Security awareness

Top 7 Tips to Secure Your Passwords

Mahwish Khan
June 7, 2017 by
Mahwish Khan

In our current world where technology is finding its way into all aspects of our life, it is important to understand how to properly protect yourself online to be sure all your accounts are secure. Hackers can use a variety of techniques to launch a cyber attack your way:

  • Buffer Overflow- Using specialized code to fool systems into giving away personal information
  • Wi-Fi Traffic Monitoring – An attack that utilizes public Wi-Fi networks to steal information
  • Brute Force – Entering random passwords until one is correct. Especially dangerous if you use a common password.
  • Key Logger – Program that infects your computer and steals inputted information

There are several tips you should keep in mind when designing a password to make sure that you are the least susceptible to these kinds of attacks, and any others that hackers may utilize to get to your information.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

1. Strong Password Requirements

There are many different elements to consider when selection a password to use. Making sure your password is advanced enough that hackers will have a very difficult time attempting to break into it is essential to avoid having your account breached by unwanted intruders (which is probably anyone but yourself!). You should get into a few habits while designing passwords to ensure maximum security.

The highest-tier of passwords all follow a similar format. There should be a combination of both uppercase and lowercase letters. Simply making sure you use punctuation presents a huge increase in combinations that must be attempted to crack into your account.

Creating a password consisting of nonsense is another way to make sure that hackers cannot learn information about you and have any easier of a time getting into your accounts. Simple personal information should especially be avoided, such as family members or pet's names, addresses, etc. General words should also be avoided, such as a sport, item, or hobby. However, when selecting your password, make sure you will be able to remember it further down the road.

The length of the password is another important, possibly obvious way to ensure it is more difficult to crack your code. The best passwords are usually at least 12 characters in length, even if the website or service you are signing up for says that your password "strong" with less. Using more than 12 characters will ensure maximum security.

2. Unique Passwords

It is common for many people to use the same few passwords for every account they have ever created. This is one of the most common mistakes. Using unique passwords for each account you possess online will prevent the hacker from being able to access any account he desires after breaching one. Also, if the infiltrator has access to an e-mail account, he or she can use that e-mail to retrieve passwords for whatever he wishes as long as the website does not offer a form of two-factor authentication if the login is coming from an unfamiliar place.

If you are still using a default password provided to you when you purchased your computer or router, change it immediately. There are websites available to the public that display the entire temporary and default passwords for each product, so it is only a matter of trial and error for the hacker until he has determined your code.

3. Write it on Paper

A problem many have when designing a strong password for their accounts is being able to remember it. There are several ways you can aid yourself in this task, instead of just relying on repetition and the memorization of a random string of letters, numbers, and symbols.

The first strategy is to write your password on paper. It is shown that physically writing down information helps people retain the information they are recording. Also, writing down your password and storing it in a safe place is much safer than storing it in a file on your computer or online. If a hacker gained access to one of these files, he could potentially have your login information for any account you recorded on file.

Another way to design strong passwords while making them easy to remember to think of a sentence you would not have an issue remembering. For example, if your sentence was "My parents John and Carly live on 505 Smith Street and are both 52 years old" you could use a password with the first letter or number of the sentence, translating to "MpJaClo505SSaab52yo", which would be a very strong option for a password.

4. Two-Step Authentication

Recently, online companies have provided more opportunities to increase security on their websites and give users more ways to protect themselves against cyber-attacks. One emerging strategy is known as two-factor authentication. Two-factor authentication is a secondary step of confirmation that requires a code or link that is sent to a cell phone or similar device that must be inputted to verify the correct user is accessing the account.

You should get in the habit of checking websites you often log into and determine if they use a form of this authentication process. Often, they only require two-factor authentication if you are logging in from a device you have not used before, which is particularly useful in bringing cyber-attacks to a halt. If your company gets breached, they will be unable to attempt to access your account if two-factor authentication is enabled, unless they have access to another one of your personal devices.

Utilizing security questions correctly is another procedure that can help or hurt you online. When used correctly, they provide an easy way to recover your account if it was stolen. On the other hand, if the answers you provide are easy predictable or obtainable with research, they can be detrimental to the safety of your account. Be sure to stay away from common questions such as "What's your father's middle name" or "Where did you go to elementary school" as these kinds of questions could be possible to find online. Be sure to use unique questions only you would know the answer to, or respond to the question in a way that doesn't even pertain to it for extra security if you can remember your responses.

5. Biometrics

Another emerging technology is biometrics. Biometrics is statistical data gathered from people's physical or behavioral characteristics. Biometrics most commonly used alongside passwords are fingerprint scanners such as the one used on more current iPhone's, face and eye recognition capabilities found on some cell phones such as the Galaxy Note 7, and more. As these kinds of technology improve and become more widespread, they may replace passwords altogether.

6. Avoid Phishing Schemes

Never share your password with anyone. Even if you trust whomever you give it to; you are still running the risk of that information getting distributed and increasing the amount of risk you have to your accounts.

Also, watch out for phishing websites and emails. Phishing is when hackers send fraudulent emails or set up malicious websites posing as reputable companies with the objective of obtaining personal information such as passwords or a credit card number. There are a few tips to help determine whether a source is legitimate or not:

  • Make sure the e-mail address of message you have received is correct. Malicious senders will use an email that is a letter or symbol off from the email they are trying to impersonate, so be sure to check carefully.
  • Be on the lookout for spelling and grammar mistakes. Often, phishers do not speak perfect English, and any errors they make may be a sign that the message is not coming from the reputable company you believe it is.
  • Check the IP of the sender if you are suspicious about the authenticity of the email. Checking the source code will show you the IP address if you look for the string of numbers following the lines "Received: from." Then, it is possible to google the IP address and view information about where it was sent from.

7. Be Wary of Malware

It is not advised to click unknown links. Malicious sites can begin downloading files, reroute you to other dangerous websites, and scam you for information such as your password the moment you interact with the page. If you are unsure whether you should open a link, it is best to right-click and copy the link, then paste it in a different browser so you can look at the URL before executing the command to open it. The safest sites are "HTTPS" sites. You will see these letters at the beginning of the address. Be sure always to check to see if a website has "HTTPS" while entering sensitive information like a social security number or credit card.

Attachments are a very successful way hackers gain information about whom they are targeting. You should be especially wary if you are somewhere where you are connected to the same network as many others such as a workplace or school because if one person opens a malicious attachment, the entire system of computers could be infected as well if they are all connected to the same network. Don't open attachments unless you know what to expect unless it is coming from an address you can verify is safe using the advice above. Word documents, PDFs, and EXE's should be dealt with increased caution.


Understanding the preventative measures of ensuring your password can not be cracked easily will great increase your security online. None of these tips are difficult to incorporate into your online habits but are all important to consider while creating or using your passwords online.


See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Mahwish Khan
Mahwish Khan

Mahwish Khan is a Pharm-D graduate from The University of Faisalabad. She is experienced in technical writing. She currently works for a university as a technical trainer and documentation specialist. In the past, she has taught university writing courses and worked in two university writing centers, both as a consultant and administrator.