The weakest point in any security for your online accounts is usually your password. If one person is able to guess or retrieve your password, they bypass almost every security measure. The person could delete, change and even leak your personal information.
This guide will help you create good, strong passwords that are hard to guess or crack. Read through the following tips and check your own password. If you feel your password isn’t secure enough, we strongly recommend that you change it now.
Traditional Passwords Are No Longer Safe
Password-cracking techniques have matured quickly and significantly in the past few decades, but the way we create our passwords hasn’t kept pace. As a result, the most common advice you’ll hear about creating a strong password today is very outdated and impractical.
A password created with that advice, like jal43#Koo%a, is very easy for a computer to break and very difficult for a human to remember and type.
The latest and most effective types of password attacks can attempt up to 350 billion guesses per second, and that number will no doubt increase significantly over the next few years.
Thus creating a strong password today requires modern techniques.
Choose a Modern Method
There are many different approaches to generating a strong password, but password managers and passphrases are the best. Choose the one that works for you, and then read its corresponding section further along in this article to learn how to get started.
Best: Use a Password Manager – A password manager is a software application on your computer or mobile device that generates very strong passwords and stores them in a secure database. You use a single passphrase to access the database, and then the manager will automatically enter your username and password into a website’s login form for you.
You never have to worry about picking a good password, remembering it, or typing it again. This is the easiest and most secure method available today, and we strongly recommend that you use it.
Good: Create a Passphrase instead of a Password – A passphrase is similar to a password, except that it’s based on a random collection of words, rather than a just one. For example, copy indicate trap bright.
Because the length of a password is one of the primary factors in how strong it is, passphrases are much more secure than traditional passwords. At the same time, they are also much easier to remember and type.
They’re not as strong as the kinds of passwords generated by password managers, but they’re still a good option if you don’t want to use a password manager. They’re also the best way to generate the master password for a password manager or your operating system account, since those can’t be automatically filled in by the password manager.
Additional Tips For Both Methods
There are other things to remember as you compose passwords that will help you keep your information secure.
- Don’t use the same password twice. Many popular websites fail to adequately secure your password in their systems, and hackers routinely break into them and access hundreds of millions of accounts. If you reuse passwords from site to site, then someone who hacks into one site will be able to login to your account on other sites. At the very least, make sure that you have unique passwords for all sites that store financial or other sensitive data, or ones that could be used to hurt your reputation.
- Make sure your email password is also strong. With many online services, your email address serves as your identification. If a malicious user gains access to your email, they can easily reset your passwords and login to your account.
- Don’t share your passwords. Even if you trust the person, it’s possible an attacker could intercept or eavesdrop on the transmission, or hack that person’s computer. If you suspect that someone else knows your password, you should change it immediately.
- Don’t send your password to anyone in an email. E-mails are rarely encrypted, which makes them relatively easy for attackers to read. WordPress.com staff will never ask you for your password. If you must share a password, use a secure method of transmission like pwpush.com, and set the link to expire after the first view.
- Don’t save your passwords in a web browser. They often fail to store the passwords in a secure manner, so use a password manager instead. See the section on password managers above for more information.
- Don’t save passwords or use “Remember Me” options on a public computer. If you do, then the next person to use the computer will be able to access your account. Also make sure you log out or close your browser when you are done.
- Don’t write down your password. If it’s written down somewhere and someone can find it, it’s not secure. Store passwords in a password manager instead, so that they’ll be encrypted. See the section on password managers above for more information. The exception to this rule is storing unrecoverable passwords (like the master password for a password manager, or your operating system account) in a secure manner. One good way to secure them is to keep it in a safe deposit box, or locked in a safe.
- Don’t change your passwords, unless you suspect they’ve been compromised. As long as you have the type of strong password recommended in this article, changing it frequently will not do anything to minimize the risk of it being compromised. Because changing them can be a burden, it often tempts people to adopt bad practices in order to make the process easier, which increases their vulnerability to attacks. If you suspect someone has gained access to your account, though, then it’s always a good precaution to change your password.