How secure is my password?

“Better safe than sorry” may be an old saying, but when it comes to your email password, it definitely still holds true. Because if an unauthorized person gains access to your email account, it can have serious consequences. So what are best practices for a strong password?

Besides correspondence you’d rather keep private or all the details of your freelance business, your inbox may contain data about your bank account and login credentials for other important sites you use. In other words, your password is the key that unlocks access to this personal data. Keep reading to find out:

  1. Why are strong passwords important for email accounts?
  2. What is a strong password?
  3. What makes a password weak?
  4. Is two factor authentication a good idea?
Metal lock on laptop keyboard
A strong password is like a lock protecting your email account

The importance of email password security

When creating an email account, it’s all too easy to choose a password like QWERTY123 or the name of your pet or favorite team. But passwords like that are also extremely easy to guess, and that’s the last thing you want. If someone hacks into your email account, they can see all your emails – including messages from all the online services and stores you use. From there they can, for example, go to your favorite online shopping site, enter your email address, click the “Forgot password” button, and in less than a minute receive a password that lets them log in to that site as you. Now they have access to your saved credit card information – just imagine the shopping spree they could go on!  To avoid such problems down the road, follow our tips for keeping your password secure and avoiding the biggest password mistakes.

How to create a strong password

To make your password safe, the two top things to keep in mind are:

  1. The strongest passwords are a mix of letters, numbers and special characters. A safe password will always contain several upper- and lowercase letters, numbers, and special characters (! # $ % [ ] * + = ?, etc.).

  2. Longer passwords are more secure. Although many websites still only require a minimum of eight characters, nowadays security experts recommend that you use at least 12 or even 16 characters for optimal password strength.

Given these two principles of a strong password, what is the best way to create a safe password you can actually remember?

Use a mnemonic to create a strong password

If you are looking for strong password ideas, try the old trick of taking a memorable sentence and using a character to represent the first letter of each word of the sentence. Just make sure your mnemonic includes numbers and symbols as well as letters. To take one well-known example, the famous quote “To be or not to be – that is the question!” becomes  “2B/n2B-thithq!” If remembering a long sentence also gives you trouble, choose short sentences about your own life and use the first two letters of each word: “I jog every Monday at eight” becomes “IjoevMon@8am”.

Combine several random words into a safe password

Our email security expert recommends combining several seemingly random words (with the requisite mix of characters) to create a strong password that is still easy for you to remember. For example, if you have two children and two pets, a strong yet easy-to-remember email password could be “2Kids-2Cats-Inbox-Message”, while “2Kids-2Cats-Salary-Payments” could be used for your online banking. Tailoring the last two words of the password to the service in question means you’re less likely to forget it.

Weak passwords: Mistakes to avoid

1. Don’t use a single word as your password, no matter how unusual. In a so-called “dictionary attack,” a hacker essentially tries lists of words found in a dictionary as possible password options to gain access to accounts. So even an obscure word like “octothorpe” will not protect you, nor will a word in a foreign language. (Combining several dictionary words with special symbols as described above is considered very safe, however).

2. Don’t use leetspeak! Using a single word as your password and simply replacing one letter with a number (like “Pa55word” instead of “Password”) is not enough to withstand a brute force attack, where a hacker uses automated software to try as many combinations as possible to crack your password.

3. Never use number and/or letter sequences like “1234abcd” or “QWERTY”. Such passwords are regularly found on lists of most common passwords, and are extremely easy to guess.

4. Don’t reuse the same password for multiple accounts or services. It may be easier to just remember one password for all your logins, but if there is any kind of cyberattack or data leak at one of the online services you use, cybercriminals will then hold the key to all your other online accounts as well. If you find it challenging to keep track of all your different passwords, consider using a reputable password manager.


What about multi-factor authentication?

To add an extra layer of protection, you can also set up two-factor authentication (2FA) for your account and many other online services.

What is 2FA and how does it work?

With 2FA activated, when logging in to a device or account you are asked to provide a numerical code or another “second factor” (like a biometric scan) in addition to your password. If you activate 2FA protection for your account, you will be asked to enter a one-time code generated by a smartphone authenticator app each time you log in on your computer. It is not possible to log in without this code.

Why activate two-factor authentication?

With two-factor authentication, your account remains safe even if your password should fall into the wrong hands. It not only protects you from hacker attacks, but also keeps your account safe if another user gains access to any passwords saved in your internet browser or phone.

For detailed information, check out our deep-dive on 2FA.

Pro tip: If you use the Mail App on your mobile device, as an alternative to 2FA you can also enable PIN protection or even activate biometric authentication. This protects your email and cloud account against unauthorized access should your phone ever be lost or stolen.

Did you find this article helpful? Please give us some feedback below!

Images: 1&1/Shutterstock

271 people found this article helpful.

Related articles

Types of two-factor authentication: Which 2FA is best?

What to do if you click on a phishing link

Are security questions secure? Not really – here’s why