3 expert tips to create a secure pass­word

In 1961 the world’s first digital pass­word system was introduced by MIT computer science professor, Fernando Corbato, who needed a way to provide time-limited, secure access to MIT’s research computer (user details were verified against a master pass­word file).

Not every­one was satisfied with the time they were allocated, though, and a PhD candidate named Allan Scherr — unhappy with his weekly hours — inserted his own code into the computer’s operating system, which gave him unlimited access. But it appears this wasn’t enough for Scherr, who — once his access was revoked at the end of his PhD — then proceeded to print out and steal the master pass­word file, thus becoming the world’s first pass­word hacker.

Ever since, there has been an arms race between those looking to secure access to digital systems and those trying to breach them. And whilst cyber security techniques and technology have developed, the underlying motives of hackers remain the same.

In the following tips we provide the latest advice from F‑Secure’s experts on how to guarantee that you have a secure pass­word, ensuring that your details never fall into the hands of cyber criminals.

Despite the increasing usage of two‑factor authentication, a secure pass­word is still a vital component in protecting our online accounts and avoiding a data breach.

Both a strong pass­word and two‑factor authentication are absolutely crucial for securing online identities, explained Laura Kankaala, F‑Secure’s Threat Intelligence Lead.

But it isn’t just about creating a single, secure pass­word that you can use across multiple services: pass­words for online accounts should also be unique.

The uniqueness of the pass­word further protects our online identities. Even if we accidentally type our pass­word in a malicious fake site, our whole online life is not compromised via a common pass­word in the critical services that we use, Kankaala said.

Thankfully, you can create complex and unique pass­words using free tools such as F‑Secure’s strong pass­word generator. And if you want to go a step further, and securely store and access your pass­words, we also recommend using a pass­word manager.

A pass­word manager is an application that generates complex pass­words for you and also stores them securely. To access your pass­word vault, you only need to remember one master pass­word, and your manager does the rest. (F‑Secure’s highly‑rated ID Protection enables you to generate and manage strong pass­words for every online account that you have, and it also monitors data breaches and the dark web, notifying you if any of your accounts have been breached.)

Properly securing your online accounts is vital. The first part of this is coming up with a secure pass­word for each account, which is unique and complex. But you should also enable two‑factor authentication wherever you can, because once an account has been breached, there’s a high probability that you will be locked out — and find it extremely difficult to regain ownership.

For example, when an Instagram account has been hacked, or shut down by Meta (Instagram’s parent company) it can be an uphill struggle for the legitimate owner to reclaim it.

Secure your account, Kankaala explained. It’s not only about strong pass­words. It’s also about enabling two‑factor authentication, activating login requests so you know when a new device tries to access your account, and being mindful which 3rd‑party applications, such as Tinder, have access to your Instagram.

Users who have been locked out of their accounts often spend months trying to get help from the site account recovery process includes submitting pictures or videos of your­self — which creates opportunities for people looking to exploit the recovery mechanism by using photoshopped, or even deepfaked content, to take over others’ accounts, Kankaala concluded.

It’s important that you always use complex and unique pass­words when securing your online accounts. However, there are circumstances where you will need to be able to remember a secure pass­word, such as when you’re logging into a pass­word manager or a Windows domain. In these cases, you can approach things a little differently, and create a memorable pass­word by using a series of random words, also known as a passphrase.

Assuming your organization doesn’t have additional silly complexity rules like pass­words must contain two emojis and at least one gif of a kitten, I suggest using five or more random words for these pass­words that are easy for you to remember and type, said Fennel Aurora, Product Management Community Lead at F‑Secure. Even if your organization requires additional complexity, you can start from the five random words and change a few places to meet the arbitrary rules — add a capital letter, add a number, add a symbol.

The important word here is random. For a five‑word passphrase it would take more than a million years to crack a random selection of five words taken from a 100,000‑word dictionary, but picking five completely random words is actually harder than you might think. Thankfully, F‑Secure has developed its own free passphrase generator, which takes all the pain out of the process.