Your personal information is a valuable commodity on the digital market, and passwords remain the first line of defense against malware, phishing scams, and data hacks. Unfortunately, years of misconceptions about password strength have left users unsure how best to create a secure login.
For years, passwords were our trusted allies in the fight to protect privacy. The right password should act as a knight in shining armor, preventing hackers and snoopers alike from gaining access to your most pertinent personal information. But, with online data becoming ever more valuable, and hackers evolving by the second, that knight may have brought a sword to a gun fight.
Despite nearly every account in your arsenal requiring a password for access, a recent Google study has found that they haven't been doing a very good job of protecting you. Between email phishing scams and third-party breaches (like Equifax), more than three billion user names or passwords were stolen between 2016 and 2017.
Admittedly, this all sounds pretty bleak. Fortunately, there is a roadmap to using passwords correctly. With the help of a few do's and don'ts, you can properly protect yourself from data hackers.
Password complexity killed the cat
Let's be honest — password requirements have run amok. Between capital letters, numbers, and symbols, websites of all shapes and sizes have gone off the deep end when it comes to forcing complex passwords on their users.
The result? Poorly-formed passwords that are hard to remember for humans and easy to guess for the most basic of computers. Skeptical? Just ask the guy that penned the advice in the first place.
“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” said William Burr, former manager at the National Institute of Standards and Technology to the Wall Street Journal. “It just drives people bananas, and they don’t pick good passwords, no matter what you do.
As the author of an eight-page password document titled “NIST Special Publication 800-63. Appendix A,” which spurred this common practice, Burr insisted that people use irregular capitalization, special characters, and at least one numeral when creating a password. While the advice is inherently sound, it opened the door to countless over-used iterations such as “P@ssw0rd,” one of the easiest passwords to hack in the history of forever.
“Much of what I did I now regret,” said Burr.
Verdict: DON'T only use a complex mix of characters and capitals!
Password size does matter
While hackers have easily figured out a way to bypass complex passwords that substitute numbers and symbols for letters, they haven't been able to figure out the length problem.
With infinitely more possible options, gaining access to an account with, for example, a 15-character password, would take decidedly more time than an account with an 8-character password. And if you don't believe me, the experts from How Secure Is My Password (HSIMP) and PassFault Analyzer (PA) will take it from here:
No matter how hard a complex password is for you to remember, computers have dozens of methods for figuring them out. They do this by trying different options over and over again at scale. But, when the password length reaches 15 characters, there's far less a hacker can do to take your password through brute force.
Verdict: DO use longer passwords!
The more passwords the merrier
You can make complex passwords. You can make long passwords. But what many don't realize is that the best defense is making multiple passwords, rather than just one.
As tempting as it may be, do not — I repeat, do not — use the same password for every single account. Should one account fall, this provides hackers with free reign to target your other accounts. Just ask the Federal Trade Commission:
“Don’t use the same password for many accounts,” reads its website. “If it’s stolen from you – or from one of the companies where you do business – thieves can use it to take over all your accounts.”
Verdict: DON'T use the same password on multiple accounts!
I know it's a pain. The prospect of remembering 15 different passwords for your various accounts sounds exhausting, overwhelming, and a little bit impossible, particularly when 15 accounts is a serious underestimation. Fortunately, password managers are here to save the day.
Password managers will store, protect, and encrypt your many passwords, and even generate secure ones for you, and you'll only need to remember one “master password” (just be sure to make it no less than 15 characters). From then on, the password manager will securely recall all your other ones, autofilling them for you as you log into your accounts. All the while giving you hassle-free access to enjoy your digital life.
Read more about securing your personal information on TechCo