How to Create a Strong Password for Your Account - Santander
Create a Strong Password for your Account.
What is the purpose of a strong password?
Passwords are strings of characters used in conjunction with an account that act as a security access key. Password security is crucial to preventing unauthorized access to accounts across the internet. So many websites, services, portals, apps, etc. see developing strong password security as essential. Along with other security features, strong passwords help to prevent your account from being hacked, prevent identity theft, and ensure that your personal information safe from unauthorized users. For maximum account security, strong passwords should be difficult for both humans and machines to figure out.
What are the most common passwords?
Change your password immediately if you use one of these passwords below, or a similar variation. According to SplashData, a market research company who compiled the top 100 most common passwords from more than five million passwords that were leaked by hackers in 2017, "use of any of the passwords on this list put users at grave risk for identity theft."
|2018 Ranking||Password||2017 Ranking|
|1||123456||(Unchanged from 2017)|
|2||Password||(Unchanged from 2017)|
|3||123456789||(#6 in 2017)|
|4||12345678||(#3 in 2017)|
|5||12345||(Unchanged from 2017)|
|6||111111||(New for 2018)|
|7||1234567||(#8 in 2017)|
|8||sunshine||(New for 2018)|
|9||qwerty||(#7 in 2017)|
|10||iloveyou||(Unchanged from 2017)|
|11||princess||(New for 2018)|
|12||admin||(#11 in 2017)|
|13||welcome||(#12 in 2017)|
|14||666666||(New for 2018)|
|15||abc123||(Unchanged from 2017)|
|16||football||(#12 in 2017)|
|17||123123||(Unchanged from 2017)|
|18||monkey||(#15 in 2017)|
|19||654321||(New for 2018)|
|20||!@#$%^&*||(New for 2018)|
|21||charlie||(New for 2018)|
|22||aa123456||(New for 2018)|
|23||donald||(New for 2018)|
|24||password1||(New for 2018)|
|25||qwerty123||(New for 2018)|
Is my password strong?
The Defense Department's research agency, DARPA, released a study in 2013 that tracked passwords at a Fortune 100 company and found that about half of all passwords followed common patterns. Certain programs for password hacking use this tidbit of information to take advantage of common human-made password patterns to “crack” the code and gain entry.
Strong passwords avoid the common password patterns in order to prevent these cracking programs from guessing your password easily.
The top three most common password patterns were:
The top three most common password patterns were:
- One uppercase, five lowercase and three digits (Example: Sunset123)
- One uppercase, six lowercase and two digits (Example: Defense12)
- One uppercase, three lowercase and five digits (Example: Rose12345)
Aside from the occasional family or significant other account snooper, most password hacking comes in the form of password cracking programs. These programs can go through hundreds of character combinations in a short amount of time. As technology gets better, the time it takes to go through millions of attempts is shortened from months to days. Shorter passwords are much easier to crack, making longer passwords more secure. Password hackers use different known dictionaries: English words, names, foreign words, phonetic patterns and so on; two digits, dates, single symbols, etc. They run the dictionaries with various capitalizations and common substitutions: “$” for “s”, “@” for “a”, “1” for “l” and so on. These password cracking programs may exploit any opportunity to use what is already known about you to help improve the accuracy of the cracking software.
- The password should be at least 10 characters long (12-16-character passwords preferable; the longer the better).
- It has to contain a random collection of letters (uppercase and lowercase), numbers and symbols (avoid predictable words and patterns).
- Each password should be unique for the account; don't use the same password everywhere (A hacker will go after your other online accounts with that same password).
- Remember it; do not write it down where it could be found by an unauthorized user.
The full-sentence technique works like this: Think of an everyday phrase that you can remember, like "My #1 favorite thing in the world is my cat, Boots," or "I bought my house for $1." Be sure to choose a sentence that includes opportunities for numbers or special characters naturally.
Then that sentence is broken down and converted to a password by grabbing the first letter of each word. "I bought my house for $1" then becomes Ibmhf$1. "My #1 favorite thing in the world is my cat, Boots" then becomes M#1ftitwimcB. Longer sentences as passwords are more memorable than the same number of random letters and numbers.
- Begin by choosing a two-syllable word. For example, “pillar.”
- Use the number of characters from the website home address as the random number for the password.
- Pick a special character.
- Arrange the password as: (First syllable of word, number of characters in website address, all CAPS for the last syllable of word, the special character, then followed by the name of website or portion of the website name). For example, the password for Walmart would be “pil7LAR#walmart,” or the password for Google would be "pil6LAR#google."
- If a site offers two-factor authentication, use it. With two-factor authentication, a text message gets sent when logging in from a new computer.
- Do not save passwords or use “remember me” on public computers.
- If you absolutely need to write down your passwords, keep written passwords stored securely in a safe or a safe-deposit box so that authorized people can only access it in an emergency.
- Do not change your passwords, unless you suspect they have been compromised. It has been discovered that changing your password regularly does not have an effect on the likelihood of it being hacked.
Learn more about the confidence and control you’ll have with digital banking from Santander.