Keeping your bank accounts, emails and social media profiles secure is easier than you might think.
As life becomes increasingly online, using strong passwords for your accounts is more important than ever. But the challenge in creating strong passwords remains: how do you come up with something strong AND distinct for every one of your accounts? Between banking, streaming and social media, it's easy to rack up 80+ accounts and fall into the habit of only using a handful of passwords between them.
According to NordPass' list of the most common passwords in 2020 some of the most used (and most cracked) passwords included: 123456, 123456789, and "password" followed by various number combinations. Assuming you've been smart enough to stay off this list in the past, if you reuse passwords or have the same password for many years, there's a high chance you will become compromised. Strong, unique passwords you can remember are the best defense against getting hacked. Read on to learn the best practices for creating strong passwords, how to see if you've been compromised and tips to make your accounts even more secure.
Longer = stronger
The shortest your passwords should be is 8 characters, but we recommend upping that minimum to at least 12 characters for any business-related accounts. When it comes to creating strong passwords, the longer the better, as the number of characters increases, so do the number of combinations a hacker needs to scan to decode your password. Another way to increase the time and effort needed to crack your password is to include numbers, symbols and alternating upper and lowercase letters. Just make sure to avoid some of the most common combinations.
Avoid common combinations
We know that certain number and letter combinations make up some of the most cracked passwords on the web. To keep your accounts and personal information safe, you'll want to avoid making some of the most glaring mistakes. Never use sequential numbers, letter or keyboard combinations. That includes things like 123456, qwerty, ABCDEFG, 111111, etc. And never use the word "password" in any part of your password.
You also want to avoid using any personal information like your name, hometown or date of birth. If a hacker is targeting you for a password attack, they're going to use all the information they know about you in their guesses. This is also reason to be mindful about what personal information you share online. Many of the social media quizzes or "get to know me" trends reveal answers to common security questions used to protect your accounts.
Use new passwords for each account
The simplest way to protect yourself online is to create unique, strong passwords for each of your accounts. We know that this can seem like overkill for the average person, but this practice can protect you from having to update every login if your email or password for one account gets hacked.
At the very least, you should be using a new password for each different type of account. Never use the same passwords for personal and business accounts, and never reuse passwords for things like social media and banking. However, we will always recommend creating unique passwords and using tricks to make them more memorable.
Use patterns and phrases to make it memorable
We know that longer passwords are more secure but how do you remember so many long, complex passwords? One trick is looking to things like movies, literature or personal sayings to help create a more memorable password. For example, let's say you're a fan of the quote 'To be, or not to be: that is the question'. Using the tips we know about character count and variety, we could translate this easy-to-remember phrase into a strong password:
While yes, this is a common phrase, including multiple words, symbols, numbers and alternating upper and lowercase characters makes the password harder to crack. Another strategy for using multiple words is to combine odd, unrelated words to create a password with meaning to you. This could be historical figures, a favorite hometown business, landmarks or even words in other languages. The less association between them, the better.
Selecting words that conjure a certain style or mental image will make them easier to remember. If an actual sentence seems more manageable, you can also create a secure password from a seemingly random phrase. For instance, "I prefer my Pan Dulce on rainy Tuesdays" could become:
Something that looks like total nonsense to anyone else, is an easy-to-remember ode to your favorite snack. Just make sure not to post about your love of Conchas in the rain.
Use password managers to help keep track
A password manager can help you keep track of your individual passwords by storing them all in one place. Popular browsers like Chrome and Firefox will offer free password managers tied to another password-protected account. For this master password, you'll want to make sure you're creating the most secure password possible, as this will be the key to the rest of your logins. We recommend using more secure third-party password keepers which offers a higher level of security than the free browser options. PC Mag has a list of their top recommended password keepers here.
The best way to protect the keys to your data kingdom is to take steps to prevent breaches. That means regularly checking to see if your emails and passwords are on the dark web and setting up extra security measures like two-factor authentication for your accounts. Mozilla's Firefox Monitor will search your email address against public data breaches and notify you if any accounts tied to your email address have been compromised.
With two-factor authentication (sometimes called 2FA), you'll be prompted to enter additional information (usually a code or PIN number) before being logged into an account. That way, anyone with your password will still need access to your trusted device (usually a cell phone or email address) to gain access to your account. Many apps and websites will utilize text messaging to send 2FA codes, but this method can still leave you vulnerable to attacks. A scammer can easily steal your phone number and intercept the secondary verification code.
A safer way to receive authentication codes is to use a third-party app like Microsoft Authenticator. As a bonus, you'll have the option to register your trusted devices to prevent having to enter a code every time you sign in.