What Makes a Password Strong?
How to Create a Really Strong Password That Nobody Can Hack?
Have you ever wondered how to create a really strong password that nobody can hack and that is easy to remember at the same time?
The main objective of the article is to acquaint you with the diversity of password requirements, realize what’s all the fuss about and how to make it more user-friendly.
The diversity of requirements
Guess what’s the worst in passwords? No, not the creation process, but the requirement towards its complexity! Irritating, right?
There is more — each website has its own list of requirements. For example, American Express:
Watch out! It can be even bigger.
How easy is it to read all these instructions?
How justified are the existing password requirements?
But let’s be honest — it is all for a reason! Just take a look at the Cyberthreat real-time map by Kaspersky Lab. Hackers don’t sleep!
“Poor password protection is like handing over your house keys to a thief.” — Joe Gerard, CEO of i-Sight
Let’s see what the fuss is all about!
It takes 10 minutes for a hacker’s computer to randomly guess a lowercase password of 6 characters. Replace just one character with uppercase and the amount of time increases by 60 times. Then add two more characters like numbers or symbols and the number jumps to 463 years. To maximize your protection make a mix of numbers, symbols, and upper/lowercase letters and it will take 44,530 years to crack your password. How awesome is this?
So the length and quality of characters do matter!
Another issue is how different is your password from those that other people create. A research made by Keeper has identified the top 25 most common passwords. Make sure yours is different from any of these ones:
These statistics add to the fact that passwords have to be long. Notice the number of passwords that are equal or longer than 10 characters. Another research proves that password has to be at least 10 characters long! As 80% of the list represent passwords that are shorter than 10 characters. Who knows, hackers might use such lists in the first place.
And for good reason, as 40% of people tend to choose passwords from the top 100 list. Of course, there are lots of such lists online so hackers will have to choose. However, don’t push your luck!
Why doesn’t it work?
All the other requirements are controversial according to some opinions.
- not working: people still tend to create the passwords they like
- repelling users: people become irritated and simply turn away
- often confusing: the set of rules is incomplete and requires further collaboration
- not user-friendly: long lists may ruin the impression, visual hints can rectify the situation
What’s the way out?
Developers need to improve the requirements list and make it more user focused. Here are the ideas how to deal with this challenge:
- length check
The arguments above clearly show that length combined with the quality of characters gives good results.
- uniqueness check
It has to differ from the popular variants. Moreover, it has to be unique!
- unmasked password
This feature helps to avoid errors in typing. Users like it, as 75% of them use it right away and 85% — after entering the first character.
- error description
When an error occurs, it’s better to describe it in a single sentence.
- visual hint
Even better, when a user sees a password requirement before typing it and pressing the submit button.
- modal window
When developing the application, we use the modal window with the specified requirements which disappears after you’ve entered.
Both users and developers gain when the password requirements are not annoying and keep hackers away.
Users are the main objective. So you need to stop them in case they want to enter an insecure password that doesn’t meet the requirements. However, it has to be done not with a long list of rules, but by checking it after typing. After all, length is quite enough!