How To Create A Strong Password And How To Manage It Afterwards To Protect Your Accounts

How to create a strong password and how to manage it afterwards to protect your accounts

Today we are going to explain how to protect your online accounts against computer attacks. For that, first, we are going to give some tips to create passwords that are as secure as possible, and then we will continue with a series of recommendations to manage them later and reinforce the security of your online accounts.

You have to keep in mind that nowadays password security is something secondary when it comes to protecting yourself since the most important thing is how you manage those passwords afterwards. This means that it is not only important to follow the first tips to create a good password, but then you have to follow the second ones so as not to make classic mistakes such as using the same password in several services, something that minimizes your security.

To write this article we have had the collaboration of two experts in online security. On the one hand, we have been helped by Josep Albors, a cybersecurity specialist and head of research and awareness at ESET Spain, and on the other, Pablo F. Iglesias, a digital presence and online reputation consultant at

Between them, they have provided us with the series of tips that you have below divided into two sections. First, we give you advice on how to create a strong password, and then we go on to tell you how to strengthen the security of your online accounts by managing those passwords that you have created.

How to create a strong password

How to create a strong password

What you never have to do, to begin with, is use short passwords that can be obtained through social engineerings, such as your pet’s name, dates important to you, or zip codes. Also, don’t do classic substitutions like changing an e to a 3 or an o to a 0, as these are tricks that cybercriminals are familiar with, and keep an eye on the lists of the worst passwords to know which ones you should NEVER use.

Do not focus on criteria and predefined formulas. This means that you forget that in a password you have to have certain alphanumeric characters, that one of them has to be in uppercase, and that another is a symbol. All these classic formulas are also known to cyber criminals, so it is one of the things they will try to test when it comes to guessing what you have.

It is also important that you use passwords that are easy to remember but difficult to guess. A very effective means is to use combinations of several words, which although have no logical relationship between them, you can relate to remember.

This technique has been proven to be more effective than simply combining uppercase, lowercase, numbers, and special characters into a short password. These are not only predefined formulas that we have already recommended not to use, but they end up being so intricate that sometimes they end up being so difficult to remember that they lose all meaning.

If you’re looking for as strong a password as possible, you can use resources like the ZXCVBN estimator, an open-source tool created by Dropbox to estimate password strength. Many strength meters that appear on the web when creating a password are not accurate, so based on Dropbox you can create much better passwords.

How to create a strong password 1

You can put this into practice in this online demo. In it, you can write your password, and below it will put the time it may take to resolve. You also have a guesses_log10 field in which the higher the resulting figure, the more secure the password you are testing will be.

How to manage them to protect your accounts

How to manage them to protect your accounts

Unfortunately, today it is of little use having taken the appropriate trouble to create a good password if we do not manage it correctly later, which in the medium and long term can lead to minimizing its effectiveness. Therefore, now we leave you a series of steps that it is important to take after creating the password to keep your accounts safe.

One of the main recommendations is not to reuse passwords on more than one website. Try to have a different password on each website, so that if someone manages to crack one of your passwords or obtains it thanks to a leak, they cannot use it to access your accounts on more than one website or online service.

Try not to share your passwords with anyone else, as doing so greatly increases the chances of them falling into the wrong hands. This may be because the person with whom you share them uses them to access your accounts, but also because they do not know how to keep them safely stored and a third party ends up knowing them.

It is important to change your passwords from time to time. Protecting your passwords is not always 100% up to you, as there may be leaks that expose them online. That is why it is important to change your passwords so that if they end up being leaked, you prevent someone from using them.

In this sense, it is also advisable to periodically look at pages like Have I been Pwned. It is a web veteran that collects all password leaks. In it, you only write your email and the web tells you if any password has been leaked in services in which you have used it. In this way, if you see that there has been a leak, you can prevent it and start changing passwords.

And since we are talking about emails, it is also advisable to use several email accounts to register on different websites. Emails are used as identifiers, and if you use several you will minimize the impact that someone accessing one of them could have. For example, you can have an email for services for personal use, another for those related to work, and even a third for less important applications.

Use whenever you can the double authentication factor. It is about two-step verification, a security option offered by most large services such as WhatsApp, and which means that to finish identifying yourself in a service you need a second step after entering the password.

The second step that is required depends on the service. Some send you a code by SMS that you have to enter after the password, although it is not the most secure method, while others ask you to create a pin or interact with the same application using another device such as your mobile. Although it sounds annoying, it is important to activate it if you do not want them to enter your account.

And finally, when in doubt, use third-party applications to manage your passwords. It is possible that after having read all these tips you are a little lazy to do them all, something that can endanger your online security. That’s where password managers come in to do all of this for you.

These password managers will take care of creating strong passwords for the online services in which you are registered, and they even change them periodically. By using it you will go from having to remember several passwords to a single master password. Of course, it is also important to periodically change the passwords of these managers and apply all our advice to them, since the security of the rest of your accounts depends on them.