8 Tips for Creating Secure Account Passwords
In today’s digital age, creating strong and secure passwords is essential to protect your online accounts from hackers and cybercriminals. Weak passwords are one of the leading causes of data breaches and identity theft. To help you safeguard your personal information, we’ve compiled eight essential tips for creating account passwords that are both strong and memorable.
1. Don’t Make Your Password Easy
Many of us are guilty of creating a pin with our birth month, day, or even birth year. As tempting as it may be, including birthdays, names of family members or pets, social security numbers, and phone numbers aren’t recommended. Cybercriminals can easily find this information online. Usually, accounts will have specific password criteria; however, we recommend creating a unique password with a combination of numbers, symbols, and upper and lower-case letters.
2. Longer is Better
According to the National Institute of Standards and Technology (NIST), you should consider using the longest password or passphrase permissible (8–64 characters). Long-tail passwords are harder to crack, so the longer the password, the better. The NIST also advises that internet users should not use consecutive characters (e.g., 1234) or recurring characters (e.g., hhhh).
3. Get Creative
A common mistake that users make when creating passwords is using the network name as the password. For example, having a Facebook password set as Facebook123. If you’re guilty of doing this, it’s time to get creative! As mentioned above, use a variety of characters. For example, “Pass Go and collect $200” can be transformed to “p@$$GOandCLCt$200”. Hackers often use dictionary attacks and lists of common passwords to break into accounts, so it’s important to get creative!
4. Never Share Your Password
It goes without saying that sharing your password is never a good idea. We understand that a password may need to be shared in a workplace for several employees to access an account, but if necessary, avoid sharing your personal password(s) with anyone. Sharing your password with another person puts you at risk of giving that individual access to all your accounts using the same password, and potentially even those with comparable passwords.
5. Use Different Passwords for Different Accounts
Once you come up with a memorable password that is strong, it can be tempting to reuse it—don’t! We understand that you have multiple passwords for countless accounts, and creating the same login for several different accounts would make your life a little easier; however, if one account gets compromised, it could lead to a domino effect of security breaches. Once one account has been hacked, the hacker will try the same password to gain access to all of your other ones. We understand it’s unrealistic to remember hundreds of different, unique, and long passwords. Our next tip can help with that.
6. Use a Password Manager
Never store a list of passwords on your computer in plain text. Managing multiple complex passwords can be challenging, but a password manager can simplify the process. It stores your passwords securely and generates strong, unique passwords for each account. There are several online services that can help users safeguard passwords. Services such as LastPass, DashLane, and 1Password store passwords in the cloud and secure them with a master login. If you don’t want to save passwords to the cloud, use a local password storage program on your computer. Roboform, PasswordSafe or Keepass are some great ones to use.
7. Use Multi-Factor Authentication
In the digital world, “multi-factor authentication” means adding another layer of security. Similar to “Two Factor Authentication,” it requires more than a username and a password to login to the account. Usually, a code is sent to the account holder’s confirmed phone number or email address. Once the code is received, they will need to enter the code to verify their identity in order to gain access to their account. This technique makes it more difficult for hackers to get into an account.
8. Update Your Passwords Regularly
The Better Business Bureau (BBB) recommends changing your password every 30 days; however, the National Institute of Standards and Technology ( NIST) states that frequent password updates don’t improve security and changing your password once a year is enough. There are some other key times when you should update your password, such as:
- After a service discloses a security incident.
- There is evidence of unauthorized access to your account.
- There is evidence of a compromise on your device.
- You shared access to an account with someone else, and they no longer use the login (such as an employee who is no longer with the company).
- You logged in to the account on a shared or public computer (such as at a library or hotel).
Passwords are the most common means of authentication, but they only work if they are complex and confidential. Remember that no password is entirely foolproof, but following these tips can significantly reduce the risk of your accounts being compromised. Prioritize security and take steps to protect your accounts. Learn about more ways you can protect your identity.