Passwords are the keys to everything in our digital lives, which is why it's important to not only keep them safe, but select passwords that are secure even from the moment we start using them.
Sure you can use a password manager, or even a security key. Both are excellent options to helping secure your data and online identity. But sometimes a password is just what you need. There are actions you can then take to try and make these strings of characters as strong as possible. These five steps are what security professionals recommend to keeping your passwords strong from the start — and keeping them that way too.
A longer password is often a better choice than something shortGetty Images/iStock
Longer than 12 characters
To start, use a password that at a minimum has 12 characters or more.
In fact, McAfee's chief information security officer, Arve Kjoelen says to be cautious if you find yourself on a site that says your password can't be more than a dozen characters long.
"If the maximum password is 12 characters, you should contact them," he said.
Use a mix of words and other symbols
Dave Hatter, a cybersecurity consultant out of Cincinnati, Ohio says the idea of changing your password regularly, once considered a core security step, isn't part of the regular guidance anymore. He notes that people started using terrible passwords as they had to keep adjusting it, which only made their data more vulnerable.
"If I have to keep changing my password, I'm likely to pick something stupid, and likely to use across multiple accounts, which is bad," he said.
Instead one of his suggestions is to replace, in a long string that you'll remember, some of the letters with numbers or other symbols. But make it something easy to recall — like a sentences or a phrase.
Using a phrase, instead of a word, can help you remember your passwordGetty Images/iStock
Pick a phrase
If you think of it, a long phrase is actually just another string of characters, but one that actually makes sense itself contextually. It's a great way to both create and remember a password, and one that both Hatter and McAfee's Kjoelen recommends.
But Hatter warns to make sure the phrase you select is not something easily discovered on your social media account. Hackers have gotten pretty smart about finding personal information about people, phishing for more, and then running social engineering attacks to glean as much personal details to help them get into someone's accounts.
What that means is that if your Facebook backdrop and profile is of a pug, "ilovepugs" is probably not the phrase you want to go for in your bank account password field.
McAfee's Kjoelen also suggests adding a character in between each word of the phrase, just to make that password a bit more different as well.
Don't reuse a password
Look, with as many sites as we need to access today, it's very understandable that people would try and reuse the same password, or variation of it, across as many logins as they need. But that's really one of the worst mistakes you can use.
"The biggest thing I would say is just don't reuse your passwords," said Jim Miller, senior security engineer for Trail of Bits' cryptography team. "Especially don't use the same one for banking, and the same one at a sketchy one-off website."
The problem usually starts when one of those sites — maybe a random site that sells running socks — gets hacked. Perhaps they don't use strong security measures like hashing and salting, which makes them vulnerable to a hacker. Then, when that site's database is cracked open, there's your password. And it's not just the key to buying running gear, but also the same key to your bank, and your medical records and perhaps your credit card and insurance company. Now a hacker has a user name and a password that unlocks all of these sites, and grants them the ability to go in there and make charges or transfers.
It's definitely more difficult to remember all of these different passwords —and why a password manager, even Google's Password Manager, with built-in Password Checker, may be worth considering. But in the long run your bank account will thank you.
Use multi-factor authentication if it's offered by a company Getty Images/iStockphoto
Multi factor authentication
Ultimately, says McAfee's Kjoelen, he sees the future of security sitting less with passwords and more with multi-factor authentication. This is typically a second step people are asked to take after they type in a user name and password. A site could then ask you to enter a specific code, but send that code your email or to your phone number, which helps to authenticate that the person trying to log into that site is really you. Sometimes this is a push notification — sent to your specific device — and ask you to either accept to deny the authentication.
That's why Kjoelen believes if a site gives you the option to use multi-factor authentication, take it.
"If you look at the criminal element, they're going to take the easiest way," he said. "If you have multi-factor authentication, and someone else doesn't, [hackers] are going to choose the easier way."
Introduction of The GearBrain, The First Compatibility Find Engine for Smart Devices www.youtube.com