How to create a strong password

SafeWise experts have years of firsthand experience testing the products we recommend. Learn how we test and review

Your personal information is one of the most valuable commodities you own. To safeguard your information, you need to take appropriate measures to prevent it from falling into the wrong hands. Failing to protect your personal information can result in fraud, identity theft, or even lead to it being sold on the dark web

Be wary of scams, and know what to look for when you’re contacted by a scammer. Sometimes it can be hard to tell, especially if they’re phishing, or impersonating a bank or government agency. In 2022, the most popular form of scam plaguing Australians was phishing. Almost 75,000 instances of attempted phishing were reported to Scamwatch in 2022, with 3% of those reports claiming some sort of financial loss.  

One of the best ways to ensure your personal information is protected is to ensure your passwords are unique and tough to crack. 

Common password mistakes

Earlier this year, Telstra called out some common password mistakes among Aussies – and it's worse than you think. Almost half of Aussies admit to using weak passwords, with 13% using a generic password like ‘123abc’, ‘password’, or ‘123456’.

We know how hard it is to remember multiple passwords, which is why 78% are using the same password across multiple accounts. If you only have one password to crack, this can make you an even more attractive target to hackers. 

“Criminals are relentless and will exploit Australians’ tendency to use the same password across multiple accounts. All it takes is one breach and multiple accounts can be compromised,” Telstra Cyber Security Expert Darren Pauli warns. 

Another common password mistake is using well-known keyboard strokes thinking it’ll give you a hard-to-crack password. Take ‘1qaz2wsx’ for example. At first glance, it might seem like a long, complex password, but if you take a look down at your keyboard, you might notice there's a recognisable pattern. Unfortunately, a random set of numbers and letters really should be random to break the common practices of a hacker. 

Has my data been breached?

Data breaches are an uncommon inevitability, so we recommend popping your email address in the ‘Have I Been Pwned’ site to see if your data has been put at risk.

Creating a strong password

It’s likely you were told in order to create a strong password, you should include a number or two, and maybe a capital letter to prevent someone from cracking your password. However, cybercriminals are getting smarter, especially with the continued use of AI and password-guessing programs. 

Size matters

A short password is incredibly easy for cybercriminals to hack, especially with the wide variety of tools or programs at their disposal. Making a password that is both long and complex is a solid way to make their job more difficult, and prevent them from gaining access to your personal information. 

The length of your password refers to the number of characters, while its complexity refers to the variation of these characters in your password. A strong password consists of 14 or more characters. According to Passwarden, an 8-character password with one uppercase letter will typically take a hacker half an hour to crack, while the same password with four more characters could take up to five years. 

Passwords that have a mix of uppercase and lowercase, and random sets of numbers throughout the password are much harder to crack than your mother’s maiden name, or dog’s name, which can probably be found with a quick glance at your social media. 

While using a non-alphanumeric character, like an exclamation or question mark is good password protection practice, we recommend putting these characters within the password, and not at either end to make it even harder to crack. 

If by the end you’ve created a random combination of numbers, letters, and punctuation characters that make no logical sense, you have a safe, strong password. 

Light Bulb
Is my password strong enough?

If you’re wondering whether or not your password is strong enough to keep your information safe, we recommend typing your password into BitWarden to see how long it’ll take a hacker to crack your password. And before you ask, your password is processed in your device’s web browser window instead of on BitWarden’s servers, making it completely safe. 

Protect your information

Creating a strong password is an integral part of safeguarding your personal privacy and information. 

We recommend following the steps above for creating a password that’s both long and complex. However, it can be troublesome to keep up with multiple passwords that are a seemingly random combination of numbers, letters, and punctuation characters. 

There are many password managers that can securely store your passwords, as well as generate completely random combinations of letters for your different accounts. Password managers use a master password to access your library of varying passwords, so you only need to remember one. Look for a password manager that uses strong encryption for total protection, like 1Password and Last Pass.

Some other ways to protect your information:

  • Don't share your personal information with anyone. This includes personal identification numbers, like your passport, driver's license, or tax file number. This also includes any current or previous street or email addresses. 
  • Enable two-factor authentication. This makes it even harder for a potential hacker to access your account – even if they have your password, this is not enough to pass the authentication check. Usually, they need a security token from another device or a component like a security question or personal identification number in addition to the password. 
  • Only log in to online banking portals on your home network, or use cellular data if you need to. If you're using an unsecured Wi-Fi connection, people can access your information, leaving you susceptible to hackers lurking on free Wi-Fi.
  • Only make purchases from secure sites. Look for the ‘S’ after the ‘HTTP’. This means the website is protected by SSL or Secure Sockets Layer encryption. 

Sometimes, even if you do all the right things, hackers can install malware on your computer to track your keystrokes, or what keys your press when entering passwords. They can easily retrieve all of your login details, putting your personal information in the wrong hands. We recommend investing in some antivirus software to stop them in their tracks. We recommend Malwarebytes, or AVG as a free option.

Final word

Your personal information is valuable and should be protected. Taking necessary steps and precautions like using two-factor authentication and a password manager can help safeguard your information, and keep you safe on the internet. 

Hannah Geremia
Written by
Hannah Geremia
Hannah has had over six years of experience in researching, writing, and editing quality content. She loves gaming, dancing, and animals, and can usually be found under a weighted blanket with a cup of coffee and a book.

Recent Articles