How to create passwords that hackers hate

by | Apr 9, 2024 | News, Security

A guide to making your online accounts more secure and less boring

Have you ever used your birthday, your pet’s name, or the word “password” as your password?

If so, you’re not alone. According to a study by NordPass, these are some of the most common and worst passwords of 2020. Hackers love these passwords because they are easy to guess and crack. They can use automated tools to try millions of combinations in minutes and access your personal information, bank accounts, or social media profiles.

Don’t worry, creating strong passwords doesn’t have to be hard or boring.

In fact, it can be fun and creative. In this blog post, we’ll show you some examples of good and bad passwords and pins, and explain what a passkey is to make your online security even stronger.

Examples of good and bad passwords and pins

A good password is one that is long, complex, and unique.

It should have at least 12 characters, a mix of uppercase and lowercase letters, numbers, and symbols. It should also be different for every account you have. A bad password is one that is short, simple, and common. It should not have any personal or predictable information, such as your name, date of birth, or favourite sports team. It should also not be reused for multiple accounts.

Here are some examples of good and bad passwords:

  • Good: 4Tg%9qR@2xZ! (random and complex)
  • Bad: 123456 (too short and simple)
  • Good: W!nterIsC0m!ng (uses a phrase with substitutions)
  • Bad: iloveyou (too common and easy to guess)
  • Good: 8kQm*3pL&1tR (uses a pattern on the keyboard)
  • Bad: qwerty (also uses a pattern on the keyboard, but a very obvious one)

A good pin is one that is random and not based on any personal or public information.

It should have at least 6 digits, preferably more.

A bad pin is one that is based on your birthday, phone number, address, or any other easily accessible information. It should not have any repeating or sequential digits.

Here are some examples of good and bad pins:

  • Good: 927438 (random)
  • Bad: 1111 (too simple and common)
  • Good: 635914 (not based on any personal or public information)
  • Bad: 1986 (based on your birth year)
  • Good: 273945 (not sequential or repeating)
  • Bad: 123456 (sequential and easy to guess)

What is a passkey?

A passkey is a new type of password that is being developed by Microsoft. It is a 64-character code that is generated by an app on your phone or computer. You don’t have to remember it or type it in. You just have to approve it with a single tap or click. It is designed to be more secure and convenient than traditional passwords.

Here is an example of a passkey:
M4T7-G3H2-P9K8-C4E3-87T2-29H7-95K4-36E2

To use a passkey, you need to have a Microsoft account and download the Microsoft Authenticator app on your phone or computer. You also need to enable the passkey feature in your account settings. Then, whenever you sign in to a Microsoft service, such as Outlook, OneDrive, or Xbox, you will see a notification on your app asking you to approve the passkey. You just have to tap or click “Yes” and you’re in. No need to enter a password or a code.

Passkeys are still in the testing phase and not widely available yet. But they could be the future of passwords and make your online security much easier and safer.

The benefits of a password manager and MFA

Even if you create strong passwords and pins, you still need to protect them from hackers and phishing attacks. That’s where a password manager and MFA come in handy. A password manager is a software that stores and encrypts your passwords and pins in a secure vault. You only need to remember one master password to access them. A password manager can also generate and autofill strong passwords and pins for you, so you don’t have to worry about creating or typing them. Kinetics offers a Password Manager as part of our KARE Foundation Security Plus plan

MFA is a security feature that adds an extra layer of verification to your online accounts. It requires you to provide something you know (such as a password or pin), something you have (such as a phone or a token), or something you are (such as a fingerprint or a face scan) to sign in.

This way, even if a hacker gets your password or pin, they can’t access your account without the other factor. Some of the most common forms of MFA are SMS codes, email codes, authenticator apps, and biometric scanners.

You should have MFA on EVERYTHING. It should be on every log-in credential that you use.

By itself, MFA is not enough, and additional layers of security are important, which is where a well balanced cyber plan like KARE Foundation works.

But without MFA, you WILL get hacked.  It is a certainty.

By using a password manager and MFA, you can make your online security much stronger and less vulnerable to hacking and phishing. You can also save time and hassle by not having to remember or type your passwords and pins.

Creating strong passwords and pins is not only important for your online security, but also for your online fun. You can use your creativity and humour to make passwords and pins that are hard to crack and easy to remember. You can also use new technologies, such as passkeys, password managers, and MFA, to make your online security more convenient and reliable. By following these tips, you can make your online accounts more secure and less boring.