How secure is your password
How secure is your password
How Secure is my Password?
Strong Password Generator
Password Strength Tester
A simple guide to ensuring your passwords are strong, secure, and easy to manage
Our daily lives take place increasingly online. That brings a need to create and maintain dozens, if not hundreds of online accounts, each requiring a new set of usernames and passwords.
At the same time, we hear about data breaches routinely, and unfortunately, they show few signs of slowing down.
So how do you answer the question: How secure is my password?
Guidance for Password Security
The National Institute of Standards and Technology (NIST), founded in 1901, is now part of the U.S. Department of Commerce. NIST provides a range of recommendations and frameworks across industries, but in particular, they have excellent resources for cybersecurity.
In recent years, NIST released this Digital Identity Guidelines publication which details online security and identity authentication best practices. In Appendix A, there is a section called “Strength of Memorized Secrets” which outlines three simple yet effective password security techniques. We’ll walk through these recommendations and incorporate key steps to ensure your passwords, PINs, or passphrases are always secure.
The Three Pillars of a Secure Password from NIST
To address evolving security threats online, service providers are introducing new login requirements in an effort to increase password complexity and make them more difficult for hackers to crack.
While there are different methods for introducing password requirements, the most common form is known as composition rules, which require users to include character types or symbols in their password. However, according to NIST, “Analyses of breached password databases reveal that the benefit of such rules is not nearly as significant as initially thought, although the impact on usability and memorability is severe.”
Since composition rules alone lack the effectiveness needed to guarantee your password is secure, NIST instead recommends these three pillars for password security: length, complexity, and randomness.
1. Your Passwords Should Be Long
Here’s the simple equation: longer passwords are more secure. NITS describes password length as the most critical element to strengthening your passwords and protecting your private data.
Short passwords are far more susceptible to a brute force attack, where a computer or malicious software program goes through every 8-digit combination (or more) of characters until it finds a match. Hacker programs often attempt the most commonly used passwords as well, such as 123456 or Password. Bottom line––the shorter and more common your password is the faster and easier it will be for hackers to guess it.
According to NIST, “Users should be encouraged to make their passwords as lengthy as they want, within reason.” At just 14 characters, random strings are extremely secure. Take this one for example:
A truly random password at this length would likely take a computer or hacker program centuries to guess. Sounds pretty good, right?
On the other hand, increasing the length also makes passwords more difficult to maintain and harder to remember. Fortunately, there are secure ways to store and manage your passwords so you don’t have to rely on memory or unsafe methods (we’ll cover this later in the article).
A newer method to lengthen your password and make it easier to remember is the use of a “passphrase” instead. A passphrase is a random combination of words often separated by dashes to form one random phrase, for example checkers-sailboat-lollipop is considered a passphrase.
The following three-word combination passphrase with 8-digits per word would take a computer program centuries to guess, but is far more user friendly and easier to remember.
We recommend the use of passphrases to make memorizing your logins easier and your online data more secure.
2. Your Passwords Should Be Complex and Secure
Websites and online service providers often require certain levels of password complexity at the time of registration. Password complexity will typically include a combination of different letter cases, numbers, and symbols.
The challenge is that our human brains are wired for efficiency and complex passwords are not easy to remember or efficient to manage through memorization alone. Too often the resultant is the use (and reuse) of passwords that meet the complexity requirements, but are also simple in nature. Unfortunately, this only guarantees a false sense of security.
As an example, here is a side-by-side comparison of two passwords that both meet the same complexity requirements but achieve very different results:
Meeting the complexity requirements defined in a website’s registration process does not necessarily mean it is truly complex, and therefore, password vulnerabilities will only diminish once we’ve removed the human element from the process.
Security-conscious sites might offer a recommended complex password, and in that case, what should you do? We recommend using a strong password generator from a reputable source to ensure the tool is safe to use. Bitwarden, for instance, offers a free password generator available to everyone that is both strong and safe to use. (Existing Bitwarden customers can leverage the same feature within your Vault.) When using these free tools, we ensure your password is never transmitted to our servers and is processed locally in your device’s web browser window. Here’s a screenshot of what a password generator might look like, using the Bitwarden free tool as an example:
Now that we’ve covered the steps to generate secure passwords, the challenge then becomes storing and accessing your complex credentials whenever you need them. Fortunately there are easy and secure ways to enable this with the help of a password manager. (We cover more about password managers and how to get started later in this article––click here to skip ahead.)
