Keep Your Password Secure with These Expert Tips
Strong passwords help ensure you don't fall victim to cybersecurity attacks. Learn the best practices when creating your password.
By Brian Segal
Password security is already critical to any cybersecurity system. But it’s becoming more vital every day.
Cybercrime is a rapidly expanding industry. And human errors cause most cybersecurity breaches. Creating strong passwords and managing them properly helps prevent cybersecurity breaches and helps mitigate the impact of a breach, if one occurs. So here are some password security tips to help you create better passwords and keep them safe.
Importance of Password Security
Passwords are critical in cybersecurity, since passwords grant authorized access and prevent unauthorized access to accounts and systems. The importance of password security is that stronger passwords provide better protection against cyber attacks. Strong passwords are hard to guess and only get used on one system or account.
A tertiary aspect of a strong password is that it’s easy to remember. Passwords that are difficult to remember tend to get reset more often than is necessary. And it’s common for people to write their password down or keep it recorded on a device if their password is difficult to recall.
Both of these tendencies weaken even the strongest passwords. The tips in this article will help you create passwords that solve all of the big three password challenges: making your passwords hard to guess, easy to remember, and only used to access one resource.
Strong Password Examples
A strong password example is: 90-Ball-Recording-Wy. This is a long password that’s difficult to guess. It has special characters and numbers. It’s formatted so that it’s easy to remember. And it contains no personal information.
However, as you may have noticed, this example of a strong password is not just a random string of characters. And it doesn’t have to be. Actually, it’s best if your password is not just a random string of characters. You’ll see why when you read these password security tips.
Password Security Tips
These are the basic password security tips: opt for a longer password over a more complex password, use passphrases to create long passwords that are easy to remember, and use a different password for each account. Just following these simple password security tips will dramatically improve your password security.
However, it’s best if you go a little further with your password security. The more thoroughly you implement these password security tips, the stronger your passwords will be. Here are all the details of how to maximize your password security.
1. Avoid Personal Information
It’s tempting to use certain personal information in your passwords. Personal information is extremely easy to remember. Why not throw in your birth year or date? What’s wrong with using the numbers of your address to satisfy the requirement for a number in your passwords?
The problem with including personal information in your passwords is that much of your personal information is publicly available on your social media profiles and other online databases. A password that contains your personal information could be guessed simply by gathering some information from the internet.
Additionally, using personal information in your passwords exacerbates the effects of a compromised password. If your password contains personal information, an exposed password could compromise other accounts, even if you follow all of the other password security tips in this article.
Your personal information is used to help recover lost passwords or verify that it’s you who’s attempting to log in to an account. If your passwords contain personal information, a compromised password could be used in social engineering scams or to get through identity verification on your other accounts.
2. Longer is Stronger
Complex passwords are good. But making your passwords longer gives you much more bang for your buck in terms of password security.
One method of cracking passwords is called a “brute force attack,” where a bad actor uses a program that tries all the possible passwords, based on the available characters (letters, numbers, special characters). Adding even a single digit to your password adds a significant number of possible passwords that must be tried in a brute force attack.
Making your passwords several characters longer can increase the time it takes to crack them using a brute force attack by literally centuries.
Obviously, it’s important to use a combination of letters, numbers, and special characters. But making your password longer does much more for password security than making your password more complex.
The easiest way to create a long, secure password without making it ridiculously difficult to remember is to use a passphrase. Here’s how to create a strong password using a passphrase:
Use three to four words. Use random words. A password generator can help, if you have a hard time choosing random words.
Include a number.
Replace the spaces between the words with a special character like a dash or period. You can use the same special character between all the words to make your password easier to remember.
Remove the vowels or consonants from the first or the last word in your passphrase to make sure your passphrase has a non-dictionary word.
Use a passphrase that’s easy to visualize. That way you can use visualization techniques to remember your passphrase.
That’s how we came up with our “90-Ball-Recording-Wys” password example. It’s three words. The last word has the vowels removed to make sure it doesn’t match a dictionary entry. And the number isn’t anyone’s birthday or address.
If you use a passphrase like the one we created, you’ll have the most secure password you can come up with. Just don’t use our example, because it’s already been published.
3. Use Two-Factor Authentication
Two-factor authentication makes a strong password even more secure. Using just a password is single factor authentication. Using a password and a code that’s sent to the user’s phone via SMS is two-factor authentication.
There are multiple two-factor authentication methods. But simply adding the second layer of security makes it much more difficult to breach an account or system, since the criminal will need access to the password and the second authentication device.
The most common two-factor authentication method is SMS two-factor authentication, where the user enters their password, then receives a text message with a code that they must enter before they can log into their account.
SMS two-factor authentication is the least expensive, easiest to scale, and requires no additional software. So it’s one of the best—if not the best—two-factor authentication method, because you’ll be able to implement it, and your users will be able to use it.
4. Don’t Use the Same Password Twice
This one makes sense to most people. But it’s still tempting to use the same password over and over, just for the sheer convenience. Reusing passwords is worse than you might think, though.
If you reuse passwords, a single compromised password could compromise several of your accounts. That turns any password breach into a potential security disaster. And you’ll have to change all of your passwords if just one of them gets exposed (which is a mere inconvenience compared to all of your accounts being compromised).
In short, use a different password for each account. And you’ll still be able to remember all your passwords if you follow the passphrase tip that we presented earlier or use a reliable password manager that will store all your passwords in one place.
5. Update Passwords Regularly
The best practice is to change your passwords every 60 to 90 days. It’s difficult to monitor your passwords thoroughly enough to know whenever one of your passwords is compromised. Changing your passwords regularly helps ensure that an exposed password doesn’t lead to a severe security breach.
You may even need to change your passwords more often, if you have especially sensitive information that must be secured or if you’re in a position where your cybersecurity defenses are frequently tested by cybercriminals.
If you feel you need additional password security, you can update your passwords every 30 days. That will keep your passwords in consistent rotation, and make it especially challenging to use an exposed password to breach your security systems (and even more secure if you combine frequent password changes with two-factor authentication).
If you follow these password security tips, your passwords will perform as intended and keep your information secure, without forcing you to wrack your brain every time you log into an account or system.