fbpx

Designing a strong password

Passwords are our digital keys to access all sorts of products and services. A strong password can significantly reduce the risk of your online accounts being compromised.

There are a few ways in which you can create a strong password. Some of the strongest passwords are password sentences and passphrases. In addition to this, there is the Diceware Method, as well as password generators built into most password manager services. It is also important to consider the following when creating a password:

  • Use both uppercase and lowercase characters
  • Include symbols and numbers
  • Use unique passwords for each service you have an account with
  • Never use identifiable details (Date of birth, street name, family name, pet’s name, etc)

Diversify your passwords

Never use the same password across multiple services and always use a unique password for every service, account or subscription.

When the same password is used between a series of accounts and one of those accounts is compromised, it becomes very easy for your online identity to be taken over by a third party.

A password manager such as LastPass helps you generate, store and retrieve complex passwords. There are locally installed password managers as well as online services that usually require a monthly or yearly subscription. Password managers generally require a “master” password to unlock and access information within.

Passphrases and sentences (Basic)

We as humans naturally aren’t good at remembering complicated long strings of letters and numbers. One of the easiest ways to build and remember passwords is to start with sentences or facts only you would know.

You can style sentences to the theme of the service. If you’re signing up for CoinJar, you might write:

Sentence: I love CoinJar!

Password: i.L0vE-CoInj4R!

These are simple transformations – replacing spaces with symbols, replacing letters with numbers, changing the capitalisation of letters, and inserting additional symbols where required.

Diceware (Advanced)

If you’re looking for a more advanced method for password generation, the Diceware method generates passwords by rolling a six-sided die five times, with the die acting as a hardware random number generator. These five die rolls generate a five digit number which then identifies a single word from a premade list of words.

The original Diceware word list contained 7776 words, however, in 2016 the Electronic Frontier Foundation published three alternative English Diceware word lists – these word lists contain words with more characters than the original Diceware word list.

Passwords generated using the Diceware method generally look something like the following:

diploma-entitle-nearby-unthread-simplify

You can modify a Diceware-generated password for added strength using the same techniques we applied for password sentences:

D1pl0ma-3NTitl3-nearby!uNthRead-SIMplifY

Put your passwords to the test

After you’ve created a few example passwords using our guide above, you’ll be able to test their strength by visiting this free password strength checker, provided by LastPass. Alternatively, you can use How Secure Is My Password, sponsored by Dashlane. For security reasons, please don’t enter real or actively used passwords when use password strength checking services.

Checking for data breaches

Have I Been Pwned (HIBP) is an online service that keeps you updated when your email address (and sometimes your password) has been leaked in a data breach. If you use the same password across multiple services, you should first change these passwords to more unique ones.

Passwords aren’t the last line of defence

Most services support two-factor authentication or multi-factor authentication – a standard that requires additional code to be entered alongside the username and password combination.

These codes provide extra security for your account as they only last anywhere from 30 – 60 seconds, and verify that only you are accessing your account. The code is generated on a device that only you should have physical access to, this helps identify who is accessing the account.

When this is enabled on an account or service, a correct username and password combination but an incorrect two-factor authentication code will cause the sign in to fail.

What can I do to make sure my password is as secure as possible

  1. Use a password manager (to generate and store passwords).
  2. Never use the same password for multiple services.
  3. Always check the URL of a website before providing your password.

Remember: CoinJar will never ask for your password – unless you’re signing in! For more information on how to keep you CoinJar secure visit our dedicated knowledge base.