A very large number of the security breaches we read about are because of weak passwords. Nearly all of us are guilty of using insecure passwords. Some of the time it isn’t a big deal. If someone steals your password to your favorite newspaper account, it likely doesn’t matter as much to you as it does to your newspaper company. Of course, if you stored credit card information there, it could be a bigger problem for you than you think. The bottom line is if you don’t want any of your accounts and the information in them accessed by someone else, you need to use a very secure password.
So, what constitutes a secure password? Let’s start with the basics. The longer the password, the harder it is to crack. Consider using at least a 12-character MINIMUM. We like to see 20 – 24 character passwords. Okay, so we agree you should use long passwords.
What else? Before you create that first really secure password, make sure you protect your computer and network with up-to-date antivirus software and a firewall. The most secure password in the world is not secure if it is in an unencrypted file (Word document, text file, spreadsheet, etc.) on a computer that has been compromised. If any of the accounts you access offer two-factor authentication, use it! Many experts recommend periodic (and somewhat frequently) password changing. I agree with Leo’s answer on Ask Leo to this question. Is a periodic password change a good thing?
Back to creating that long password.
- Create passwords using a 12-character MINIMUM. Using 20 – 24 characters increases password strength exponentially.
- Use at least one number, one uppercase letter, one lowercase letter and one special character (symbol).
- Don’t use the names of your family members, friends or pets.
- Don’t use dictionary words, including commonly used foreign words.
- Don’t use common substitutions such as “$” for “s”, “@” for “a”, “1” for “l” and, well, you get the idea.
- Don’t use zip codes, local street numbers, phone numbers, birthdates, ID card numbers, social security numbers, etc.
- Don’t use the same password on multiple sites.
We recommend using a password generator, and creating them at least 20 characters long. There are several good secure password generators online. Here are a few.
For those of you who want to remember your passwords. It is possible to use really long passwords that are easy to remember. Here is an excellent blog post which includes methods to do that.
How to remember those long passwords? Well that is a challenge. We recommend using a password manager application. Because LastPass, one of most widely used password managers, was broken into last month (hackers didn’t access user password vaults because it uses a rigorous cryptography system), some believe using a password manager is not a good idea, but it is a very viable option. This blog post answers the question, “Am I An Idiot for Still Using a Password Manager?”
There are two types of password managers, those online that store your passwords in encrypted databases in the cloud, and applications that you install, and then store your encrypted password database on a file on your desktop computer, phone, or tablet. There are pros and cons to both types, and both can do the job for you. Here are some of the most popular password managers.
Here is how PC Magazine rates (June, 2015) paid and free password managers. Please remember that those ratings, as all ratings of software, are somewhat subjective and a matter of personal preference.
Start today with creating a new and different password for each of your email accounts. Most of us have easy-to-remember (and easier to crack) passwords for our email accounts that really should be changed.
Please remember, Secure Passwords Should Not Be Optional, and using a password manager certainly doesn’t make you an idiot.