Secure Passwords - User Guide | Sesecpro

Secure Passwords

Learn to create and manage strong passwords that protect your personal and professional accounts from unauthorized access.

Read time: 15 min Level: Basic For Users

Introduction

Passwords are the first line of defense for our digital accounts. A weak password can compromise not just one account, but potentially our entire digital identity and personal data.

Alarming Fact

81% of data breaches are due to weak or compromised passwords. A strong password can be the difference between security and identity theft. (Source: Verizon DBIR 2024)

The Future: Passkeys

Passkeys (FIDO2/WebAuthn) are gradually replacing traditional passwords. They use public key cryptography and are phishing-resistant. Available on:

Apple: iCloud Keychain (iOS 16+, macOS Ventura+)
Google: Google Password Manager (Android 9+, Chrome)
Microsoft: Windows Hello (Windows 10+)

Recommendation: Enable passkeys where available (Google, Microsoft, PayPal, etc.)

123456

Most used password in 2024 (NordPass)

<1 sec

Time to crack "password" (offline attack, modern GPU)

65%

Users reuse passwords (Google 2023)

Characteristics of a Secure Password

Minimum Length: 16+ characters

Recommended minimum: 16 characters. Each additional character exponentially increases security. An 8-character password can be cracked in hours; a 16-character one can take centuries.

Character Variety

Combine uppercase, lowercase, numbers, and special symbols.

Avoid Personal Information

Do not use names, birth dates, addresses, or easily obtainable information.

Uniqueness

Each account must have a unique and different password.

Strength Examples

maria123

Very Weak

<1 sec (GPU brute force)

Maria123!

Weak

~5 min (dictionary attack)

M@r1a_L0v3s_C0ff33_2026!

Strong

~3 centuries (offline brute force)

Technical note: Times assume offline attack with modern GPU (RTX 4090: ~100 GH/s for MD5). Online attacks are slower due to rate limiting, but data breaches expose hashes for offline attacks.

How to Create Strong Passwords

Passphrase Method

Create a memorable phrase and modify it:

1 Think of a phrase: "I like to drink coffee in the morning"

2 Take the first letters: "Iltdcitm"

3 Add numbers and symbols: "Iltdc@M2026!"

4 Result: A strong and memorable password

Substitution Method

Replace letters with similar numbers and symbols:

A → @ E → 3 I → 1 O → 0 S → $

Example: "MorningCoffee" → "M0rn1ngC0ff33_2026!"

Pattern Method

Create a base pattern and adapt it for each site:

Base pattern: [Site][Symbol][Year][Symbol][Personal word]

For Gmail: Gmail@2026!MyCoffee

For Facebook: Face@2026!MyCoffee

Password Managers

Recommendation

A password manager is the safest and most practical way to handle multiple strong and unique passwords.

1Password

From $3/mo

✅ Intuitive interface ✅ Secure sharing ✅ Security audit

Bitwarden

Free / $3/mo

✅ Open source ✅ Robust free plan ✅ Self-hosting

Proton Pass

Free / €4/mo

✅ Swiss privacy (GDPR) ✅ Open source ✅ Proton ecosystem integration

KeePassXC

Free (local)

100% offline and local Open source Maximum control Autofill Secure notes

Basic Setup

Install the App

Download the app on all your devices and the browser extension.

Create Master Password

This will be the only password you need to remember. Make it very strong.

Import Passwords

Migrate your existing passwords from the browser or another manager.

Generate New Passwords

Replace weak passwords with automatically generated ones.

Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring something you know (password) and something you have (phone/token).

Authenticator Apps

Recommended: Google Authenticator, Authy, Microsoft Authenticator

Pros: Works offline, more secure than SMS

Security Keys

Most secure: YubiKey, Google Titan Key

Pros: Phishing resistant, very secure

SMS (Not Recommended)

Vulnerable to SIM swapping attacks

Cons: Vulnerable to attacks, depends on coverage

Best Practices

Regular Change

Change passwords every 90 days for critical accounts, or immediately if you suspect compromise.

Do Not Reuse

Each account must have a unique password. A compromise should not affect other accounts.

Secure Storage

Never save passwords in plain text files or unencrypted notes.

Do Not Share

Passwords are personal. If you need to share access, use sharing features of the manager.

Secure Connections

Only enter passwords on HTTPS sites and from trusted networks.

Monitoring

Regularly review security reports from your password manager.

Common Mistakes to Avoid

Using personal information

Names, birth dates, addresses are easy to guess.

Keyboard patterns

"qwerty", "123456", "asdfgh" are extremely vulnerable.

Obvious substitutions

"password" → "p@ssw0rd" is still predictable.

Short passwords

Less than 8 characters can be broken in minutes.

Reuse

A security breach compromises all accounts.

Sharing passwords

By email, message, or verbally exposes credentials.

Recommended Tools

Password Generators

Bitwarden Generator

Integrated generator with advanced options

Use →

Strong Password Generator

Free and secure web tool

Use →

Security Checkers

Have I Been Pwned

Check if your passwords have been compromised

Check →

Password Meter

Evaluate the strength of your passwords

Evaluate →

2FA Apps

Google Authenticator

Official Google app for 2FA

Download →

Authy

2FA with cloud synchronization