What Makes a Password Strong?

How to Create a Really Strong Password That Nobody Can Hack?

Have you ever wondered how to create a really strong password that nobody can hack and that is easy to remember at the same time?

The main objective of the article is to acquaint you with the diversity of password requirements, realize what’s all the fuss about and how to make it more user-friendly.

The diversity of requirements

Guess what’s the worst in passwords? No, not the creation process, but the requirement towards its complexity! Irritating, right?

There is more — each website has its own list of requirements. For example, American Express:

Watch out! It can be even bigger.

How easy is it to read all these instructions?

How justified are the existing password requirements?

But let’s be honest — it is all for a reason! Just take a look at the Cyberthreat real-time map by Kaspersky Lab. Hackers don’t sleep!

“Poor password protection is like handing over your house keys to a thief.” — Joe Gerard, CEO of i-Sight

Let’s see what the fuss is all about!

It takes 10 minutes for a hacker’s computer to randomly guess a lowercase password of 6 characters. Replace just one character with uppercase and the amount of time increases by 60 times. Then add two more characters like numbers or symbols and the number jumps to 463 years. To maximize your protection make a mix of numbers, symbols, and upper/lowercase letters and it will take 44,530 years to crack your password. How awesome is this?

So the length and quality of characters do matter!

Another issue is how different is your password from those that other people create. A research made by Keeper has identified the top 25 most common passwords. Make sure yours is different from any of these ones:

123456
123456789
qwerty
12345678
111111
1234567890
1234567
password
123123
987654321
qwertyuiop
mynoob
123321
666666
18atcskd2w
7777777
1q2w3e4r
654321
555555
3rjs1la7qe
google
1q2w3e4r5t
123qwe
zxcvbnm
1q2w3e

These statistics add to the fact that passwords have to be long. Notice the number of passwords that are equal or longer than 10 characters. Another research proves that password has to be at least 10 characters long! As 80% of the list represent passwords that are shorter than 10 characters. Who knows, hackers might use such lists in the first place.

And for good reason, as 40% of people tend to choose passwords from the top 100 list. Of course, there are lots of such lists online so hackers will have to choose. However, don’t push your luck!

Why doesn’t it work?

All the other requirements are controversial according to some opinions.

Here’s why:

• not working: people still tend to create the passwords they like
• repelling users: people become irritated and simply turn away
• often confusing: the set of rules is incomplete and requires further collaboration
• not user-friendly: long lists may ruin the impression, visual hints can rectify the situation

What’s the way out?

Developers need to improve the requirements list and make it more user focused. Here are the ideas how to deal with this challenge:

• length check

The arguments above clearly show that length combined with the quality of characters gives good results.

• uniqueness check

It has to differ from the popular variants. Moreover, it has to be unique!

• unmasked password

This feature helps to avoid errors in typing. Users like it, as 75% of them use it right away and 85% — after entering the first character.

• error description

When an error occurs, it’s better to describe it in a single sentence.

• visual hint

Even better, when a user sees a password requirement before typing it and pressing the submit button.

• modal window

When developing the application, we use the modal window with the specified requirements which disappears after you’ve entered.

Both users and developers gain when the password requirements are not annoying and keep hackers away.

Conclusion

Users are the main objective. So you need to stop them in case they want to enter an insecure password that doesn’t meet the requirements. However, it has to be done not with a long list of rules, but by checking it after typing. After all, length is quite enough!

If you liked this, show your support by clapping us to share with other people on Medium.

Follow us on Facebook, Instagram, LinkedIn, Behance, Medium and visit our corporate blog for more news and articles on smart solutions.

Any questions? Feel free to contact us!