Why Your Passwords Are Failing You: Tips for Creating Strong, Secure Passwords
The safest way to manage your passwords is by using a password manager. Without one, you’re likely using an easily crackable password like “baseball” or “12345,” or reusing a single complex password across multiple sites. Password security is crucial, and taking steps to protect your passwords is essential.
Even the best password manager can’t protect you if you store weak passwords in it. You need to replace old, weak passwords with new, strong ones.
After upgrading all your passwords to strong, unique ones, you can relax a bit, at least until a data breach occurs. The National Institute of Standards and Technology (NIST) no longer advises changing passwords every 90 days. Instead, NIST suggests using long passphrases like “Correct-Horse-Battery-Staple” and changing them only when necessary. If you have weak passwords, “when necessary” means now.
So, what makes a bad password? Here are some characteristics and tips for creating strong passwords:
1. Avoid Dictionary Words
Every few months, news outlets publish lists of the worst passwords. Common entries include easy-to-type sequences like “12345” and “qwerty.” These passwords are simple for you to type but also easy for hackers to crack. Other poor choices are simple dictionary words like “baseball,” “monkey,” and “starwars.”
Hackers often use automated technology to cross-reference email addresses with popular passwords. If your password is on their list, they can easily gain access to your accounts. Secure websites use hashing algorithms to store passwords, which makes it difficult for hackers to reverse-engineer the original password. However, hackers can still crack weak passwords if they know the hashing function used by the site. To avoid this risk, use passwords that aren’t based on common words.
2. Be Unique
A friend once shared her “perfect” password: “1qaz2wsx3edc4rfv.” It was easy for her to type by sliding a finger down the keyboard’s columns, but using it everywhere was a big mistake.
Data breaches happen frequently, exposing thousands or millions of usernames and passwords. If you reuse passwords, a breach on one site can compromise your accounts on others. If a hacker gains access to your email, they can lock you out and use password reset links to take over your other accounts.
3. Avoid Personal Information
Using personal information in your passwords is tempting but dangerous. Names of pets, family members, or birthdates are easy for hackers to guess. Many personal details can be found online through social media or public records, making it easier for hackers to crack your passwords.
4. Secure Your Password Recovery
If you don’t use a password manager, you’ve likely forgotten passwords before. Most sites offer a “Forgot your password?” link that sends a reset link to your email or lets you answer security questions. Unfortunately, these questions often involve easily obtainable personal information.
When possible, create your own security questions and answers. If the site doesn’t allow that, use memorable but false answers to standard questions. For example, you might use “Fauci” as your mother’s maiden name or “More Science High School” as your school. Store these answers securely if you’re worried about forgetting them.
If you’re convinced that common passwords are a bad idea, here are some steps to improve your password security:
- Use a password manager
- Switch to a better password manager if necessary
- Create and remember a highly secure master password for your password manager
- Use a random password generator to replace old, weak passwords
- Enable multi-factor authentication wherever possible
Even if a secure site experiences a data breach, having long, strong, and unique passwords will help protect your accounts from password-based attacks.
Newer Articles
- Samsung Unveils AI-Enhanced Foldables and Wearables
- Apple Introduces New iPad Lineup: Key Upgrades and Features
- How To Maintain A Healthy Lifestyle Over 50
