Let’s face it: A majority of us are bad at creating (or simply remembering) strong passwords, but they are an unfortunate necessity. From personal banking to ordering a pizza, almost every online interaction requires the use of a password in today’s digital world.
Passwords are supposed to keep our accounts secure. Many of us have lots of them, or variations of one password, for dozens of accounts.
So, naturally, people look for shortcuts. Choosing easy-to-remember but also easy-to-crack passwords, making them essentially worthless and prime hacker bait.
Security experts recommend changing passwords on a regular basis, specifically every 90 days to six months. But if you aren't yet in the habit of changing them that frequently, why not start at least once a year in honor of National Cyber Security Awareness Month?
Start protecting yourself with these five steps for better, stronger password hygiene. While you’re at it, encourage your friends, family, employees, and co-workers to do the same.
Step 1. Don’t use the same password for multiple accounts.
Are you using the same password for all of your online accounts? If yes, this is a hacker’s jackpot. You may have one really complex password but if you use it for all your accounts, they could all be compromised.
Create a unique password for each account.
Step 2. Create strong, complex passwords and passphrases.
The more complex you make a password, the longer it takes a malicious hacker to correctly crack and gain access to your account.
What are strong passwords?
- They’re long. We’re talking at least 14 characters.
- They’re complicated. These passwords are made up of letters, numbers, and special characters in hard-to-guess patterns.
- They take years to crack.
Avoid using obvious or easy-to-predict passwords that include your name, initials, birthday, pet’s name, or other personal, public information.
And don’t assume trivial modifications, such as changing “a” to “@”, will make your password invincible against a cybercriminal.
Sadly, no single password is guaranteed to be 100 percent hack-proof. That said, strong password production is a fine art, but not impossible to master with the tips mentioned above. Passphrases are also a good idea. Or stringing a list of unrelated words together: “cheesegoldfishyellowbottle”. They may be longer but could prove to be even easier for you to remember than gibberish.
Step 3. Change your passwords on a regular basis.
Play a proactive role in protecting your private online information by regularly changing your passwords. Create a reminder or set a password changing schedule.
The more often you change, the better.
Step 4. Understand what makes a password vulnerable.
Don’t enter your username and password into fields on an unsecured site. The easiest way to ensure a site is secure is to make sure “https” is at the beginning of the website. You can also check for a golden or green lock in the URL bar. If you log in to a site that isn't secured by an SSL certificate, your login information won’t be encrypted and an attacker can see your username and password in plain text. If there’s any doubt that a site isn’t secure or encrypted, change your password.
In addition, don’t write down your password.
Remembering passwords can be a pain, but a sticky note with your password scribbled on it left in plain sight is irresponsible.
If you must document your passwords or make a physical list of them, protect it like you would your money.
Step 5. Consider using a password manager.
A password manager can generate long, complex and random passwords.
The best part?
It can also remember them for you. Just make sure your master password for your password manager is super strong (and consider adding two-factor authentication on top of it), so a hacker can’t swipe all your passwords at once.
Lucky for you, we’ve found a list of the most reputable passwords managers to get you started.
Failing to create super strong online passwords isn’t just lazy; it jeopardizes your banking information, credit card number, social media and email accounts, and more.
Don’t let a weak password allow your personal data to be low hanging fruit within hackers’ reach.