It’s Cyber Security Awareness Month. That means it’s time to brush up on online security best practices. Last week, we covered how to spot a phishing email. Today, I’m going to teach you how to create a strong password.
At this point, you know that’s it’s not a good idea to use “password” as a password. But did you know that the worst thing you can do is to reuse the same ones across many sites?
If you’re a password recycler, don’t worry, you are not alone. According to a recent Virginia Tech study, about 50% of people reuse the same password across platforms.
I get it – it is difficult to come up with (and remember) passwords. That’s why today, I’m going to show you how to create a strong password.
And once you have your password, I’ll show you how to make sure you don’t forget it.
Let’s get started!
4 Rules to Follow When Creating a Strong Password
Create a password that has 12 characters.
The longer the password, the better.
Use a combination of numbers, symbols, capital letters, and lower-case letters.
When a hacker tries to break into an account, they aren’t trying to guess the password themselves. Instead, hackers use programs that automatically run through massive databases of passwords.
The best defense against these programs is a long string of characters, numbers, and the works.
Don’t pick a word in the dictionary (or your pet’s name).
The first rule of creating a strong password is to stay away from obvious dictionary words. And a combination of a few words is also bad.
I also recommend you stay away from obvious names and places. For example, if your dog’s name is Marshal, you don’t want to make your password “Marshal500”. Hackers are smart. If a hacker targets you, they could find out your dog’s name through social media.
Don’t rely on obvious substitutions.
Don’t use common substitutions for letters and words. For example, you shouldn’t replace an “o” with a “0”. That tactic isn’t going to fool a cybercriminal.
How to Create a Memorable but Strong Password
With those 4 password rules in mind, it should be easy to make a strong password. For instance, you could run your fingers across the keyboard and get something like “asA$uKHAF1!@”.
It’s a strong password. It’s over the 12-character minimum and includes a mix of different characters. It’s also not found in the dictionary.
However, it’s a long password to remember. To create a memorable, strong password consider this trick:
- Think of two sentences that you are likely to remember, like: “The first apartment I lived in was 301 West Charles Street. The rent was $550 per month.”
- Turn those sentences into a password by using the first digits of each word. In the example, the password would then be “TfaIliw3WCS.Trw$5pm.”
That’s a decent password that should be able to remember. Of course, a true random password might include a few more numbers and symbols, but it’s not a bad start.
What to do once the Password is Created
Don’t tell your password to anyone!
Never share your password, even with a friend who wants access to your HBO account.
The only time it may be appropriate to share your password is with a trusted IT support desk to correct a technical problem. After the IT person fixes your problem, you should change your password immediately.
Don’t use the same password for everything.
As I mentioned at the top, it’s a bad idea to recycle passwords.
When your password on a web service gets hacked, you’d better hope you didn’t use the same password for other web services.
To prevent future hacks, you should use a different password for each website.
Change your passwords for sensitive websites.
The best passwords are the ones that change with frequency. To protect your private information, like a bank account, you should change your password every 60 – 90 days
Don’t write it down! Instead, use a password manager.
So, what exactly is a password manager? They are easy-to-use programs that save all your usernames and passwords in one central, secure location.
They make it easy to create long, impenetrable passwords for all your accounts. And they also eliminate the need to write them down anywhere. Password managers are like secure vaults for passwords. To use it, all you have to do is remember one master password that unlocks your account.
To learn more about password managers, follow this link.
A final word
Once you’ve set up your password manager and replaced all your passwords, don’t think you’re done. The best practices for cybersecurity are changing all the time. To protect your digital lives, it’s important to continue your security education.
Here are a couple of links to our most popular cybersecurity “how-to’s”: