Are your passwords secure? What makes a good password?
Let’s look at some basics, you may have been doing all wrong:
- Longer is better: Despite all those prompts for complexity containing unique characters and uppercase letters, length actually matters more. Once you get into the 12-15 character range, it becomes much more difficult for a hacker to guess your password. One caveat: Don’t string together pop culture references or use simple patterns. Mix it up! Live a little! A quick for instance: “fR!end$” much less effective than “pickled fruitloop skydive.”
- Space them out: When you do use those special characters—which, if you opt against a password manager (we will discuss further below), lots of input fields will force you to—don’t bunch them together at the beginning or end. Most people do this, which means that’s what hackers are looking for. Instead, space them out throughout your password to make the guesswork extra tricky.
- No frequent changes: Corporate IT manager keeps making you change your password every three months? Your corporate IT manager is wrong! The less often you change your password, the less likely you are to forget it, or to fall into patterns—like just changing a number at the end each time—that make them easier to crack.
- One time only: At the very least make sure you don’t reuse passwords across different accounts. If you do, a retailer breach you have no control over could end up costing your banking password, and that spells disaster.
- Do not trust your browser: A convenient shortcut to remembering all those passwords, letting your browser remember them for you. You’ve seen the option yourself. You probably even use it on at least one site. Don’t! The option is convenient, but the underpinning security is often undocumented, and it doesn’t require that your password actually be, you know, good. If you need a free and easy option, go with a password manager like Dashlane instead of trusting everything to Chrome.
- Add two-factor: Hate to say it, but these days not even a password is enough. Many of the services you use today—social networks, banks, Google, and so on—offer an added layer of protection. It can come in the form of a code sent to your phone via SMS, or if you want to step it up, through software solutions like Google Authenticator or Apple devices.
Use a Password Manager
A good password manager, like 1Password or LastPass, creates strong, unique passwords for all of your accounts. That means that if one of your passwords does get caught up in a data breach, criminals won’t have the keys to the rest of your online services. The best ones sync across desktop and mobile, and have autocomplete powers. Now, rather than having to memorize dozens of meticulously crafted passwords, you just have to remember one master key. Really this is the best way to ensure safety across all of your online accounts.
As always, we are here to help streamline all of your IT needs. If you or your business needs a little extra help with password assistance, we can help. Perhaps you know of someone else just starting out or looking for some help with their IT needs, as well. Please don’t hesitate to call or pass along our information. (256) 513-8206