Your Simple, Practical Guide to Creating Safe Passwords

We get it: Passwords can be beyond frustrating — second only to doorbells in commercials, for those of us with dogs. 

(Seriously, please STOP with the TV doorbells, as some of us enjoy our calm dogs.)

But the need to create, use and remember passwords is a routine part of our online lives. Of course we recommend combining them with some sort of multi-factor authentication (MFA) process when available — meaning people will not only need to know their password, but also something else like a code that is emailed/texted to them or a biometric signature like a thumbprint or facial recognition. 

Given the pervasiveness of passwords, we're here to talk with you about how to create strong passwords. In this post, we’ll introduce you to: 

1. Tips for creating strong passwords
2. Eye-opening reasons why it’s vital to use strong passwords
3. How a password manager can be the solution to your password frustrations

Ready for a useful deep dive into passwords? Let’s begin. 

How to Create a Strong Password

There are many, MANY websites highlighting smart tips on how to create a strong password — ours included, which offers this helpful post titled “How to create passwords that are long, strong and memorable.”

Among the key highlights: 

• Create separate passwords for each online account that incorporate up to five words that don't ordinarily appear together, plus a mix of capital and lowercase letters and special characters.
• For each account, use a “passphrase”: Come up with a phrase that's meaningful to you, then create a password using the first letter of each word and unique special characters. Get creative using punctuation and capitalization. (You can even consider substituting letters for numbers, like a “3” for an “E” or a “4” for an “A.”)
• Don’t use family names, birthdays, anniversaries, or common phrases from literature. The more nonsensical it appears to others, the better.

These may sound like complex tips to what should be a simple task, but we want to share a telling backstory about why this password creation advice is so important. 

Annually, cybersecurity agency Hive Systems publishes a table revealing the time it takes for a hacker to brute force a password using a powerful, commercially available computer.

Using numbers only and a 4-character password (much like your standard ATM PIN — sidenote, please never EVER use your ATM PIN as your password), hackers are now able to determine your password instantaneously. 

But if you create an 18-character password that features a combination of upper- and lowercase letters, symbols and numbers, hackers would need 438 trillion years to hack it. 

Yes: 438 trillion years. 

We think that’s a pretty strong argument for the creation of complex passwords. 

“The bottom line is that individuals and especially small businesses just have to have strong, complex passwords,” affirms Aaron Boigon, Plumas Bank EVP and Chief Information Officer. “We always recommend using passphrase techniques, as these result in passwords that are easier for an individual to remember, but harder for someone else to guess.

“And I definitely recommend use of a password manager,” he continues. “There are many well-known ones out there, and this is a lot safer than hiding your passwords on a Post-it Note tucked under your keyboard.”  

How to Remember All Those Passwords: Password Managers to the Rescue!

A typical person’s password frustration centers around this fact: It’s practically impossible to recall 18-character passwords using a combination of upper- and lowercase letters, symbols and numbers — or even the easier-to-remember passphrases — for every single account. 

That’s where password managers come into play. 

What Is a Password Manager? 

According to the National Cybersecurity Alliance, “Password managers are pieces of software that often take the form of apps, browser plugins or they might be included automatically in your browser or computer operating system. With a few clicks, you can generate new, secure passwords that are long, unique and complex. These passwords manager automatically store your passwords and can autofill them when you arrive at the site.”
  
Boigon describes a password manager as a digital password vault, and your master password is the only one you have to actually remember. 

“Entering your master password unlocks this vault,” he says. “And from there, you can then retrieve whatever password you may need.”

Convenience is key when it comes to password managers. The National Cybersecurity Alliance continues: 

“Password managers literally take a few minutes to download and get started with. You can fill in all your passwords at once, or just add a few passwords for your key accounts (email, banking and social media, for example) and add more over time. Many times, when you log into a site, your password manager will ask if you want to store the password – click yes, and, boom, another account is secured.” 

But Wait, There’s More: Other Advantages of Password Managers

Indeed, password managers allow you to create unique passwords for each individual website, storing them safely (and without the need for us to remember every capital letter or odd symbol), but that’s not the only advantage. According to Attila Tomaschek, writing for CNET: 

“Your password manager can also help you fight against phishing scams. Even if a phishing attempt tricks you into clicking on a malicious link, it won't trick the password manager. Your password manager will detect that the URL is different than the site you usually log into —regardless of how similar it may look to the naked eye.”

(Stay tuned for more about phishing from your Plumas Bank friends in the coming weeks.)

Creating the Safest Passwords, Step by Step

To recap — here’s what to do to create strong passwords: 

1. Create unique passwords for each online account using a mix of capital and lowercase letters and special characters. The longer, more complex and more nonsensical your passwords, the better.
2. Passphrases are helpful and easier for you to remember, but harder for others to guess.
3. Find a password manager you like and use it.
4. If you’re a small business owner, repeat steps 1 - 3 for your business practices as well. Oh, and don’t forget to train your team about why passwords are vitally important. 

And thank you for helping us continue the celebration of National Cybersecurity Awareness Month by reading all about cyber hygiene. This information couldn’t be more important to your own digital safety, and to your customers as well.

Happy safe password creation! 

P.S. Interested in learning more about cyber hygiene? 

MORE CYBERSECURITY RESOURCES