Your passwords are like the lock to your house. You would not offer the keys to random people or install a simple lock that any criminal could pick easily. Any compromise to your password security could potentially hurt your credit, financial health, identity, and more.
A strong password can help protect you from these situations. Check out these five best practices compiled by your experts at Data Evolution, and let us know if you have any other questions.
Use a long password
For a long time, the standard recommended length for passwords was eight characters. It was generally thought that a shorter, more complex password was the safest option.
More recently, thoughts around password lengths have changed. Experts now recommend that you make your password at least twelve characters long. If you want to know why, take a look at the infographic below:
A brute force password attack guesses possible combinations of numbers, letters, and special characters. Longer passwords have more possible combinations that need to be tested, making them much harder to crack.
Include a range of character types
While a longer password automatically requires more effort to hack, we still recommend using a mix of numbers, uppercase and lowercase letters, and symbols. As you can see from the infographic above, including a range of character types in your password also increases the password’s difficulty exponentially.
Even a password that meets the recommended length of twelve characters should use a variety of character types. A twelve-character password that only uses numbers takes less than thirty seconds to hack, but a password of the same length that uses numbers, uppercase and lowercase letters, and symbols could take up to 34,000 years to hack.
Where does your password fall in this chart? Even if you update your password regularly, you still want each password to be complex enough that it would take more than a lifetime to crack.
Purposely misspell words
Many people tend to use names or common words in their passwords, so password cracking systems are often based on words from the dictionary. A straightforward way to thwart this type of cybercriminal technology is to purposely misspell any words you use in your password.
Even better than misspelling one word is using a string of misspelled words that use a range of character types and meet the recommended length of twelve characters or more. Our next piece of advice shows you how to combine these first three tips using one easy method.
Develop habits around a phrase that is easy to remember
Here is a simple way to create a long password that uses a variety of character types and includes misspellings of common words. Think of a sentence, phrase, or string of words that is easy to remember. It helps if the phrase is meaningful to you in some way but does not include obvious pieces of personal information.
Next, play around with ways to “complicate” this phrase using numbers, uppercase and lowercase letters, and symbols. If you use a long sentence or phrase, you could use the first letter of each word or substitute some words for symbols. If you use a shorter sentence, phrase, or string of words, you could misspell some words or substitute some letters for symbols.
Let’s say you choose the phrase “Yellow Submarine” for your password. Now try mixing in some character variety and misspellings, such as the following: [email protected]
This password is 14 characters long and uses a mix of numbers, upper and lowercase letters, and symbols. According to the chart, it could take up to 200 million years for a hacker to brute force it.
Use multi-factor authentication
The final secret to a strong password: supplement it with multi-factor authentication (MFA). Many work systems and social media platforms already offer MFA methods, such as using Google or Microsoft Authenticator when logging into Facebook or Outlook. If you haven’t turned this option on already, we recommend setting this up right away.
MFA requires you to present two or more pieces of evidence identifying you as the owner of your account – for example, your password and an authentication code. This method supplements your strong password with a randomly generated code sent to your phone number or authentication app, making your security even stronger.
You may be worried that MFA will be frustrating or time-consuming, but there are many convenient options that allow you to access authentication codes directly on your smartphone. The few extra seconds it may take to log in using this method are well worth the excellent security.
Any compromises to your electronic safety can create a logistical nightmare or financial headache for you, your family, or your employer. You can prevent this by creating a strong password developed around an easy-to-remember phrase and using twelve or more characters, a mix of character types, purposely misspelled words, and multi-factor authentication.
Taking these best practices and security standards seriously may save you a great deal of effort later on. Do you have any other questions about password security and protecting your online accounts or information? Get in touch with your experts at Data Evolution to learn more.