Common Pitfalls and 5 Must-Dos When Creating a Password

What is a secure password?

Passwords are like the locks on your digital front doors, but many of us are still putting flimsy padlocks on million-dollar safes. Attackers know this, and they exploit predictable patterns, laziness, and outdated ideas of what “secure” really means to breach our data.

If you think your password is safe because it has a capital letter, a number, and an exclamation mark, think again. “Password1!” might satisfy the complexity rules, but it’s also one of the first guesses an attacker will try because most people rely on similar combinations. 

Here’s a quick breakdown of how attackers take advantage of common password pitfalls:

1. Dictionary Attacks: Attackers try out a list of commonly used passwords, like “123456” or “qwerty.” Sadly, millions of accounts are still vulnerable to this.

2. Credential Stuffing: Reused passwords make it easy for attackers. One leak from a hacked service can give them keys to your other accounts.

3. Pattern Recognition: Human brains love patterns. Dates, names, or “password2024” feel familiar—but they’re painfully predictable to a hacker—especially when they’ve already figured out one of your passwords.

4. Short Length: A short password (even a complex one) takes minutes to crack with modern tools that allow hackers to attempt thousands of passwords a minute.

So, how do you make a better password that’s actually worth the effort? 

1. Think in Phrases, Not Words

Instead of a single word like “Banana!23,” think of a phrase: “IHadACatIn1997!” Long, personal phrases are easier to remember and exponentially harder to crack. We personally recommend grabbing various random words from the dictionary.

2. Avoid the Obvious

Skip birthdays, anniversaries, and pet names. If it’s on your social media, it’s already in a hacker’s playbook.

3. Use Passphrases with a Twist

Make the phrase unique and unrelated to common sayings. For example, instead of “ILovePizza2024,” try “RedSkyPizza!InMyDreams.”

4. Length Matters More than Complexity

A 16-character password like “GreenPenguinsFlyToMars” is far more secure than a 10-character “#H4rd2Gu3ss!”

5. Let Password Managers Do the Heavy Lifting

Despite all our tips above, the best recommendation we can give you is to use a password manager to generate and store a completely random password. It’s safer to have randomized, separate passwords for each of your accounts—and it’s less stressful for you to have to remember them.

Your password is like a shield. A simple, predictable password is like a thin piece of plywood—it looks like it might hold, but a strong shove (an attack) will break it. A unique, complex passphrase? That’s a titanium wall.

Ultimately, strong passwords are just one piece of the puzzle in keeping your digital life secure, and we’ve seen that compromised credentials are a common cause of data breaches. Building better, stronger passwords is a step within our control that we should all be taking today.