3. Your Passwords Should Be Random and Unique for Every Account
According to NIST, “secrets that are randomly chosen. will be more difficult to guess or brute-force attack than user-chosen secrets meeting the same length and complexity requirements.”
Most online users today are aware of the significant risks associated with reusing passwords for multiple online subscriptions. Even so, the results of a survey Google conducted in 2019 revealed 65% of people use the same password for multiple or all online accounts. This suggests people are more willing to accept the risks associated with reusing a password than they are willing to endure the pain of forgetting one’s password. On the other hand, accepting these risks could also be the difference between happy internet surfing and identity theft.
So, why does reusing a password for multiple online accounts pose such a threat?
A data breach on one website, where millions of user data and login credentials are stolen, means your credentials are now in the hands of people with malicious intent. As a result, any other account that uses the same stolen password is also compromised, and the private data you’ve stored in each of those accounts is at risk of being stolen as well.
All of these requirements would, of course, be impossible to manage by memory alone. Fortunately, there are easy and secure ways to optimize this process––we’ll cover that next.
How to Manage Your Long, Complex, Random Passwords
Passwords, still ubiquitous across websites and applications, deliver a powerful first line of defense for internet users. This is especially true when users create secure passwords for each website.
In summary, the passwords we use for every online subscription should be unique to every account, at least 14 characters long, complex, and random. Great! Now, how do you manage it all? The easiest and safest way to do this is with the help of a password management solution.
What is a password manager?
A password manager is a software solution that enables you to safely generate, store, and manage personal or business subscription login credentials. With this technology, the process of generating and maintaining long, complex, and random passwords is easier and far more secure than generating complex passwords manually.
How does a password manager work?
The goal of a password manager is to strengthen the security of your private data online and completely remove the need to memorize or reuse complex passwords. With a password manager in place, users can create unique passwords that are long, complex, and random for every online subscription. Users can also synchronize passwords across multiple devices and if desired, share information securely with family, friends or colleagues.
Secure password managers only store encrypted versions of your private data, which can then only be decrypted by the user themselves.
— Bitwarden
Bitwarden, for example, is an open source password manager that stores your secrets with end-to-end, zero-knowledge encryption before it ever leaves your device. Upon creating a new Bitwarden account, you will first generate a master password (this should be long, complex, and random) which is then used to encrypt and store your passwords and other private data.
When selecting a password management solution for you or your business, it’s important to ensure the provider never stores your actual passwords. Secure password managers only store encrypted versions of your private data which can then only be decrypted by the user themselves.
For more information about password managers and security best practices, see our help section on security.
Get Started with Your Password Manager
Getting started with a password manager is easy. If you do not have one in place, you can download Bitwarden for free, or begin a trial for your business.
If you are using another password manager, you can import that data into Bitwarden.
‘How secure is my password?’: How to test the strength and security of your passwords using an online password-security tool
Twitter LinkedIn icon The word «in».
LinkedIn Fliboard icon A stylized letter F.
Flipboard Facebook Icon The letter F.
Email Link icon An image of a chain link. It symobilizes a website link url.
Creating and maintaining secure passwords may seem like a hassle, but it’s a modern necessity if you want to keep your information safe.
To help you understand what makes a secure password, and how to validate the strength of your password using online security tools like NordPass, here’s a quick breakdown of everything you should know about safeguarding your online identity.
How to ensure your password is secure
The core characteristics of a strong password is length (NordPass suggests 12 or more characters) and an unpredictable mix of upper and lower case letters, numbers, and symbols, with no ties to obvious personal information.
Most people are aware of the basics of password best practices: It shouldn’t include something that’s easy to guess, like names of children, birthdays, or house numbers. And you should never use commonly used passwords, or variations of them. Avoid the likes of «password» and «PaSSw0rd,» or «123456» and «123456-Devon,» for instance.
