Make them long
In 2012 a hacker developed a 25-gpu cluster that was able to crack any 8-character windows password in less than six hours. Since then, brute force attacks have improved even further, and now anything under 12 characters is vulnerable to being hacked. So, we recommend always going for long passwords with at least 13 characters.
Use all types of characters
You can use plenty of characters to create a password: uppercase, lowercase, numbers, and symbols. The more you use, the harder it is to crack. While it might seem easier to create long (yet rememberable) phrases, these are easier to hack than completely random passwords. Dictionary attacks, for example, can quickly go through all the words in a dictionary to crack any passphrase.
A unique password for every account
After you come up with a strong password, it’s tempting to use it on all your online accounts. You should never do this. Credential leaks happen all the time, and hackers can get access to your credentials by hacking companies’ websites or servers. This is something that you can’t control. However, it’s one thing to find out that one of your accounts’ credentials has been leaked and change them accordingly. It’s a completely different thing to find out that the password you use for all your accounts has been hacked and you have to go through the trouble of changing all your credentials.
Use multi-factor authentication
Fortunately, technological innovation has presented us with extra layers of protection for our accounts. Nowadays, companies allow you to turn on multi-factor authentication where you need to confirm your identity with a one-time code that is sent either to your mobile device, email, or multi-factor specific apps like Google Authenticator.
Take advantage of advanced authentication methods
Devices have also developed in the past few years. It’s now quite common to unlock smartphones through biometrics like your fingerprint or facial patterns. Biometrics aren’t limited to just mobiles, though. For example, Windows 10 also allows you to unlock your computer by using facial, fingerprint, or voice recognition. There’s even the ability to use your heartbeat as the computer’s password! Obviously, this type of protection is way more secure than a password, as these traits are unique to you.
Use a password manager
If you follow all of these best practices, you’re going to end up with various long and completely random passwords. It’s a no brainer that you’ll need help to remember them, and writing them in plain sight, either on paper or digitally, is a big no-no. That’s where password managers come in.
The very first thing password managers help you with is securely storing all your credentials. Most providers offer end-to-end encryption, which means that all information in your vault will be safe, even if the companies’ servers are breached. The second key feature is helping you create strong credentials by offering password generators where you can select the number and type of characters to use.
Things don’t end there though. Password managers like LastPass provide password audits and data breach reports to warn you about repeated or weak passwords and exploited accounts, respectively. There are also features designed for businesses, which allow security managers to check everyone’s credentials to find the ones that could be an open door for hackers and prompt you to upgrade them accordingly.
The best part is that most password managers offer some of their tools entirely for free. While these won’t suffice for businesses, they might be enough for personal use. For example, LastPass allows you to store an unlimited number of credentials, generate random passwords, and trigger advanced multi-factor options, all at zero cost.
Daniel C.
Inês P.
User feedback