Passwords: Changing with the Times
October 03, 2022
It’s commonly understood that your password is your first and typically best line of defense for private data and information. Yet, reports show that more than 2 in 3 people reuse the same passwords across multiple accounts – one of the biggest “no-no’s” in the book!
In the not-so-distant past, the generally accepted requirement for passwords on many websites was:
- At least 8 characters
- At least one uppercase and one lowercase letter
- At least one number
- And often a special character
These passwords held up the best because they were (at the time) complex and protected against the guesswork types of hacking that were once popular. Today, cybercriminals have access to much stronger computing power as well as newer, more complex means of hacking.
Familiarize yourself with the steps listed below to create a strong password and evaluate whether you need to rethink your own password security.
1. Never reuse passwords: Reusing the same password across multiple accounts puts you at extreme risk of various cybercrime attacks such as credential stuffing, a very simple and effective tactic which sees cybercriminals test stolen credentials against a big sample of websites all at once. Once in, depending on the accounts and sites that are able to be accessed through this attack, cybercriminals can:
- Seize control of your bank account assets
- Access personal information, such as your Social Security number to steal your identity
- Use your information to harm others via phishing attacks
- Sell your credentials and personal information to other cybercriminals
2. Never use personal information: Despite what you may have been told in the past, no password should ever include references to any easily obtainable personal information such as names or birthdays. A good rule of thumb? If the information is widely known to others or can be easily found via your social media accounts, don't use it.
3. Prioritize password length: No longer, in most cases, should you rely on the outdated 8 character recommendation. The best passwords are those that are at least 12 to 16+ characters long.
4. Avoid using simple words and patterns: Through the use of malicious programs, cybercriminals can very quickly comb through a dictionary of individual words common phrases to crack passwords.
Bonus Tip : Concerned about not being able to remember a complex password? Consider investing in a password manager. These programs are generally affordable and can be used to safely and securely store your password information.
5. Make it memorable. A long password with unrelated words and several special characters is hard to guess, for both computers and humans. It’s also hard for you to remember. If you prioritize length, you can come up with something that is easy for you to remember as well. “TH1$isMysEcuReP@$$w0rd!” lives up to its claim, but it’s not easy to type or to remember exactly where you used the special characters. “This Password Is Really Hard For A Computer Or A Human To Guess” is a better option, despite using only letters and spaces.
6. Continue to evaluate and adjust your password security: Many of us have accounts that require us to periodically update our passwords. When it comes time, don't just add one or two new characters in place of another. Additionally, do not think that simply rearranging words is any better. Creating new, unique passwords based on the tips above will be your safest and best bet.
Worried about how secure your passwords are? Put them up to the test! Security.org provides a completely free and secure tool to quickly test the effectiveness of your passwords. While you're at it, take a look at our blog: 15 Tips to Keep Your Data Private.
This content is for informational purposes only. Readers should under no circumstances rely upon this information as a substitute for their own research or for obtaining specific advice from their own counsel.