Skip to content
Back to Security Center

Creating Strong Passwords

Why Weak Passwords Fail

Every year, data breaches expose millions of passwords. The most commonly leaked passwords include predictable choices such as "123456", "password", and "qwerty". Attackers use automated tools that can test billions of combinations per second, meaning a short or simple password can be cracked in moments. If you reuse the same password across multiple accounts, a single breach can give criminals access to your email, social media, banking, and marketplace accounts all at once.

You can check whether your email address or passwords have appeared in known data breaches by visiting Have I Been Pwned, a free service run by security researcher Troy Hunt.

What Makes a Strong Password

A strong password has several characteristics that make it resistant to both automated attacks and educated guessing:

  • Length: Aim for at least 12 characters. Longer passwords are exponentially harder to crack.
  • Complexity: Mix uppercase and lowercase letters, numbers, and special characters.
  • Unpredictability: Avoid dictionary words, names, dates of birth, or any information that could be found on your social media profiles.
  • Uniqueness: Never reuse a password across different accounts. Each account should have its own distinct password.

The Power of Passphrases

One of the most effective techniques for creating a strong yet memorable password is to use a passphrase. A passphrase is a sequence of random words strung together, such as "correct horse battery staple" or "umbrella triangle forest candle". Passphrases work well because they are long enough to resist brute-force attacks whilst remaining easier to remember than a random string of characters.

The National Cyber Security Centre (NCSC) recommends using three random words combined together as a practical approach to password creation. For example, "purpleMonkeyDishwasher" is far stronger than "P@ssw0rd!" because its length provides significantly more entropy.

Why You Need a Password Manager

Remembering a unique, complex password for every account is practically impossible without assistance. This is where password managers become essential. A password manager is a secure application that stores all your passwords in an encrypted vault, protected by a single master password. Popular options include Bitwarden, 1Password, and KeePass.

Benefits of using a password manager include:

  • Automatic generation: Password managers can create truly random passwords of any length and complexity.
  • Secure storage: Your passwords are encrypted and stored safely, so you do not need to write them down or save them in a document.
  • Auto-fill: Many password managers can automatically fill in login forms, reducing the risk of entering your credentials on a phishing site.
  • Cross-device sync: Access your passwords on your phone, tablet, and computer seamlessly.

One Password Per Account

Using the same password across multiple services is one of the most dangerous habits in digital life. When attackers obtain a list of leaked credentials from one service, they immediately try those same email and password combinations on other popular platforms. This technique, known as credential stuffing, is remarkably effective because so many people reuse passwords.

On KF.Social, your account protects your personal information, your marketplace transactions, and your social connections. If an attacker gains access using a password you also use elsewhere, they could impersonate you, make fraudulent purchases, or access private messages. Always use a distinct password for your KF.Social account.

Practical Steps to Improve Your Password Security Today

  1. Check your existing passwords against Have I Been Pwned to see if any have been exposed in a breach.
  2. Install a reputable password manager and begin migrating your accounts to strong, unique passwords.
  3. Start with your most critical accounts: email, banking, and social platforms such as KF.Social.
  4. Enable two-factor authentication wherever possible for an additional layer of protection.
  5. Set a strong master password for your password manager using the passphrase technique described above.

For more detailed guidance on password security, read the NCSC's password guidance. Taking a few minutes to strengthen your passwords now can save you significant trouble in the future.

Two-Factor Authentication Explained

Two-factor authentication adds a critical second layer of protection to your accounts. Learn the different methods available and how to set them up.

Read article

What to Do If Your Account Is Compromised

If you suspect your account has been compromised, acting quickly is critical. Follow these steps to regain control and protect your data.

Read article

Safe Browsing Habits for Social and Marketplace Users

Safe browsing habits protect your personal data and financial information when using social platforms and online marketplaces.

Read article
Back to Security Center