The average person has to remember between 80-100 passwords to log in to all their websites and apps, according to a recent survey by NordPass. So, it’s no wonder most people use simple passwords that are easy to remember. However, re-using the same weak passwords will also make it easier for hackers to steal your personal information, such as your bank details. Here’s everything you need to know about how to create strong, memorable passwords to protect your identity online.
Why You Need a Strong Password
According to the most recent Verizon Data Breach Report, over 80% of data breaches (or unlawful private information access) were caused by poor password security. That’s why it’s so important to create strong, unique passwords for every site and app you use.
If you feel like your computer has been hacked or infected with a virus, HelloTech is here to help. We have thousands of technicians across the country who can come to your home and remove a virus from your computer or answer any other questions you have in person.
What Makes a Password Strong?
A strong password should contain at least eight characters, with upper-case and lower-case letters, numbers, and symbols. Avoid using common words or any personal information. Also, don’t use the same password for different sites, and remember to reset your passwords at least once a year.
- Use at Least 8 Characters
Even if you keep your credentials secret, hackers can use “brute-force” software to guess your username and password. These cheap computer programs can cycle through millions of random combinations per second until they find your login information.
So, the longer your password is, the harder it will be to crack.
The Federal Trade Commission advises you to create passwords that are at least 12 characters long to be safe. However, the National Institute of Standards and Technology only suggests using passwords at least eight characters long.
To illustrate why longer passwords are always better, a recent study from Hive Systems, a Virginia-based cybersecurity company, found that any password under eight characters could be cracked in a matter of seconds or “instantly,” while passwords over ten characters could take up to 34 years.
- Avoid Words from the Dictionary
One type of brute-force attack, known as a “dictionary attack,” allows hackers to try your account against every word found in the dictionary. So, you should avoid using common words in your password, even if you add more characters or swap out letters and numbers.
- Don’t Use Personal Information
While most hackers will use tools to guess your password, others will try to find information by looking at your social media pages or sending you phishing emails. So, you should avoid using personal dates and names in your passwords, especially if you talk about them online.
Hackers will also try your account against the most commonly used passwords, so you should also avoid using any common names, number combinations, or dates. A hacker might not know your dog is named Princess, but it is a common pet name and also one of the most common passwords used in the US, according to NordPass.
- Add Upper- and Lower-Case Letters, Numbers, and Symbols
The strongest passwords will contain a combination of upper-case and lower-case letters, numbers, and symbols. However, hackers also use programs that will cycle through symbols and numbers, so using “Password123” or “P@ssword” instead of “Password” won’t be much of an improvement.
According to the study from Hive Systems, using a password with ten lower-case letters can be cracked in as little as four minutes. But just by adding upper- and lower-case letters, symbols, and numbers, that same ten-character password could take up to five months to crack.
- Create Unique Passwords for Every Site
If you use the same password to log in to lots of different sites, you make a hacker’s job easier. All they have to do is access one of your less-protected sites, find your password, and then they can use it to access all your other accounts, where more important data is stored.
For example, it’s usually easier for hackers to breach your gym’s website than your online bank account. But, if you use the same passwords to log in to both websites, a hacker that breaches your gym’s network could easily try that same password to gain access to your highly-secure banking website.
- Reset Your Passwords Every Year
Even if you create strong passwords for all your sites, the National Institute of Standards and Technology recommends resetting them once a year or whenever they have been compromised. This is because hackers will occasionally breach large companies and steal millions of login credentials at once.
In fact, there are now over 15 billion stolen passwords being sold on the dark web. According to a 2020 report from the Digital Shadows Photon Research team, these credentials were obtained from over 100,000 breaches, and they are sold for just $15 on average.
If you learn your passwords may have been leaked, you should change them right away, especially if you use the same passwords for multiple accounts. Some sites and apps will let you know when your data might have been compromised, or you can use tools like the Password Checkup on Google Chrome to see if your passwords have been leaked.
Read More: How to find your compromised passwords on any device
How to Remember Your Passwords
Memorable passwords trigger some association in you that allows you to easily remember them. The challenge is to create associations that no one else will be able to guess. Or you can try to disguise those associations with random characters and capitalizations.
Let’s say you were married on June 29th, 1999. No matter how you hide the actual date, it would be relatively easy for a hacker to crack. However, if you choose a memorable event from that date and use that in your password, it becomes much more difficult to crack.
Perhaps someone tripped and fell into your wedding cake at the reception. That is not something you are likely to forget, and it is strongly associated with your wedding anniversary. If you add the date first and then use random capitalizations to mix things up, you could end up with a password that looks something like this: #29of6=cAK3dis@STer.
This password would be a challenge for even your closest friends to decipher, let alone a random stranger. Still, all the associations you need to remember are there and should make it easier for you to recall when you need to.
To make it even easier for you to remember which password goes with which application, try to find a way to link the password to the application it is being used for. For instance, in the above example, you use that password for your joint bank account because it is related to your marriage.
Use a Password Manager Instead
If you still can’t remember your passwords, you might want to try a password manager instead. These programs allow you to store all of your passwords in one place securely. Some of these programs also include password generators that can help you create strong passwords for all your sites instantly.
Password managers can also help you set reminders to let you know when it is time to reset your passwords. Some will even notify you when your personal information has been leaked in a breach, so you know to reset the password immediately.
Read More: The best password managers for any device
If you’re looking for a password manager, you can get Dashlane for free as a HelloTech member. With a HelloTech Home membership, you also get round-the-clock help for any of your connected devices. As a HelloTech member, you can call or chat with our professional technicians 24/7 or schedule a visit from an expert technician to quickly identify problems and provide immediate assistance for any of your connected devices.
