If you had the option to choose the shape of the key to your front door, would you choose it to be flat and even?
Use a password that is hard to guess.
Security firms regularly report the most widely used and most obvious passwords, and the same suspects always pop up. ‘Password’ is perennially popular, as is ‘123456’ and ‘iloveyou’. The user’s own name is also a common choice. Anyone trying to hack your account will check for these options first.
Do not use passwords that express your opinions, affiliations, or enthusiasm. “Mars^Mission2021!” is just as bad of a password as your own name, even though it contains the different characters and symbols and so on, if you are a fan of Elon Musk’s work. If the information can be found out about you on your social media or by chatting with you, that is a bad idea to include them in your password.
There are very simple programs that can take all those key words know about you and put them in combinations and try them out faster that I can snap my fingers at my puppy. You do not want to put yourself in that spot.
Never Write Your Passwords Down
It is called a thing you know! The purpose of a password is that no one knows it but you; once you write it down then no one will ever be able to say who now knows it.
The place a password should be registered is memory. Only.
Also, and for the same reason, never share your password with anyone.
Sharing Passwords (Or Accounts) With Others
Or did we say that already? That is okay, we will say it again. It is that important!
If anyone uses your password to login
Use a Password Manager
A password manager will remember everything you don’t want to; and it will make it easier to change your passwords as often as you need to, and it will help you find the old accounts that you no longer user to get them deactivated.
Choose a password manager (we are not going to advertise any) and use it for a week. You will find that you cannot do without it anymore.
Make Passwords Long Enough
Short passwords, even when they are random enough, can still be guessed in a relatively short amount of time. While on the other hand, a longer password can be next to impossible to simple guess, at least not in our lifetime.
the password complexity to a 13 character increases the time needed to crack it to more than 900,000 years at 7 billion attempts per second. This is, of course, assuming the password does not use a common word that a dictionary attack could break it in a few minutes.
Relying on Passwords Only. Use MFA!
Okay so now you have a strong password. It is not enough. Because there are ways around a password that hackers and bad guys know very well.
I will not talk jargon to you if you promise to trust me on this one. Anywhere that you need to use an email and a password, use 2 factor authentications of some sort if they have that service available.
Now don’t think less of the passwords because I said that! Passwords are absolutely necessary, and they need to be setup properly. But sometimes a hacker can capture some information, for example the hash of your password, and send that to login. They would not know your password, but they would be able to login! Therefore, two factor authentications.
Searchable Security Questions
Lie on your security questions.
Truthful security questions (like your mother’s maiden name) are all things that can be searched online. Often, the answers to them are public.
Security questions are used for password recovery. When they are unsafe, the entire account is exposed and potentially wide open for a password reset requests. So, when the question is “what is the name of your first pet”, please write something other that your first pet. Let the answer be “green grass next to the pool”. Why not. You can choose anything to be the answer to that questions, and it is essential that whatever you choose could not be guessed by a well-informed person.
The “L3T M3 SP34K” Password
If your password contains complete words and you make letter-to-number or letter-to-symbol substitutions for individual characters, you have mostly done nothing to mke it more difficult to guess.
You might think (c@b1eC4BL3) is a lot stronger than cableCABLE, but unfortunately it is not.
People who work to break passwords know that people like doing this, and will try all these substitutions anyway.
So What Is a Good Password?
Long story short: Jimble&Squimzel!@% is a better password than mumboJoumbo. It is possible to remember, yet difficult to guess. Use a password made up of words that don’t necessarily exist but can make something familiar to your ears, something you can remember like a song in a foreign language. Include all the signs and symbols on there, keep it longer than 12 characters… And only se it in one place! And this is key!
I would have a password like this for an account I would have to get into without the password manager, like the email address used to setup the password manager! And I would activate two factor authentication and not even use this email to create social media accounts.
All other access, if you would take my advice, allow you password manager to generate a random string of the highest complexity and let it do the remembering of those passwords which you know are complex enough, and again, activate 3FA when possible.