Module 1: Creating Strong Passwords

Course 1: Account Security Fundamentals

Progress: Module 1 of 2

🔐 Creating Strong Passwords

Passwords are your first line of defense. But most people still use weak passwords that can be cracked in seconds. Let's learn how to create truly strong passwords based on modern security guidelines.

Why Password Strength Matters

Cybercriminals use sophisticated tools that test millions of password combinations per second. A weak password like "password123" can be cracked instantly, while a strong 15-character password could take centuries.

      💡 Key Fact: According to CISA, password-related breaches are among the most common causes of data theft. Using strong, unique passwords is one of the simplest yet most effective protections.
    

Modern Guidelines: Length Over Complexity

Recent guidance from NIST has shifted away from complex requirements toward emphasizing length:

Aim for at least 15 characters - Length is the most important factor
Use passphrases - Combine 4-7 unrelated words
Make each password unique - Never reuse across accounts
Avoid personal information - No names, birthdays, or pet names

The Passphrase Method

The best way to create a strong, memorable password is using a passphrase—multiple unrelated words combined into one password.

Good Passphrase Examples:
• correct horse battery staple
• blue mountain coffee sunrise 2025
• pizza dragon telescope harmony!
• wandering elephant jazz festival

These passphrases are:

Long enough to resist brute-force attacks
Easy to remember (they create a mental image)
Difficult for others to guess
Not found in password dictionaries

What to Avoid

Certain patterns are extremely vulnerable:

Common passwords: "password", "123456", "qwerty"
Sequential characters: "abc123", "12345678"
Keyboard patterns: "qwertyuiop", "asdfghjkl"
Personal info: Your name, birthday, phone number
Single words: Even with substitutions like "P@ssw0rd"
Repeated characters: "aaaaaa", "111111"

Password Reuse: A Critical Mistake

Using the same password across multiple accounts is extremely dangerous. When one service is breached, attackers try those credentials everywhere—a technique called "credential stuffing."

      ⚠ Real Impact: The 2023 Verizon Data Breach Report found that 86% of web application attacks involved stolen credentials. Using unique passwords ensures one breach doesn't compromise all your accounts.
    

Using a Password Manager

Remembering dozens of unique passwords is nearly impossible. Password managers:

Generate strong, random passwords for each account
Store passwords securely in an encrypted vault
Auto-fill credentials on websites
Sync across all your devices
Alert you to weak or reused passwords

Popular options: Bitwarden, 1Password, LastPass, Dashlane

Test Your Knowledge

← Back to Course Overview

Module 1: Creating Strong Passwords

🔐 Creating Strong Passwords

Why Password Strength Matters

Modern Guidelines: Length Over Complexity

The Passphrase Method

What to Avoid

Password Reuse: A Critical Mistake

Using a Password Manager

Test Your Knowledge

📝 Module 1 Quiz

Question 1: What is the recommended minimum password length?

Question 2: Which is the strongest password?

Question 3: True or False: It's okay to reuse a strong password across multiple accounts.

Question 4: What is the main advantage of using a passphrase?

Question 5: What percentage of web application attacks involve stolen credentials?