Tips for Creating Strong Passwords
We’ve all seen movies where a hacker is perched in front of a computer typing furiously, attempting to hack someone and steal their information. In reality, hacking is a lot less dramatic, and happens all the time. We are all at risk of having our information compromised, but we can all boost our levels of security with a few simple tricks. Read on to learn how to create a stronger password.
Ways passwords get hacked
Before we dive into some tips, it is important to understand the ways that hackers get our passwords in the first place. Here are some common methods of password hacking:
Phishing:
Phishing is a psychological tactic where cybercriminals try to manipulate you into giving them your personal information. Phishing attacks typically come in the form of an email from a seemingly reputable party, like a bank or a network provider. The goal of the email? To get you to log in with your real account credentials, thereby passing them along to the phisher. For example, you may get an email that tells you there’s a problem with your account, asking you to click on a link to verify your identity by logging in with your password. The site will be designed to look legitimate, so if you’re not paying attention, you won’t even realize you’re handing your information right over to hackers.
Brute Force:
This type of attack occurs when a hacker continuously enters different guesses of what your password may be until they are able to get in successfully. Hackers use computer programs to automate the guessing and make thousands of guesses in seconds. This tool estimates how long it would take for a computer to crack your password. The password “dogpark5”, for example, would take only one minute to crack.
Keylogging:
There is a type of software called a keylogger that can track your keystrokes. Sometimes hackers will install a keylogger on your computer, maybe by getting you to click a link that downloads the software, unbeknownst to you. Once a keylogger is installed on your system, the hacker has visibility into everything that you type and can easily collect your passwords.
Credential Stuffing:
This type of attack relies on the fact that many people use the same password for multiple accounts. A hacker that already has your login information for one website will then attempt to use that username and password combination for many other websites. Hackers can pretty easily find stolen login information on the Dark Web, or through data breaches, and use that information to try to log into other sites.
Good, Better, and Best: How to Layer Strategies for Excellent Security
The key to great password security lies in layers. More than just doing one thing and hoping it works, we want to form a collection of ironclad habits around our account usage. When used together, the following strategies can go a long way toward protecting your accounts.
Good: Use a Unique Password for Every Account
Healthy passwords start with the basics: don’t recycle your passwords. As tempting as it can be to use the same password for all the accounts that you use, this is one of the easiest ways to have your information compromised. As explained above, if someone has the password for just one of your accounts, and you use the same password for multiple accounts, you could become the victim of password spraying.
Better: Make a Strong and Unique Password
It’s one thing to use a different password for every account–but if those passwords look like “password123”, it’s not going to help much! By making passwords that are unique, you can further prevent anyone from guessing your password.
- Avoid using personal information. Your password should not contain information that can be easily found on the internet, like your name, address, city, birthdate, and so on.
- Make it long. While it’s harder to remember, yes, a longer password is simply more secure. Your password should be at least 8 characters (which most websites require anyway), but if you can get it up to 12-16 characters, that is ideal.
- Include a mix of character types. Don’t just type two words and call it a day. Your password should include a mix of numbers, symbols, and uppercase and lowercase letters.
- Don’t use sequential numbers or common keystrokes. When inserting numbers into your password, avoid sequential numbers like “12345”, as well as common keystrokes like “qwerty”. Choose numbers and letters that are far apart from one another on your keyboard.
Best: Two Factor Authentication
For an extra layer of security, always use two-factor authentication. Two-factor authentication offers an extra layer of security that is highly recommended – particularly for accounts like email, banking and social media, where sensitive data is stored. This two-step process involves entering two pieces of information on top of a password: first, entering your username and password to verify your identity. The second piece of information, or “factor”, will be:
- Something you know, like a PIN or an answer to a question
- Something you have, like a smartphone, or
- Something you are, like a fingerprint
There are two common methods of two-factor authentication: through SMS or through an authentication app, like Google Authenticator, which generates unique, one-time authentication codes that refresh every 30 seconds. When you log into an account that is using two-factor authentication, it will prompt you to enter the authentication code you received.
Password Management
It’s all well and good to recommend using a different password for every account–but remembering that many passwords can be very challenging! Here are some options to wrangle your passwords:
- Keeping a physical journal or notebook with usernames or passwords. Be sure to keep this in a secure place, preferably at home and protected.
- Using a password manager. This option comes with a huge warning: not every password manager is going to give you the level of security you want or need. It’s important to fully research a password manager before you dive in. If and when you do find a provider you feel safe with, a password manager can be a very useful tool.
What’s not recommended? Keeping a list of passwords in one of your accounts that aren’t meant to secure passwords! Don’t keep a list of passwords on your phone or in your email, for instance. Whether method you choose, the key is to have a secure system that keeps track of all of your passwords.
Online Safety Recommendations
As technology continues to advance, safety recommendations will too. Here are some basic rules to keep in mind when you’re interacting with technology:
- Never click on a link within an email. It’s always better to navigate directly to the site, especially if the email is asking you to login or verify information.
- Make sure your software is always up-to-date. This rule applies to computers, but it also applies to phones, cars, and anything else with a “brain”!
- Keep your information to yourself. Unless someone else absolutely needs to know, don’t share logins or passwords.
- Beware phone calls from tech support. If you receive a phone call or direct message from someone claiming to be tech support, do not give them any information. Call the company directly via a phone number that you found, not that they gave you.
Safety in Seconds
Now that you know what makes a strong password and some basic steps to protect you and your information, it’s time to update the strength of your passwords. Updating only takes a short amount of time, but it can save you a significant amount of headaches and complications should your accounts get hacked.