How can we help you?

Back to Help Topics

Password Strength Tips & Tricks

Your password for your account is, in most cases, the only thing standing between a hacker and your personal information. As such, having a strong and secure password is essential - but how do you make a password as strong as possible? 


Common problems with passwords

For many of us there is a difficult balance to strike between choosing a secure password and one that you can easily remember. We are often told that a secure password contains a mixture of lower and uppercase, numbers and symbols, but a password such as ' tH7&!me" ' is easy to forget. The alternative of using simple words like "elephant" is much easier to keep track of but also incredibly simple for a malicious attacker to guess.

The crucial aspect of strengthening a password is it's length. A long password, just like a long string of numbers, is harder to guess, regardless of the complexity.

 

Comparison of different password strengths

Below you will find a few example passwords, each with their own strengths and weaknesses for comparison.

Please note that these are listed as examples only, and are not intended to be copied for personal use.


Password1: Passwords that are simply "password" (or variations of) are surprisingly (and worryingly) common. This variation is easy to remember, and contains one of the "common" rules of strong passwords - a mix of upper and lower case and a numerical character. 

However, the easy to remember format of these characters is also incredibly predictable for hackers. They will almost always try capitalising the first character of a password, as well as adding the numbers 1, 12 or 123 to the end. This is because many accounts require a user to add numbers and a mix of upper and lower case characters, at which point the user adapts their existing password in the simplest way possible to fit the criteria required. This kind of password is highly insecure.


happypixiemoondance: At first glance this example might appear absurd, but it is in fact probably one of the strongest of the examples listed here - purely due to its length. As mentioned previously, the longer your password is, the more combinations of letters and characters a hacker has to guess in order to gain access to your account. However, it is also crucial to ensure that the words are chosen at random, or at the very least are not words commonly associated with each other - "carparkingticketstreet" for example are all words with a common link, making them easier to guess when used in conjunction.

Whilst this example breaks one of the golden rules of passwords, which is to avoid the use of dictionary words, by combining several words at random you can regain password security whilst maintaining memorability. 

This kind of password may not be appropriate for all sites as many enforce at least one upper and lower case character, one number and one symbol. You can add such elements if necessary by, for example, capitalising the last letter of each word or separating the words with a certain number.

 

2bon2btit? - Derived from the phrase "To be or not to be, that is the question" using a simple translation, taking the first letters of each word and translating certain sounds into numbers and symbols. It has the best of all worlds - memorable but also possessing high entropy from including a mix of characters. This works best with a sentence, quote or lyric of at least 10 words. 

 

There is another tactic of taking any random character on the keyboard and repeating it 20+ times and combining it with any other random character from a different class: 

%%%%%%%%%%%%%%%%%%%%p is a relatively strong password and actually very memorable. 

 

The Three Golden Rules of Good Passwords

- Never use a dictionary or other common word by itself or even with slight variations.

- Always choose a password of sufficient length - many websites recommend at least 8 characters, but ideally you should aim for 12 or more for a higher level of entropy.

- Make sure your password is memorable - a password is of no use to you if you cannot remember it or if you have to write it on a piece of paper.

If you want to check how secure your password is, you can use an online tool (such as: http://password-checker.online-domain-tools.com/ ) to find out roughly how long it would take a hacker to guess your password.

Re-connecting


Concordia Alumni Connect is a great place to reconnect with fellow alumni, gain industry knowledge and share career expertise and opportunities with each other and the next generation of Concordia Alumni.

Sign up

Professional Network


Trying to get back in touch with old classmates? Or to find alumni in your area or field of work? Find the connections you need to further your career or business.

Concordia Map


This map helps you see where in the country, or indeed the world, other Concordia alumni are based.

This could be useful if you are visiting an area for a holiday, on business, or completely relocating to a new place and keen to connect with others who share your experiences of Concordia!

eMentoring Platform


The eMentoring platform is designed to help alumni and graduating students connect so that alumni can advise and give guidance to Concordia alumni embarking on their chosen careers. This could be anything from a few emails or checking a CV/application, to meeting face to face or even offering work experience.

The idea is that alumni can donate as much or as little of their time as they can spare to helping those in need of a helping hand at the beginning of their careers.