Creating a strong password may seem like a daunting task, especially when the recommendation is to have a unique password for each site you visit. Anyone would be overwhelmed if they had to create and memorize multiple passwords like Wt4e-79P-B13^qS.
As a result, you may be using one identical password even though you know it’s unsafe and that if it gets compromised all your web information is exposed. Or you use several passwords, but they are all short simple words or include numbers that relate to your life they are still too easy to guess. Or, if you made hard-to-remember passwords (probably because your business or a website forced you to) then you likely have a list of the passwords right next to your computer – even though you know this also compromises your safety if others use your computer.
Here are some concrete steps you can take to improve the security of your passwords:
1. The longer the password, the better – Experts recommend creating passwords that contain a minimum of 8 characters. If your password protects something sensitive, like access to your bank account, then use a minimum of 12 characters.
2. Use everything available on your keyboard – Numbers, upper- and lower-case letters, and symbols all help to exponentially increase the strength of your password.
3. Throw away dictionary words – You should never use common words or names within passwords. This rule can be extended one step further for those passwords protecting highly sensitive data to include compounds of multiple words. “IloveLabraDorReTrievers” is not a secure password if the information it’s protecting is of high import.
4. Avoid commonly used password patterns – A 2013 study by DARPA, the Defense Department’s research agency, found that about half of all passwords used at a Fortune 100 company followed five common patterns, 3 of which are listed below:
• One uppercase, five lowercase and three digits (Example: Komand123)
• One uppercase, six lowercase and two digits (Example: Komando12)
• One uppercase, three lowercase and five digits (Example: Koma12345)
5. Use unique passwords – Don’t cycle through the same set of passwords or recycle one across different services because that only diminishes the benefit of using a strong password. Research by Joseph Bonneau at the University of Cambridge shows that 31% of users reuse passwords in multiple places. When one of those reused passwords becomes compromised, the impact to the user is amplified.
6. Be careful where you store your passwords – Do not store your passwords in spreadsheets or upload them to the cloud unless it’s within an encrypted file. If you are going to store your password somewhere (Cloud), use a reputable and secure password manager such as Webroot SecureAnywhere®, Internet Security Plus and Webroot SecureAnywhere® Complete offer a password manager as an additional online security tool.
7. Two-factor authentication is your friend – This adds a layer of protection against hackers logging in with a stolen password. With two-factor authentication, the user must have her cell phone in order to verify her identity in addition to the username and password.