Passwords: Changing with the Times
October 03, 2022
It’s commonly understood that your password is your first and typically best line of defense for private data and information. Yet, reports show that more than 2 in 3 people reuse the same passwords across multiple accounts – one of the biggest “no-no’s” in the book!
In the not-so-distant past, the generally accepted requirement for passwords on many websites was:
- At least 8 characters
- At least one uppercase and one lowercase letter
- At least one number
- And often a special character
These passwords held up the best because they were (at the time) complex and protected against the guesswork types of hacking that were once popular. Today, cybercriminals have access to much stronger computing power as well as newer, more complex means of hacking.
Familiarize yourself with the steps listed below to create a strong password and evaluate whether you need to rethink your own password security.
1. Never reuse passwords: Reusing the same password across multiple accounts puts you at extreme risk of various cybercrime attacks such as credential stuffing, a very simple and effective tactic which sees cybercriminals test stolen credentials against a big sample of websites all at once. Once in, depending on the accounts and sites that are able to be accessed through this attack, cybercriminals can:
- Seize control of your bank account assets
- Access personal information, such as your Social Security number to steal your identity
- Use your information to harm others via phishing attacks
- Sell your credentials and personal information to other cybercriminals
2. Never use personal information: Despite what you may have been told in the past, no password should ever include references to any easily obtainable personal information such as names or birthdays. A good rule of thumb? If the information is widely known to others or can be easily found via your social media accounts, don't use it.
3. Combine letters, numbers, and symbols: As in the past, the average "secure password" should still include a wide variety of random characters, numbers, and letters. The difference, however, is HOW these different letters, numbers, and symbols are combined - more on that in tip #4 below.
4. Avoid using common words and patterns: Through the use of malicious programs, cybercriminals can very quickly comb through a vast amount of words and patterns to crack passwords. As noted in tip #3, you are highly encouraged to utilize a wide variety of various letters, numbers, and symbols. So, for example, instead of using "kittycat123" for your password, it's suggested that you use something more along the lines of "K1ttYcAt32@34!"
- Bonus Tip: Concerned about not being able to remember a password like this? Consider investing in a password manager. These programs are generally affordable and can be used to safely and securely store you password information.
5. Prioritize password length: No longer, in most cases, should you rely on the outdated 8 character recommendation. The best passwords are those that are at least 12 to 16+ characters long. In conjunction with tip #3 and #4, complex is key here.
6. Continue to evaluate and adjust your password security: Many of us have accounts that require us to periodically update our passwords. When it comes time, don't just add one or two new characters in place of another. Additionally, do not think that simply rearranging words is any better. Creating new, unique passwords based on the tips above will be your safest and best bet.
Worried about how secure your passwords are? Put them up to the test! Security.org provides a completely free and secure tool to quickly test the effectiveness of your passwords. While you're at it, take a look at our blog: 15 Tips to Keep Your Data Private.
This content is for informational purposes only. Readers should under no circumstances rely upon this information as a substitute for their own research or for obtaining specific advice from their own counsel.