Password best practices have changed over the last decade, yet many companies and users alike have been stuck using outdated guidelines. As per statistics from the 2019 State of Password and Authentication Security Behaviors Report, which compiled results from a survey of 1,761 IT and IT security practitioners:
- 69% share passwords with colleagues to access accounts
- 51% reuse passwords across their business and personal accounts
- 57% who have experienced a phishing attack have not changed their password behaviors
- 67% do not use any form of two-factor authentication in their personal life, and 55% do not use it at work
- 57% expressed a preference for a login method that does not involve the use of passwords
The main risk with these above practices is password theft, in which the associated identity is stolen. Here are some common techniques for cracking passwords include:
Dictionary attacks: Dictionary attacks rely on software that automatically plugs common words into password fields.
Cracking security questions: Many people use the names of spouses, kids, other relatives, or pets in security questions or as passwords themselves. These types of answers can be deduced with a little research, and can often be found on your social media profile.
Guessing simple passwords: The most popular password is 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123.
Reuse of passwords across multiple sites: When one data breach compromises passwords, that same login information can often be used to hack into users’ other accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft.
Social engineering: Social engineering is the act of manipulating others into performing certain actions or divulging confidential information It can be employed to trick targets into disclosing passwords.
The anatomy of a strong password
Now that we know how passwords are hacked, we can create strong passwords that outsmart each attack (though the way to outsmart a phishing scam is simply not to fall for it). Your password is on its way to being uncrackable if it follows these three basic rules.
Don’t be silly
Stay away from the obvious. Never use sequential numbers or letters, and for the love of all things cyber, do not use “password” as your password. Come up with unique passwords that do not include any personal info such as your name or date of birth. If you’re being specifically targeted for a password hack, the hacker will put everything they know about you in their guess attempts. While there is no way to guarantee that your accounts won’t be hacked, one of the best lines of defense is to create stronger passwords.
10 tips for stronger passwords
Here’s how to craft stronger passwords that will help stave off malicious actors on the web:
Never use the same password for multiple accounts.
Don’t use personally identifiable terms.
Avoid using common words or phrases.
Use different types of characters.
Make it long.
Consider spelling things wrong.
Utilize multi-factor authentication.
Change your passwords regularly.
Never save or share passwords.
Use a password manager.
Ready to stay safer online? Let’s take a deeper dive into each password strategy.
1. Never use the same password for multiple accounts
Using the same password across different sites is a surefire way to decrease the security of the said password. If a hacker determines your password for one site, they’ll be equipped to hack more of your accounts without any extra work on their part. The simplest way to avoid this disastrous scenario is to utilize not just stronger passwords, but distinct ones for each and every account.
2. Don’t use personally identifiable terms
Sure, using your son’s nickname, your favorite movie, your pet’s name, and so on in your passwords makes it easy to remember them. But it makes them easy to hack, too.
Hackers can find out these tidbits by mining your social media profiles, and odds are good that personally, identifiable information will be the first thing they try if they’re attempting to log into your accounts. Avoid using this info in passwords and opt for something that’s harder to guess instead. (More on that in the next point.)
On a related note? Always be mindful of what you share online. Giving away too much personal information via your social media presence makes it all the easier for hackers to gain access to your accounts.
All right, it’s time to get into the nitty-gritty of what makes for a stronger password — make passwords long and unusual. To craft stronger passwords, keep the following tips in mind.
3. Avoid using common words or phrases
In other words? “Password,” “12345” and “qwerty” are out. Also remember to avoid using easily identifiable information such as your spouse’s name, your wedding date, and so on.
4. Use different types of characters
Instead of opting for just letters or just numbers, opt for a mixture of characters — including ones such as %, @, $, numbers, uppercase and lowercase letters, and so on.
5. Make it long
The same Consumer Reports survey cited above found that 29 percent of people who use passwords for sensitive accounts utilize a password that has seven or fewer characters. That’s bad news because the report also found that longer passwords take significantly longer to crack. (We’re talking the difference of weeks or even years!) Opt for eight characters at an absolute minimum; somewhere in the neighborhood of 15 is even better if you’re serious about stronger passwords.
6. Consider spelling things wrong
Intentional spelling mistakes can make it harder to guess a password. For example, the word “fantastic” might be guessable, but the word “fentestic” would be harder to crack.
7. Utilize multi-factor authentication
As the landscape of digital security evolves and stronger passwords become less of a sure thing from a security standpoint, multi-factor authentication is emerging as one potential solution.
Two-factor authentication requires that you both know the password for an account and possess a device that is linked to that account in some way.
For example, after trying to log into your account, you might receive a text on your phone with a code that allows you to complete the login process. Unless you have both the password and the extra security code, it will be darn near impossible to log in. Enabling two-factor authentication can make it much more difficult for hackers to access your account.
8. Change your passwords regularly
Passwords degrade in quality over time, because the longer a password is in use, the more time hackers have to attempt to crack it. Stay one step ahead of cybercriminals by changing your passwords on a regular basis.
As a general rule, it’s a good idea to change out all of your passwords at least every three months. Make sure to never reuse old passwords.
Even stronger passwords won’t protect you if you don’t protect them.
9. Never save or share passwords
Never save your passwords or check the “remember me” box when you’re using a public computer. Better yet, try to avoid logging into personal accounts unless you’re on a private device.
Never share your password unless you are sharing it in person with someone you deeply trust. If you have a written list of passwords to help you remember them, avoid storing this list on your computer or phone.
Because electronic devices are hackable, this means you could potentially put all of your accounts at risk. If you must keep a list of passwords, use pen and paper and store the list in a secure place. Whenever possible, avoid writing down your stronger passwords — period.
10. Use a password manager
If you’re struggling to manage your stronger passwords (now that you’ve got them), consider using a password management system. Here’s a roundup of some of the best password managers.
Regularly crafting stronger passwords (plus having to remember them) can be a real pain. But taking the time to create stronger passwords is undoubtedly less of a hassle than dealing with the fallout of being hacked. Follow these 10 basic tips for stronger passwords to stay safer online.