Passwords are important. Passwords are the first line of defense for most of your data online. Passwords are the biggest threat to your online security.
In terms of online security, most people concern themselves with the security of the application storing their data. When was it's last data breach? Does it have "bank-level" encryption? That's all well and good, but many of us neglect to give any attention to the one thing we contribute to the equation: our passwords.
The most secure application in the world cannot protect you from a weak password.
Password strength can be a complicated subject, and most people don't have time to research and understand it all. Thankfully, you don't need to know it all to create a secure password. You need to follow best practices. Secure passwords generally have three characteristics: they are unique, long, and random.
Unique
Passwords should be unique, meaning you only use a password once. Yes, that's in direct opposition to you having four variations of the same password that you use across 25 accounts, or worse, one password for everything. It would be best if you had a separate password for every account, application, device, etc.
Having a unique password protects you if one of your passwords is compromised. If you're the victim of a data breach (chances are incredibly high that you are), you may be using a password to which a bad actor already has access. Wouldn't it be a shame if that password unlocked every online account you have or even just a handful? What if that password linked to both your social media and your bank account? You can imagine you might be spending a significant amount of time going through each account and updating your passwords, hopefully before a bad actor had time to use the leaked password. On the other hand, if all of your passwords are unique, the aforementioned bad actor would only have access to the leaked account, requiring a simple, single, password update.
Long
A good password is a long password. The longer you can make them, the better (most of my passwords are between 25 and 50 characters). Why the length? A brute force hacking attempt takes time. The bad actor runs a program that systematically cycles through every possible character combination until it determines the correct password, which it always does if given enough time. The longer your password, the longer it takes for this program to do its job, and the better chance you have of stopping the hacker before they can get into your account.
Random
A good password is random. If you don't get anything else from this post, get this: your password should not have any information in it that is unique to you. No birthdays, anniversaries, family member names, etc. If your password is related to any of this information, it makes itmucheasier for a hacker to break. All they have to do is find this information on you and plug it into their brute force program mentioned earlier, and the time it takes to crack your password is significantly reduced.
Ideally, your password would be a bunch of random numbers, letters, and symbols (i.e., eoq65U2O7sBMfRrfj*O7
). However, you can also get away with a long random phrase that is easy to remember, such as Ireallyliketoreadbooks
. There are some conflicting theories on which approach is better, but both are better than a short, non-random password.
Password Managers
All of this may all seem like a lot. There's a reason most people re-use the same password or some variation of it over and over. It's impossible to remember a long, random password for every online account you have, that's why we have password managers.
A good password manager will encrypt and store your unique, long, random passwords for you behind one super-secure master password, so you'll only ever have to remember one password. There are a lot of great password managers out there with several excellent features. The three most popular are LastPass (which I use), 1Password, and DashLane. They come in at various price points, all with similar features.
So get out there, get a password manager, and secure your online accounts with unique, long, and random passwords.
Do you have any questions or additional tips for creating secure passwords? Please share them in the comments below.