Password Strength

Published on April 3, 2020
Last modified on September 14, 2020
Password Strength

Passwords have become a crucial component of nearly everything we do online. In our business and personal activities, passwords protect our sensitive information from hackers; but a password is only as strong as you make it.

According to an online security survey performed by Google, in partnership with Harris Poll, 52% of respondents reported that they reuse passwords across multiple accounts and 13% said that they use the same password for all of their accounts.

Weak passwords and password reuse present a serious security risk. Below, we offer some guidelines to follow to create a strong, unique passwords.

Password Construction Guidelines

Strong passwords have the following characteristics:

  • Contain both upper and lower case characters (e.g., a-z, A-Z)
  • Have digits and punctuation characters as well as letters (e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:”;'<>?,./)
  • Are at least eight alphanumeric characters long
  • Are not a word in any language, slang, dialect, jargon, etc.
  • Are not based on personal information, names of family, etc.

Passwords should never be written down or stored online. Try to create passwords that can be easily remembered. One way to do this is to create a password based on a song title, affirmation, or other phrase. For example, the phrase might be “This might Be One Way To Remember,” and the password could be: “TmB1w2R!” or “TmB1W>R!” or some other variation. (Do not use either of these examples as passwords!)

Poor, weak passwords:

  • Contain less than eight characters
  • Can be found in a dictionary (English or foreign)
  • Are names of family, pets, friends, co-workers, fantasy characters, etc.
  • Are computer terms or names, commands, sites, companies, hardware, software
  • Use birthdays and other personal information such as addresses and phone numbers
  • Utilize word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
  • Include any of the above spelled backwards
  • Include any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Disclaimer: The GUARD Wire is designed to provide general information about various topics of interest and should NOT replace the guidance, advice, or recommendations from licensed insurance or legal professionals, other industry experts, or state and federal authorities.