Most security hacks are preventable.
Failure to create secure passwords leaves many people vulnerable to attack, including celebrities and even corporate-level IT leaders who should know better.
You probably are aware that the majority of people use incredibly weak passwords and reuse them on different websites. Among the most popular–123456, 123456789, password, and admin!
You may also be familiar with the standard advice that passwords should–
- Be at least 12 characters in length.
- Avoid names, places, and common dictionary words.
- Avoid any terms searchable on your personal history/online footprint.
- Integrate numbers, capital letters, lower case letters, and symbols.
- Avoid easy substitutions, e.g., F1do in place of Fido can be easily hacked.
Following those guidelines, all you have to do is alternate caps on and off and randomly hit 15 or so characters to come up with something virtually impossible to guess, e.g., 73o)t&g+Vr*3hZ4$t9. Many of us are hesitant to create passwords with so many layers of complexity, a reaction compounded by the fact that security experts tell us to create different passwords for each of our website accounts.
A password manager like Dashlane–(basic version free with apps for every platform and compatibility with all major browsers) solves the latter challenge, though it can be difficult to remember even one gnarly password. The easy solution of affixing a post-it note with a master password on your computer is NOT recommended unless you happen to have a desktop in a private home office that is under lock and key.
Do passwords have to be so complex?
Unfortunately, financial and other high-security sites require complexity. So, you’ll need at least a few passwords like the above. However, a number of analysts claim that length is more important than the degree of difficulty as long as you be careful to avoid predictably nonrandom patterns, as with–“myfavoriteicecreamischocolate.”
After analyzing large dumps of passwords, hackers have learned that we tend to select passwords that incorporate (1) an uppercase first letter (usually a consonant) (2) followed by a vowel, (3) ending with a one or two digit suffix, most often comprised of 1’s or 2’s, e.g., J@nes22. Any symbols will usually be found in the middle to replace a letter of similar shape (e.g., @ instead of O). Remember to avoid these predictable structural elements.
Another technique is to select random words for passwords (e.g., nave platypus scion plastic redeem). Diceware makes that process easy by rolling dice to do the job for you. All you have to do is remember them.
Consider choosing a master/root password that is meaningful to you, but not others. A root word could be something like “kOdiakbeAr” (Kodiak Bear). You could then create pre and post portion segments that make sense to you for each of your website accounts. For your Facebook account, that could translate as something like LeankOdiakbeAr0791 (Lean, the nickname of your BFF followed by a suffix with her birth year reversed). For LinkedIn, you could have kcirkOdiakbeAr0791twosons (Rick, your closest LI contact spelled in reverse in the prefix, with the suffix based on his having two sons).
Is this option as solid as the more complex random choice of letters, numbers, and symbols described above? Absolutely not–but if a hacker compromises one of your passwords created with this formula, your other passwords will still be hard to crack.
Among the many additional strategies for increasing your security–
- Use multi-factor authentication when logging into an unrecognized device. You will be sent an authentication code on your mobile that you then input to verify your identity.
- Create false answers to password questions. Hackers can find the answers to questions like your mother’s maiden name, your schools, etc. So, lie; just make sure your lies are