What makes a strong password and how to make a good one

Passwords can be a pain to ponder. While it’s easy to pick a pet or child to base a password off of (we all know the favourite child), scammers and hackers have the technology to guess these password types relatively quickly.  

This is called a brute force attack, where hackers use computer programs to guess many iterations of login details in the hopes of eventually guessing correctly. 

That means creating strong passwords that are hard to guess is more important than ever to prevent cyber-attacks and protect your online account security. So, it’s time to do away with “Jam3s4!” or “Password99” and learn how to make a near unbreakable password. 

What makes a secure password?  

Before we dive in, it’s critical to understand why each of your accounts should have a unique passphrase.  

If your details are compromised, and they are the same across all accounts, suddenly someone could access not just one — but all your accounts.  

Good news, it doesn’t have to be this way! This is why we’re here to help.  

It’s good to work out what makes a weak password to learn how to make a strong one. Using the ‘How Secure Is My Password?’ tool, we can see that the above example, “Jam3s4!”, would be guessed by a computer in only 6 minutes.  

Surprisingly, “Password99” would take a computer 7 months to figure out – but why so much longer?  

The key feature of security is length. The more characters there are, the more time it will take to be guessed by a computer. Australian Cyber Security Centre says that over 14 characters is usually a safe bet to make a more secure password. 

Using a secure passphrase – a string of words instead of just one – is an easy way to make a memorable, lengthy password. You might like to put your butter in the cupboard (controversial take, but we’ll let it slide), so our passphrase might be “butterinthecupboard”, which would take 6 hundred million years to crack, according to our tool. 

Great stuff, we’ve created a nice and strong password. However, in the name of being safe, there is a way to make it even better.  

This is where numbers, uppercase letters and special characters come into play. If we include these, changing the above password to “butTer!nthecupBoard4”, a computer will now have to spend a casual 42 quintillion years to guess our password. Hold that “L”, hackers! 

It also pays to have your uppercase letters at random points, with hackers being able to guess easier if they’re put where they’re grammatically correct. 

By using a combination of numbers, special characters, upper and lowercase letters to make a long passphrase, we have now created a unique password which is almost unbreakable. 

Now, if you want to go the extra distance to make sure it’s super-duper extremely secure, Australian Cyber Security Centre does recommend choosing random words in the dictionary to make an unpredictable passphrase.  

If you’re relying on your brain to remember your login details, this might be tough to do. But don’t worry, we’ve got you covered in our next section.  

If I’m making different passwords for all my accounts, how can I remember them? 

Having to remember 20 different login details for 20 different accounts using the above rules is difficult, considering not many of us can remember what we had for dinner last night.  

The old-fashioned way of writing them down in a diary at your bedside might work for you, but there is a more efficient, secure way to keep all your details in one accessible place - a password manager.

Programs like Bitwarden, 1Password, or Google, Microsoft or Apple's password managers save your details for all your various accounts in an encrypted vault that can be accessed by one master password.  

These platforms can be synced across all devices and can have handy tools such as an autofill function, browser extensions, password health reporting, and phishing attack recognition so you don’t give your passwords to suspicious links.  

Can’t be bothered thinking up a different password every time you make an account? Don’t worry about it, because most managers come with a password generator that makes random passwords and stores them for you. Groovy as, right? 

There are a host of different platforms out there, with many requiring a paid subscription to access. However, if you’re serious about cyber security, it is a very wise investment to protect your personal information online. 

Tying it all together 

Congratulations, you’re now an expert on making a successful password! *crisp high-five* 

This is a valuable skill that will keep you, your friends, and family safe online. Remember to: 

1. Pick a passphrase that will stick in the mind or a random arrangement of words. 

2. Add in numbers, uppercase letters, and special characters at unconventional points. 

3. Get a password manager to store login details.  

4. Differentiate your login details across different accounts. 

Happy password-ing!