Your password sucks, here's how to make it better

By Alex Choros

Last updated 08 February 2021

Passwords. They're pretty important, hey? They’re all that stands between you and unfettered access to your digital life.

Sure, you might not think anyone wants to read your emails, watch movies using your Netflix account, or hack into your online bank. But that doesn't mean you shouldn't take precautions. After all, it would be awful to open up your banking app and find that someone has stolen money.

What's especially concerning is many of us are using AWFUL passwords. According to NordPass' analysis of 2020 data breaches, "123456" is still the world's most popular password. It's followed by "123456789", "picture1", and "password".

You might even think a password like "PurpleMonkey59" is good, but since it's using common words, it's still vulnerable to hacking techniques like dictionary attacks. Replacing the "o" with an "0" doesn't make it much better.

But it's okay, we're here to help you create a password that's actually strong.

How to make a strong password

A strong password should be at least twelve characters in length; feature uppercase letters, lowercase letters, numbers and symbols; and avoid the use of common words.

A good approach is making an acronym for a long phrase that can be easily remembered.

For example, if the phrase was your favourite Sleep lyric - "up from the milk crate throne, on the sabbath day walks alone" - "uftmctotsdwa" would be a good basis for a password.

You could then swap the "a" for a "4", the "t" for a "7" add a few capital letters, the "s" for a "$" and a symbol or two to the end. In this case, "Uftmc7O7$dw4%" would be your final password.

#1	SpinTel	SpinTel 100/18 Mbps typical evening speed Unlimited Data $65/mth Min. cost $65 Deal: Includes $16.95 off your plan for first 6 months! $65/mth for first 6 months, then $81.95/mth	100%	Go to Site
#2	Tangerine Telecom	Tangerine Telecom 100/17 Mbps typical evening speed Unlimited Data $65.90/mth Min. cost $65.90 Deal: Includes $20/mth off for the first 6 mths, $65.90/mth for first 6 months, then $85.90/mth + 3 months BINGE. Ends 30.06.25	39%	Go to Site
#3	Dodo	Dodo 100/17 Mbps typical evening speed Unlimited Data $73.90/mth Min. cost $73.90 12mths Deal: Incl. $15/mth discount for 12 months based on the standard price $88.90/mth*. Ends 29.04.25. T&Cs apply.	22%	Go to Site
#4	Exetel	Exetel 100/17 Mbps typical evening speed Unlimited Data $65.99/mth Min. cost $65.99 Deal: Includes $19/mth off for first 6 months - $65.99/mth for first 6 months, then $84.99/mth	20%	Go to Site
#5	TPG	TPG 100/17 Mbps typical evening speed Unlimited Data $79.99/mth Min. cost $79.99 Deal: Get Price Beat Guarantee + $79.99/mth for first 6 months, then $94.99/mth. T&Cs apply.	13%	Go to Site

Use a password manager

In addition to making a strong password, it's also important not to reuse passwords. Creating a unique password for each online service you use might sound tedious, but it gives you another layer of security. If one password is compromised (in the event of a major hack, for example), anyone who obtains that password won't implicitly have access to the rest of your online accounts.

If you need a way to keep track of all of your unique passwords, we'd recommend a password manager like 1Password. Password managers are essentially a vault where you unique passwords behind a master password.

Password managers can also generate strong, unique passwords for you, to save you the hassle of coming up with a password yourself. These will be the kinds of passwords you won't really be able to memorise, but most password managers have extensions that hook directly into web browsers.

If you're an iPhone user, there's an integrated password manager as part of iOS and MacOS. There's even an extension for hooking it into Chrome on Windows. If you're an Android user, Google has a password manager that's linked to your Google account.

Alternatively, we're big fans of 1Password. You'll pay $2.99 USD per month for it but it's worth every cent.

Turn on two-factor authentication

While a strong password is important, two-factor authentication can further help secure your online accounts. If you have two-factor authentication enabled on an account that supports it - say your Apple ID or Google Account - you'll also need to provide a time-dependent verification code after you enter your password when logging in.

These verification codes are typically delivered to your phone via a notification, a text message, or an app.

Services like Facebook and Twitter allow two-factor authentication, as do many banking apps. We recommend using an app called Authy to manage your two-factor authentication code verification. Authy is available on Android, iOS, and Windows, and can sync across devices.

If a service supports two-factor authentication, you'll typically find it under its security settings.

Get the best telco deals first

View Privacy Policy

What not to do when creating a password

Don't make your password one word. Don't just make it a string of numbers. This might seem obvious, but as aforementioned, the most popular or "worst" password list is still topped by the likes of "123456" and "password". If your password looks anything like this, please change it. Immediately.

Hacking tools are becoming increasingly sophisticated, and are better at cracking passwords that might not seem insecure. For example, a dictionary attack will try and brute-force your password by putting together random combinations of words and numbers. To go back to our earlier example, something like "PurpleMonkey59" may seem secure, but the fact it follows a pattern undermines the complexity. Since it is just two English words followed by a number, there's potential for it to brute-forced. Adding symbols creates further complexity, but you're still following a pattern.

Some dictionary attacks also factor in common misspellings or alterations of words. For example, if you use "D4rk" instead of "Dark", that won't necessarily be enough to dramatically increase the strength of your password.