Strong passwords are utterly important – they prevent unauthorized access to your electronic accounts and devices.
If you choose a very complicated and long password, you will make it very difficult for a hacker to crack it, whether by a brute-force attack (i.e., trying every possible combination of numbers, letters or special characters) or an automated machine attack trying thousands of combinations per second to guess your one and only.
So, the more complex your password is, the more security it provides for your account. Remember that your account is where you store a great deal of sensitive information that you don’t want to have stolen. As you understand, the stakes are very high. Therefore, taking care of your account password is crucial.
Your account password should never include these:
- any obvious combinations such as 12345, combinations of phone numbers and addresses, or your personal information;
- any string with sequential numbers or letters;
- any part of the username with a slight variation of the password;
- words in the dictionary that a hacker can easily hack with the help of a dictionary program.
So, how can you create a solid password?
You can come up with your own system for this: write any sentence you like, then take the initials of each word and spice them up with a combination of numbers and special characters, for example.
You can also use a password generator; it’s best to use an offline generator, so that your password doesn’t get intercepted. Many password managers such as LastPass or Dashlane also offer built-in password generator tools.
While you are out there trying different passwords, use How Secure is my Password? or a similar tool to find out if your password is strong enough. If it's too easy, the meter will let you know what you can add or remove to make it stronger.
Microsoft users can also use the Microsoft security password checker for this. Mac users can check theirs with the built-in Password Assistant.
Now that you’ve come up with the strongest password possible, it’s time to absorb some principles of good password security practice in daily life:
- Never disclose usernames and passwords to third parties
- Never store usernames and passwords on paper or in an unencrypted computer file
- Update your account password at least every 6 months
- Do not use passwords that have been used in the past
- Never provide credentials when requested through email
- Run regular virus scans on your computer
- Use Two-Factor Authentication (2FA). With 2FA, you will receive a text message for log in and password reset requests. You may choose between SMS, OneTouch, and TOTP (Time-Based One-Time Password) 2FA authentication.
- If you have to share a password, use a site like OneTimeSecret. This site creates a link to a page with your password info (or whatever info you choose), and once the page is viewed once, it is gone forever.
- Don’t save passwords or use “remember me” on public computers