Beyond creating an unpredictable sequence of letters and numbers that meaningful to you and only you, there are other tips to help keep your password strong and secure:
How to check your password’s strength and security using the NordPass password-security tool
There are many web-based tools that can help rate your password strength, but it’s important to choose one that you trust with your credentials. An industry-trusted password checker you can use is one from NordPass, a password management tool by the VPN service provider NordVPN.
To understand how NordPass rates your password strength, it’s important to learn the main methods hackers use to steal passwords. These methods include:
With that in mind, here’s how to use NordPass’s online strength checker tool:
1. Go to the Nordpass secure password page and click «No, use online strength checker.»
2. Input your password in the text bar.
3. Nordpass will immediately rate it for you, and provide information about your password composition, an estimate of how long it would take someone to crack your password, and if your password had been previously exposed in a data breach.
How secure is my password?
Passwords are very important in today’s digital world. On the PC, laptop or smartphone: Everywhere we have installed little helpers, some of whom manage sensitive data. E.g. bank details or other personal data. To avoid being the victim of fraud, theft or even identity theft, passwords should be as secure as possible.
Unfortunately, passwords like “123456” are still popular and often in use. The problem is: weak passwords can be guessed or calculated quickly. And if you are still logged in to every online service with the same e-mail address and use the same password everywhere, the chances are extremely high that it will happen:
Unfortunately, many people are not aware of how manifold the consequences of spying, guessing or calculating passwords can be.
If, for example, your e-mail account is hacked, your own e-mail address is usually also stored as a recovery address in shops such as Amazon or Ebay. The attacker can then go shopping with your payment information. Or he sees your personal photos in the cloud. He or she could also appear under your name on social networks such as Facebook or Instagram. Insights into business documents or documents about your health are also often the target of such attacks.
By the way, you can check whether your data is endangered with our software Identitiy Inspector!
We will therefore show you strategies for using secure passwords in the future. How can I choose the most secure password possible? What is the best way to manage passwords? And how can you additionally secure yourself?
How long does it take for an attacker to crack a password?
Many users use passwords based on personal data: their own birthday, names of family members or of pets. If this data is known, it usually happens very quickly. Powerful computers can generate and test around one million passwords per second. A five-digit password lasts about 30 minutes in the best case. If private data is used, it is much faster.
Modern computers need several months for an 8-digit password with upper and lower case letters, digits and special characters. Each additional position increases safety. If your password consists of 15 digits, it will take about 30 years.
How do thieves and hackers steal passwords?
First of all: Hackers are at least as clever as you are. 😊 If a hacker is targeting you directly, he will first ask in your personal environment. However, it usually doesn’t matter to hackers who they can get personal information from. In this case, passwords are requested via spam mails or hackers’ data is simply used. Large (but also smaller) companies are regularly hacked and this data is sold or otherwise published. Well-known websites such as Adobe, Adult Friend Finder, Avast, BitTorrent, Comcast, Creative, Dropbox, Kickstarter, LinkedIn, Snapchat, Sony and many other companies/websites have already been victims of these attacks. And if you have an account there, then these data are in principle freely available.
Most popular passwords
Unbelievable, but true: The most popular passwords are still simple combinations of numbers, so:
The following words are also used:
And then in combination with numbers:
These passwords can’t really be safe – or what do you think?
What is a secure password? What does a secure password look like?
We advise you to use passwords with as many characters as possible. You should use at least 8 characters in any case. Some experts also advise using 15 or more characters. Please keep in mind, however, that you have to enter your password every now and then.
Under no circumstances should you use terms from the dictionary or names. A secure password should contain upper and lower case letters, numbers and special characters. And using the same password for multiple online services should be taboo!
How to create a secure password? Tricks for a secure password:
What else is there to consider when using passwords?
If you don’t always want to come up with new passwords, a password manager is always recommended. For example, our SecuPerts Cyber Shield software includes a good password manager. In addition, it is recommended to use two-factor authentication for important services. For example, your Amazon account can be additionally secured. The service provider will send you a numerical code via SMS or app each time you log in or with each new device you want to use to log in to the provider. You can only log in if you enter this numerical code!
How secure is my password?
Remember: A password is only safe as long as nobody else can get it! If you want a written protection, you should not store the passwords somewhere freely accessible. By the way, it is also a good idea to make access data accessible for relatives or relatives. So that your digital estate is accessible if the worst comes to the worst.
Save passwords or not?
