.
Tip #8: Don’t share your passwords
While it seems pretty obvious that passwords should be kept private, 43% of Americans admit they have shared theirs with someone – usually a partner or a family member. Passwords of various video streaming platforms are the most common, but they’re followed pretty closely by those that unlock access to email, social media, and e-shopping accounts. Shockingly, 11% of those who have shared their passwords with partners admit they don’t even change them after breaking up!
The more people have your password and the more devices you are connected on, the less secure your password is – even if it seems pretty complicated. Make sure you don’t share them unintentionally, too! Some people actually scribble their login credentials on post-its and keep them close to their computer or in their wallet, but neither of these places is as invisible to the prying eyes of others as you might believe.
Tip #9: Avoid the most popular passwords
We’re pretty sure you’ve seen the lists of the most common passwords online. Researchers publish them every year – and while it does seem strange that someone could actually be using a password like 123123, password, or qwerty to protect their personal information, these very examples somehow end up in the top ten every year!
One of the reasons why these kinds of passwords are still pretty popular is the fact that sometimes we just don’t want to spend a lot of time thinking about a strong password when we know we’re not going to use a certain website constantly. Suppose you need a very specific item for a specialized e-shop – what are the chances you will ever use this account again? And yet, these kinds of accounts might contain your address (for shipping), phone number (for delivery), or even banking information. Better safe than sorry!
Tip #10: Make sure your security questions really are secure
Security questions allow you to access your account if you forget or lose your password. While some websites let you choose yours from a predefined list, others allow you to come up with original ones. This might sound like a better idea as you can personalize the questions a lot more easily… And yet, most people don’t actually use this opportunity.
A security question should match two boxes: it must be something you can answer quickly and precisely, but it also can’t be something other people know or can find out in minutes. For example, What street did you live on in primary school? can be easily answered by your neighbours, classmates, and even social media contacts if you have any childhood pictures uploaded. Refrain from setting up questions that have a limited set of possible answers, too (e.g., eye colour-related ones – there’s like 1 in 4 chance someone can guess it outright!).
Try something way more random – such as What did I eat right before I broke my nose? or Which actor would I want to portray me in a biopic?. It would actually be best to go for a wacky and unexpected question-answer combo (e.g., How safe is my password? – Safe as a lollipop in a vegetable drawer!) – just make sure you can remember it when the need arises!
Due to the pandemic and national lockdowns, thousands of businesses have moved their operations online. We’re shopping for groceries at e-shops, taking online classes, videoconferencing instead of meeting at the office, signing contracts and other documents using our online credentials – which means we need to take cybersecurity more seriously than ever before. Understanding what makes a strong password and applying this knowledge to practice makes a lot of difference regarding your safety online!
Here at Honeygain, we don’t want you to have any safety-related worries when using our proxyware network – therefore, we make sure we guarantee maximum security from our side and explain to you what you can do from yours. If you’re looking for a risk-free way to make free money online, join Honeygain by clicking the button below now and collect your $5 starting gift!