The key to a strong password is length. Your passwords should be 8 characters long at the very least, and difficult for someone to guess. Avoid using personal information, especially if someone can find the answer on social media, or by searching your name online.
In addition to length, secure passwords also use a mix of uppercase, lowercase, numbers and symbols.
This may seem daunting but there is a simple solution. Try using a passphrase instead of a password. A pass phrase is a short saying that you modify to become a strong password. For example, “Thund3r Sh0wers at Suns3t” would be a very strong password that’s also easy to remember.
Why use different passwords for each account?
Imagine if one key opened your front door, your car, your bank, and your safe. If someone got hold of your one key — poof — they have access to everything. That’s more or less your situation when you recycle passwords. If it’s someone has access to your one, key password, they have access to everything.
Cyber criminals know people reuse passwords, and after a major password leak, they’ll try using those passwords and email addresses to get into all kinds of sites. Often, it works.
Don’t get caught in this trap. The solution is simple: have different passwords for every online account. That way if one account is compromised you can rest easy knowing your other accounts are still safe.
If you think it would be difficult to remember all those passwords, move on to the next section for an easy solution.
Why get a password manager?
A good password manager safely stores all your passwords, remembers them and can generate strong passwords for you. This makes it incredibly easy to use different, hard-to-remember passwords for every account, so you only have to remember the one master password to get in. All the security – less hassle!
But what if someone gets your master password? Luckily, quality password managers have prepared for this by ensuring they only work on your registered devices. That way, if someone tries to log in from an unregistered device, the password manager will block access until the user completes a second, or third login step, like entering a secret code that is emailed or texted to you. If you get an email saying someone is trying to login from an unknown device, you’ll know you should change your master password as soon as possible.
In addition to emailed and texted codes, some password managers also let you add fingerprint, and face recognition options and devices you trust — this is called multi-factor authentication, and it offers convenient, powerful protection for your password vault.
What is multi-factor authentication and how do I use it?
How does multi-factor work?
If you’ve ever used a fingerprint reader on your phone, you’ve used multi-factor! For example, when you download an app from an app store, it first checks you’re on a trusted device (Factor 1) and then verifies you’re you with your fingerprint (Factor 2).
If you’re on a computer, usually it’s like this: when you enter your username and password, you’ll be asked for a verification code that will be texted to your phone. Pop in that single-use code, and you’re in. Ta-da! Multi-factor authentication!
Why should I use multi-factor?
Last year, 450 million passwords were leaked from major Internet companies. Adding an extra layer to your passwords significantly decreases the risk of someone accessing your account. Think of it like a second lock on your door, or a moat surrounding a castle.
What sites and services offer multi-factor?
You can activate multi-factor in the settings for most major websites. Our friends at twofactorauth.org have put together a comprehensive list of websites and services that offer MFA here.