If you use a password manager, the passwords are usually well protected. However, you should consider whether you allow your browser, for example, to save all data. Not all applications or browsers store passwords in such a way that they are at least difficult to access. With browsers, for example, the Windows password is usually sufficient – and all passwords are quickly visible!
Is my password 100% secure?
Let’s say it this way: if you understand our tips and hints, you are close! Unfortunately, the data is also stored at online providers and these can – as already mentioned above – also be quite vulnerable. We will therefore soon be releasing software that will enable you to monitor whether your e-mail address is stored with a hacked service provider. You should then immediately use a new password with these providers!
Be sure to use SSL encryption!
The best password is of course not very good if you enter your password on an unencrypted page and store it there. In any case, you should make sure to use only websites with SSL encryption. You can see this in the address line of your browser. If only http is used as protocol, the connection is unsecure and can be monitored. You should then immediately switch to https. This is displayed differently depending on the browser. For example, Chrome always indicates whether the current page is safe or unsafe.
How Secure is My Password?
It’s generally recommended that you change your password once every three months or so, but it can be easy to forget or push it off. You may be wondering if it’s really such a big deal? Yes, it is because cybercrime is on the rise. In a 2018 survey of adults, almost 33% said they personally had experienced a hack of their social media and email accounts. This may be because up to 50% of them use the same password for multiple accounts. Read this article to help you secure your passwords and online accounts before you get hacked.
LESSON CONTENTS
What makes a secure password?
Ideally, your password should be made up of a string of random letters, numbers and symbols. Some password manager websites recommend at least 12 letters, numbers and characters.
The most common password of 2020 was 123456. This password was used by 2.5 million users. As you might guess, hackers can crack this password in less than a second. Other common passwords for 2020 included:
These are weak passwords and can be cracked in a short amount of time. You also want to avoid using anything that would be easy to figure out such as your birthday, your spouse’s name or birthday or your kids’ birthdays.
How do hackers steal passwords?
Hackers are a creative and technologically adept bunch. There are all sorts of ways a good, or even an average hacker can crack your password. Here are some of the most common ways.
Brute force attack
A hacker will simply try to guess your username and password, often by using programs. This allows them to try many combinations of letters and numbers until they find one that works.
Dictionary attack
A dictionary attack is similar to a brute force attack, but it uses a list of passwords that have a high probability of success. They use all the most common passwords, plus passwords like popular sports teams, organization names and other easy-to-remember passwords people like to use. They often try variations of spring, summer, winter and fall in the corresponding season because they know some people do change their passwords with the seasons.
Phishing
Phishing is when someone tries to get your personal information by asking you to click a link or verify information over the phone. Many cybercrimes begin with phishing attacks. These emails often say there’s a problem with your account and your response is needed, or sometimes they send you a fake invoice for something you know you didn’t order. Then they ask you to click a link. If you have any questions at all about whether an email is legitimate, it’s best to go to the company’s website and log into your account there. Don’t click anything.
Credential stuffing
Credential stuffing tests databases or lists of stolen credentials. Hackers can purchase these lists and personal information from the dark web or other illegal sources. If you use the same password across multiple accounts, they have access to all of them.
How to Create a Secure Password
These are the steps you should take to create a strong password:
You should change your passwords every so often, and don’t reuse passwords you had before. Some experts say you should change your password every three months, while others say if you have a strong password you don’t have to change it unless it’s been compromised. This is especially true if you use multi-factor authentication.
You can also use a password strength checker. These are available online and some of them are free.
What else should I do to protect myself online?
You’re probably wondering how you’re going to remember these random strings of letters and numbers for all the websites you visit. The answer is a password manager. These can keep your passwords safe in an encrypted vault, and you can change and update them as often as you like. Some password managers will fill your passwords in for you and look for weak or compromised passwords and send you an alert if it finds any.
What else should you do to keep yourself protected from online criminals?
Use antivirus software
Antivirus software will scan your computer for malware, ransomware and other security compromises.
Use a VPN
Don’t click on any links in emails that look suspicious
The following brands are the most likely to be impersonated in a phishing attempt:
If you get unsolicited emails from any of these companies, you should be suspicious. You could forward the email to the actual company and ask them if it’s real. If it is, they’ll contact you and if it’s not, they have a security team that keeps track of these things. If you get a suspicious email from Amazon, for example, you can forward it to stop-spoofing@Amazon.com.
