Skip to Content
© Ronstik |
Security & privacy

Bad news: The trick you use for stronger passwords doesn’t work

With cybercriminals constantly looking for new ways to rip you off, you have to take security seriously. Since passwords are your first line of defense against cybercrime, it’s the first place to begin strengthening security.

Unfortunately, many people are still using weak passwords that take hackers a matter of seconds to crack. You wouldn’t believe how many people are still using things like “password123.” Tap or click here for a list of the 20 worst passwords that are actually in use.

How do you come up with a strong enough password while still being able to remember it? The good news is that scientists have come up with a far better system to help you protect your identity. And not having to click on the “Forgot password” button every two months.

Passwords shouldn’t be difficult

Researchers from Carnegie Mellon’s CyLab Security and Privacy Institute found that the sweet spot is memorable passwords that consist of 12 characters. How do they know this? Because they’ve spent nearly a decade researching this very problem.

In 2016, a team of researchers noticed that traditional password and security policies for many websites are wrong. While they require users to create multi-character, symbol and number passwords, it didn’t always mean it was more secure.

RELATED: Billions of passwords for sale on the Dark Web – this one was used 7 million times

Another problem is the more complex a password is, the easier it is for the user to forget it. And this is the problem that the team set out to solve.

By creating a password strength meter powered by an artificial neural network, you can test your own skills at creating a strong password. The meter provides you with a strength score and suggests stronger phrases when needed.

After they discovered what constitutes a strong password, the team put it to the test. In an online study, the team asked participants to create random passwords against various security policies.

Easily remembered

As expected, the passwords that conformed to the team’s password strength meter outclassed the other policies. Not only did the passwords pass the test, but users could recall the passphrase up to five days later.

“The policy we developed allows users to create passwords that are both easier to remember and more secure against sophisticated attackers,” said Lorrie Cranor, director of CyLab and a professor in the Institute for Software Research.

RELATED: Use this tool to finally take control of your passwords.

The researchers are now hoping that other websites will make use of their technology. The password strength meter is only a few kilobytes in size, making it ideal for coding into services and apps.

You can be assured that the team’s hard work has taken all factors into account. To arrive at the perfect 12-character password, they tested their system against several minimum-length requirements, character class requirements, minimum-strength requirements and password blocklists.

If you struggle to remember a password, you should never write it down. The best solution would be to use a password manager like our sponsor, RoboForm.

Password managers function as the name implies: They store and manage all your website and services passwords. The only password you need to remember is the master phrase to the service.

Password managers remember all the phrases, security questions and identities, and log you in when visiting a website. They can also suggest and change passwords for you. In fact, some managers will automatically require you to change passwords every two months. That in itself is an excellent idea.

With a free RoboForm account, you get many great features like unlimited logins to sites and services, multi-platform support (Macs, PCs, iOS, Android, multiple browsers) and bulletproof AES256 encryption.

For even more powerful features, you can upgrade to a RoboForm Everywhere subscription. For just $19.95 per year, you can get extra perks like multi-device syncing, two-factor authentication and more. Save 50% on RoboForm Everywhere and manage your passwords with ease and security.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days