Making your most important accounts more secure
Passwords are still widely used and necessary to provide a basic level of security for your accounts. But how strong your passwords are still make a difference when it comes to securing your accounts. This is how to make sure your passwords are doing their job.
1) Don’t re-use passwords (on accounts that matter)
This is the golden rule. Any account that is important—those attached to your email, your money, your files, etc—has to have a unique password. Many people use the same password on different sites, which means if someone guesses that password, or it’s exposed in a data breach, hackers can get into many of your accounts. Unique passwords avoid that problem.
2) Go Long
Length is more important than complexity when it comes to passwords. When you get over 10 or 12 characters it becomes very difficult to guess or automate a password hack, assuming you don’t use a common phrase. An obscure line from a song, the last four street names you lived on, or five random words run together are far stronger than your dog’s name with the number 1 replacing I’s.
3) Be complex
While length is the fastest and easiest way to make a strong unique password, adding numbers or special characters in the mix enhances the complexity. But don’t think using 0’s for o’s or similar replacements are sufficient because hackers will assume you’ll do that.
4) Avoid common words and commonly known passwords
Incredibly, the most common passwords are still “password” and “123456.” These fail because they’re short and known for being common. Avoid passwords that are comprised of well-known words or use personal details such as your kids’ or dog’s name, your mother’s maiden names or things everyone uses as passwords. Hackers know this and will try them first.
5) Consider passphrases
For any important accounts, you should use a passphrase instead of a password to make it even more difficult to guess. A passphrase is a password made up of 4 or 5 or even 6 words strung together. They can be a sentence or better yet, a nonsensical jumble of words. You can use special characters between words to increase the complexity. Here are a few examples.
6) Use a Password Manager
As soon as you start using one long password made up of a series of words, and especially if it has numbers or special characters, it will be hard to remember. When you have 5 passwords created like this, it’s nearly impossible and when you have 10 or more, it is definitely impossible. By that point, a password manager is required, which would remember these passwords for you – it’s the price of admission for modern life.
Creating a long, strong password (phrase): An example
To begin, we recommend you commit to changing passwords at your bank, your main email account, and your cloud storage account. This means you’ll need three new unique long passwords.
The bank password should be very strong – so let’s take two song lyrics we like and mash them up. “Dance Beneath The Diamond Sky” and “Lucy In The Sky With Diamonds” will do. So ‘DanceLucyBeneathSkyDiamonds’ could be it, but you don’t actually type this that often, and you don’t want to lose your money, so let’s add numbers and characters to make it even more complicated. So let’s make it: ‘Dance4Lucy&Beneath@Sky(Diamonds).’ As you create passwords of this length and complexity, definitely drop them in your password manager.
Email account passwords are used frequently, so you might want to use a password that’s easier to remember, even if you’re using a password manager. Have a favorite sonnet you remember from high-school? Use the second line or start at the third word. So ‘leavethisplacewherethe smokeblows777’ it is.
Cloud storage holds our files, our photos, and many things we don’t want stolen or worse, shared broadly on the internet. Let’s get personal with a twist here, combining the names of the schools you attended – so perhaps that one could be ‘DoughertyHarrisonCranston&Boulder.’
Long, strong, weird, unique, kinda memorable, easy to type. Remember, put any password created like this in your password manager.
If you don’t have a password manager, write your passwords down. Keep the paper at home or in your wallet. The risk of someone getting that paper is far less than the risk of them guessing simple or re-used passwords.
When you do get a password manager, they can create very long and complex and unique passwords for every account. You never even have to know or remember them as they type passwords in for you too. So all of these rules above are for use until you get into the habit of using a great password manager all the time.