Be careful with social media
It’s tempting to share personal information on social media—after all, wasn’t that what it was created for? Be careful not to post personal information that can be used to guess your passwords or steal your identity. Remember that after you post something, it’s there forever. You should still be vigilant even if your profile is set to private.
Staying safe online doesn’t have to be difficult. Use a strong, unique password for every site you visit, and use a password manager to keep track of them all. Be safe.
Password Strength Checker | Is It Strong Enough?
Use this password strength checker to get instant feedback on the strength of your password and what you can do to make it better.
Characteristics of a Great Password
For many of us, a good password is the only thing standing between a hacker and our online identity. Why is it that many of us care so little about the strength of this important key to our digital lives?
Here’s the honest truth: your password probably sucks.
At least, that’s what statistics of the general population tells us (so don’t worry, you’re not alone). Unless you’re a super-password creator or you use a password generator like 1Password, chances are the above password checker will say your passwords need work.
As a rule of thumb, the characteristics of a great password include the following:
When you type in your password above, you’ll get feedback on whether you need to add numbers, symbols or different characters to make it stronger.
And yes, although I promise that this password checker doesn’t send your password data over the internet (i.e. I can’t see what you type), it’s still a general best practice to not input your real password here.
Limitations of a Password Checker
A password checker is useful to get an instant assessment of your personal security key, but you have to also understand that it has limitations.
Yes, it measures the strength based on a database of known passwords and your use of the five key metrics listed above. However, the most important characteristic of a good password can be summed up in one word:
UNIQUE
What this means is that even if this password checker tells you that your password is “Very Strong”, if you use that same password in multiple places…
…it’s no longer a good password.
Think of it this way: let’s say that one of your favorite retailers gets hacked and your password is exposed. If I were to purchase that password, could I also get access to…
…your investment accounts?
If that’s the case, or if your password wasn’t considered “Very Strong” to begin with, you’re probably going to want to make a few changes.
That’s where a simple software known as a password manager can be useful.
Need More Secure Passwords?
Get a 30-day free trial using this link:
Benefits of Using a Password Manager
There are a number of great password manager apps that you can try, but my personal favorite is a piece of software called 1Password. It offers the following features that are common among password manager apps:
All this may seem complicated, but it’s really not. I promise.
I’ve even created a simple tutorial on how to use a password manager that you might find useful as you consider migrating to vault with a master password.
But wait!
Some of you might be unconvinced by the security of a manager app. Isn’t that basically putting all your security eggs in one basket?
Security Concerns: All Password Eggs in One Basket?
This is a valid concern, and one that I had as well. Now, instead of multiple passwords, I have only one Master Password that, if stolen, gives somebody access to everything.
To start with, this is one reason why you should make your Master Password the most secure password you can. Make sure you use the password checker to see if it’s a good one.
Don’t write it down.
Don’t save it in Evernote.
If you must, write it down and lock it in a physical vault in your house in case it needs to be accessed in your absence (i.e. death).
But even if you have a secure Master Password, you’re still putting all your eggs in one basket. And that’s why I promote a security hack I’ve dubbed the double-blind password strategy.
The Double-Blind Password Strategy Explained
Here’s the basic concept of a “double-blind password”: It is a combination of a password generated by 1Password (or any other manager app) with the addition of another set of characters that only you know.
In other words, you don’t know the characters that the software generates…
…and the password manager doesn’t have the final characters that you always type in.
This is the kind of security a password checker just can’t assess!
It’s not as complicated as it sounds, and it adds an amazing layer of security above and beyond what you already get with a password manager.
I’ve created a step-by-step tutorial for creating double-blind passwords and if this is something that intrigues you, I highly recommend you give it a try.
Share this Password Checker!
Has this password checker been helpful? Make sure you share it on Facebook or challenge your friends to test their own password to see how strong theirs are!
Kudos to you for understanding the need for stronger online security!
Passwords are just the first step. Our protection against threats online is a mindset that bleeds into how we open email, our social media security settings, how we connect to public networks and more.
Security is inconvenient. But the alternative is devastating.