Passwords. Everyone has ‘em. We gotta have ‘em.
Some security researchers imagine a world where passwords are eliminated, but for now they are all we have in terms of keeping accounts and information secure.
Though you may think your password rocks, and you’re being kept safe by those little black dots hiding your password while you type, passwords are heavily exploited for a few reasons:
- They are too simple/common
- They get reused everywhere
- They are easy to guess with a little research
Here are a few tips that, if used, will give you the best chance of keeping your accounts safe from breaches and hacks.
7 Ways to Make Your Passwords Super Safe
Use a Strong Password
This is a no-brainer, but exactly what is a strong password? We’ll expand on aspects of a strong password below, but things that make up a strong password are:
- Hard to guess
- Hard to crack
- Not used anywhere else
Strong passwords make it much harder for bad actors to break in. There are 3 ways hackers might try to breach your account. They may brute force your account using giant lists of common passwords. They may use password dumps found on the dark web from past breaches to “spray” your other accounts to see if that password was reused anywhere. Finally, they might simply send you a phishing email to trick you into handing over your credentials.
With good password habits and a keen eye for phishing, these can be avoided.
Use a Long Password (or even a passphrase)
Simply put, the longer a password is, the harder it is to crack. One thing security researchers have started recommending is to use a “passphrase” to make a long string of text easier to use. For example, “K33pOut0fmy@cc0unt!!” is a 20 character password, but it is much easier to come up with and remember compared to a string of 20 random characters.
Don’t Reuse Passwords
Of all things to take away from this article, this should be the one. No matter how long and strong your password is, if you use it in multiple places it can leave you vulnerable.
One thing hackers commonly do is to take a huge list of passwords leaked from previous breaches, and they try them on other sites and services.
For example, if you use the same, albeit strong password for an online store as your bank, in the event that the web store gets breached, hackers might try that password against your bank, and boom, you’re hacked. This is called password spraying and is a large cause of accounts being compromised.
Don’t include personal information in your password
This is a fairly straightforward tip, but avoid including personal information in your password. These are things that could be easily guessed with some research or social engineering.
Take a mental note of all the details of your life that can be discovered via social media or other online sources. Your pet’s name, the car you drive, the school you went to, etc.
Avoid using Sequential Characters
QWERTYUIOP1234!@#$. Solid password right?
You might think you’ve cracked the “strong password” code by running your finger across the keyboard, but in fact you’re probably in the majority.
Just don’t do this. Many different versions of these are on the most popular password lists that even the most novice hacker will use to try to breach you.
Use a Password Manager
Password managers auto-generate and store strong passwords on your behalf. It’s incredibly useful and increases security while making it easier on you. These passwords are encrypted and kept in a centralized location, and you can access it with a master password. Do not lose that password.
Most services are free (or at least offer a free version) and have extra features such as password audits and the ability to sync your password vault across devices. Most password managers even natively integrate with iOS, allowing you to use Face ID or your thumbprint to access your passwords.
Password managers take the burden off you to create and manage complex passwords. Just be sure to research the service you use, and always remember your master password.
Use Multi-Factor Authentication
Multi-factor authentication (MFA) adds an extra layer of security by requiring 2 (or more) methods of verification. MFA is typically made up of an item from these categories:
- Something you know (passwords, pins, etc.)
- Something you are (thumbprint, face, voice)
- Something you have (phone, security tokens, debit card. etc)
A debit card is a good example of MFA. You’re combining something you have (the physical card) with something you know (your PIN).
The most common method of MFA is using an SMS-based authentication, where a code gets sent to your phone. Other, supposedly more secure options include apps that generate codes that expire every minute, while physical methods are also considered to be very secure. We won't name these services by name in this post, but you can easily do your own research to find the best option.
While MFA adds security, it doesn’t make you bulletproof from hackers. The attacker can get around it if they gain access to the device or phone number used for MFA. Additionally, they could trick you into entering your MFA code into their fake environment.
Always be wary of “password reset” emails you are not expecting, and be careful when you receive MFA texts that seem odd or unexpected as well.
"My passwords stink. Where do I start?"
Here's a good spring cleaning tip to get your password habits in ship-shape. Take inventory of all the accounts you have (the “promotions” tab of your email might help with this), and start resetting your passwords to single-use passwords.
If you choose to setup a password manager, this is a good time to start creating and storing passwords there.
Now, as you move forward, keep these tips in mind whenever creating a new account. Use tools like MFA and a password manager to make it easier on you.
When you use these tips, password safety is as easy as ABC123!!!